![General availability of ‘know your data’]()
Announcing general availability of ‘know your data’ (discovery and review capabilities) in the Microsoft 365 compliance center
As employees shift to working remotely, it is more important than ever that organizations prioritize protecting their business-critical and sensitive data. Your employees are accessing, sharing, creating, and storing data in new ways, and you need to make sure this is being done in a protected and compliant manner. At Microsoft, our goal is to provide a built-in, intelligent, unified, and extensible solution to protect and govern your data across your digital estate – in Microsoft 365 cloud services, on-premises, third-party SaaS applications, and more. With our Information Protection & Governance solution, we are building a unified set of capabilities for discovery, classification, labeling, protection, and governance not only in Office apps, but also in other popular productivity services where information resides (e.g. SharePoint, Exchange, OneDrive).
Know your sensitive data
The first step in the journey to protect and govern your data is getting a holistic understanding of the sensitive data in your digital estate. The data classification capabilities in the Microsoft 365 compliance center enable you to discover, classify, review, and monitor your data and establish appropriate policies to better protect and govern critical data (e.g. by applying sensitivity and retention labels or data loss prevention policies).
Today, we are excited to announce the general availability of ‘Overview’, ‘Content explorer’, and ‘Activity explorer’ capabilities to give you a holistic view of your sensitive data.
The Overview tab shows you at-a-glance the most common sensitive information types and labels used in your organization and how they are being used. You do not need to set up any policy to understand these details.
Figure 1. Overview tab showing a quick snapshot of data classification and usage of sensitivity and retention labels
The Content explorer tab provides you with a richer understanding of data at risk by displaying the amount and types of sensitive data in a document. An integrated viewer displays the full content in documents or emails for those with appropriate permissions. You can also filter by label or sensitive type to get a detailed view of locations where sensitive data is stored. Based on your feedback, we have added the ability to ‘Search’ and find sensitive files in specific locations or by specific file types or file names. You can also now ‘Export’ the meta data of content displayed into Excel, for further reporting and investigation, with a single click.
Figure 2. Integrated viewer showing contents of document in the ‘Content explorer’ tab
Note: OneDrive views in this experience will remain in ‘preview’ mode while we incorporate your feedback. We appreciate your continued support on this and thank you for your feedback.
The Activity explorer tab provides a better understanding of activities related to your sensitive data, sensitivity and retention labels , such as decreased protection due to label downgrades or changes. It helps you investigate events that could be leading towards data leak scenarios (e.g., removal of labels). Understanding these activities gives you the ability to identify the right policies for protection or data loss prevention (DLP) to ensure that your most sensitive data is secure.
Figure 3. Activity explorer tab displaying activity related to sensitive information
Customer feedback
A large financial services customer, for example, used these new capabilities to discover vulnerable data on their 8000 SharePoint sites and then prevent its overexposure, thereby reducing their risk on vulnerable data.
Several other customers have shared that they were pleasantly surprised to see the quantity and quality of insights available in Content explorer and Activity explorer, and it prompted them to create protection policies they had previously not considered. Microsoft’s IT also relies on these capabilities to ensure that the data in over 150,000 mailboxes and 300,000 SharePoint /Teams sites is protected even as a huge amount of sensitive data continues to be created and shared.
“Content explorer is a welcome addition to my remediation and tuning efforts. In the past, when I wanted to get a sense of the impact of a particular policy, we would run eDiscovery searches to know the amount of data out there that matches a particular sensitive type (built-in or custom). Now with Content Explorer, I can get a quick sense of the number of findings by simply selecting the sensitive type from the many filters available within Content Explorer. From there, I can explore those items to understand the signal to noise ratio and progress with my remediation efforts. The key is that I can quickly search for the site name and then the file name, which helps me to review content quickly without making copies of content. This used to take a lot of time but now with this tool I can do it in half the time.” John Cardarelli, Data Loss Prevention Architect in Microsoft’s IT Department
Get started
Overview, Content explorer and Activity explorer enable you to discover, classify, review, and monitor sensitive data in your Microsoft 365 services like SharePoint and Exchange ‘in place’ without having to move your data elsewhere. To learn more about how these capabilities enable you to know your sensitive information, watch this short video and see our online documentation. To experience this capability, click on ‘data classification’ in the Microsoft 365 compliance center. With a Microsoft 365 E3 license you can benefit from the Overview tab and get programmatic access to basic reporting and audit. Microsoft 365 E5 licensing SKUs (e.g. E5 Compliance and E5 Information Protection & Governance) get you access to advanced capabilities like Content explorer and Activity explorer. You can learn more about our licensing here.
We are excited to roll out general availability of these data discovery and review capabilities for SharePoint and Exchange today. We will continue to add more workloads like Office client apps, endpoints, Teams, on-premises. We are committed to expanding on these capabilities to enhance your ability to protect and govern data. We are working hard at other exciting innovations – stay tuned!
Attendees, on your marks, get set, GO!
Lace up your training shoes. Load up on the v-carbs. And start pounding the water today. The Microsoft 365 Virtual Marathon is around the corner. World class speakers prepped to be your first-class training coaches. And the content, the content is what gets you across the finish line. So much good content.
Jeff Teper (CVP, Microsoft) will be giving a keynote that’s not to be missed, plus Microsoft speakers delivering breakout sessions among thought leaders and members of the community from around the world. Review all 200+ sessions and start your Marathon training plan today.
What: Microsoft 365 Virtual Marathon to learn more | Register today
When: May 27-28, 2020 (36 hours / 2 days)
Presenters: 300+ speakers (MVPs, RDs, Microsoft and community members) from 44 countries speaking in 7 different languages
Cost: Free
Primary Twitter hashtag: #M365VM (join in)
Microsoft 365 Virtual Marathon – May 27-28, 2020 (online training)
Set your pace and jump in. The Microsoft 365 Virtual Marathon has something for everyone running the “miles” of Microsoft 365, including Azure. You’ll find no hill or valley unmapped: AI, bots, sharing, intranet, BI, admin, Teams, SharePoint, OneDrive, Yammer, Power Platform, Microsoft Graph, SPFx, security & compliance, Project Cortex, custom development, migration, search and more.
Below is a list of the Microsoft sessions | presenters – including Jeff’s keynote:
- The latest innovations in SharePoint, OneDrive, and Office for content collaboration [Microsoft keynote] | with Jeff Teper
- Microsoft 365 Live Events and remote work | Lorena Huang Liu & Christina Torok
- Knowledge and Project Cortex – the Microsoft 365 Vision | Naomi Moneypenny and Chris McNulty
- Share and track your information with lists across Microsoft 365 | Lincoln DeMaris
- Design productivity apps with SharePoint lists and libraries, Power Apps, and Power Automate | Chaks Chandran
- Connect the workplace with engaging, dynamic experiences across your intranet | Debjani Mitra and Brad McCabe
- The New Yammer | Jason Mayans
- Architecting Your Intranet | Melissa Torres
- OneDrive powers intelligent file experiences across Microsoft 365 | Randy Wong
- Collaboration and external file sharing across Microsoft 365 | Ankita Kirti
- Migration to SharePoint, OneDrive, and Microsoft Teams in Microsoft 365, free and easy | Hani Loza and Eric Warnke
- Security and compliance in SharePoint and OneDrive | Sesha Mani
- SharePoint developer overview | Luca Bandinelli
- Jump start your projects with community projects from Patterns and Practices (PnP) | Vesa Juvonen
Shout out to community members and and the #M365VM team for putting together the online race, mapping the course and for supporting and promoting the knowledge and expertise that reaffirms this: Microsoft 365 has the best tech community in the world – with the endurance to prove it.
Cheers and see you at the race,
Mark 🏃🏻
In this weekly discussion of latest news and topics around Microsoft 365, hosts – Vesa Juvonen (Microsoft), Waldek Mastykarz (Rencore), are joined by Paul Schaeflein – MVP, Developer, Technical Architect and Microsoft 365 Podcaster in Chicago, Illinois, based Addin365.
Paul is focused on helping peers and customers use the parts of Microsoft 365 that are relevant to their job. What is the Microsoft 365 opportunity for developers? Of course, that depends. Microsoft 365 provides many options. First understand and bridge the gap between what your staff can do (their knowledge) and what the service can do for you/them. Key focus areas for newbies?
Learn how to write and secure an API, understand React and now React hooks, know your native coding tool – editor, know how to use search engines to find people and information efficiently, understand how to interact with a service you don’t own and finally, keep learning.
As always, if you need help on an issue, want to share a discovery, or just want to say: “Job well done”, please reach out to Vesa, to Waldek or to your PnP Community.
This episode was recorded on Monday, May 11, 2020.
Did we miss your article? Please use #PnPWeekly hashtag in the Twitter for letting us know the content which you have created.
In this difficult time, remote work is becoming the new normal for many companies around the world. Part of this new normal is increased focus on implementing stricter security controls and data loss prevention policies within the solutions that already exist within your environment. We understand that you may be looking at our portfolio of solutions and trying to better understand how we can help provide the appropriate balance of security and productivity.
References:
This webinar was presented on Mon Apr 27th, 2020, and the recording can be found here.
Attached to this post are:
- The FAQ document that summarizes the questions and answers that came up over the course of both Webinars; and
- A PDF copy of the presentation.
Thanks to those of you who participated during the two sessions and if you haven’t already, don’t forget to check out our resources available on the Tech Community.
Thanks!
@Adam Bell on behalf of the MIP and Compliance CXE team
![General availability of ‘know your data’]()
On Tuesday, May 5th, at 12:00 pm ET, I opened up my laptop, poured some coffee and joined hundreds of security awareness professionals at the Security Awareness Virtual Summit, 2020, hosted by Terranova Security and sponsored by Microsoft. The next 3 hours were chockfull of presentations, expert advice, a hands-on workshop and a deep dive into Terranova Security training.
Speak the language of business by using data
Brian Reed, Senior Director at Gartner kicked off the day with his keynote speech: “Three Ways to Gain Support for your Security Awareness Program.” Brian focused on a problem many security awareness professionals struggle with – how to secure executive buy-in for an organization’s security awareness program. Demonstrating ROI can be hard in the absence of standard metrics, and behavior change is difficult to measure. Brian advised professionals to “speak the language of business” translating the outcomes of security awareness programs into business outcomes and drilling down into the financial implications of improved awareness.
Later in the day, Terranova Security CISO, Theo Zafirakos also highlighted the importance of measuring total cost of breach. Designing and deploying a security awareness training will incur some cost, but if done well, it will save far more in lost productivity, remediation expense and downtime.
Storytelling is your secret superpower to boost engagement
An important takeaway from Brian’s speech was the power of storytelling in improving engagement and participation in security awareness training. Brian urged security awareness professionals to harness the power of stories to build emotional connection. Humans are hardwired to respond to stories—with elements like character, obstacle or challenge and eventual triumph. Usually, Brian said, we use a traditional crime or spy story in the realm of risk and security, but for awareness programs, and he encouraged the audience to think outside the box and experiment with adventure or humorous narratives to increase engagement.
Adopt an Attacker mindset through phish simulation to detect and quantify risk
Microsoft PM Lead, @Brandon Koeller discussed the importance of simulated phishing to your training program. As Brandon said, “Phishing is THE risk, capital T-H-E” when it comes to people.
Using phish simulations that accurately simulate your threat environment will help you establish a baseline of awareness, detect vulnerable users, quantify behavior change, and demonstrate the effectiveness of training. Koeller reminded us that as security professionals we tend to inhabit a defender mindset but to truly prepare and protect your employees, you need to inhabit an attacker mindset. Phish simulation that mimics real threats in your environment – using context-specific lures and the types of emails most likely to land in your employees’ inboxes.
The expert panel, featuring Lise Lapointe, CEO of Terranova Security, Erin Csonaki and Blythe Price, Program Managers for CyberSecurity Awareness and Education at Microsoft and Bill Dunnion, Director of the Cyber Resilience Office at Calian highlighted the organizational behavior axis of security awareness – they reminded listeners that their security awareness programs are not merely compliance checklists but a key component of security culture. They urged the audience to frame security awareness training as a key tool in elevating the importance of security and cyber hygiene in the minds of their employees.
If you missed out on signing up for the virtual summit and want to catch up on the learning, best practices, tips and advice, you’re in luck. The recorded Virtual Summit is available to watch here
Let us know what you think in the comments!
