Information Security & Compliance in O365 for SharePoint

Ajay Iyer

Sr. Consultant (Microsoft)

Ajay Iyer

Sr. SharePoint Consultant (Microsoft)

Dabbling with SharePoint for over 10 years

SharePoint Online, OneDrive for Business, Search, Security &

Compliance, Migrations, Enterprise Content Management

Speaker at SharePoint Saturdays in Minneapolis, Nashville, Chicago,

Cincinnati & St. Louis

Twitter: @shankarajay1

ajiyer@microsoft.com

Objectives

Simplify and protect access

Allow collaboration and prevent leaks

Stay compliant

Secure administrative access

Requirement(s)

E3 or E5 Plan in Office 365

On-Prem AD synchronization with Azure Active Directory

(AAD)

Azure Subscription (if using Azure Information Protection)

Requirement(s)

E3 Plan E5 Plan (includes E3 features plus)

eDiscovery Legal Hold Advanced eDiscovery

eDiscovery export & case management Advanced Data Governance

IRM, DLP & Encryption

Security & Compliance

Legal

Medical/HIPAA

Intellectual Property

Medical/HIPAA

Office 365

Why Security & Compliance?

Establish Information Protection Priorities

Set Organization Minimum Standards

Find & Protect Sensitive Data

Protect High-Value Assets

Security & Compliance Center

or browse to https://protection.office.com

Security & Compliance Center

Security & Compliance Center

Data Classifications

Data Loss Prevention

Data Governance

Search & Investigation

Data Classifications

Labels

Labels are just like the old Content-Type Retention Policies in SharePoint On-Premises

Retention Policies can be applied Tenant-wide or specific mailboxes, sites, OneDrive users

and groups

Labels can be applied automatically to new & existing content, per document library in

SharePoint Online

Data Classifications

Labels

Auto-Apply Labels are AWESOME

• You don’t need to train your users on all of your classifications.

• You don’t need to rely on users to classify all content correctly.

• Users no longer need to know about data governance policies – they

can focus on their work.

Data Classifications

Labels

You can choose to apply labels to content

automatically when that content contains:

• Specific types of sensitive information.

• Specific keywords that match a query you create.

Data Classifications

Labels

Manage lifecycle of Emails & Documents using Retention Features

Retention Tags & Policies

Document Deletion Policies

Preservation Policies

Data Loss Prevention (DLP)

Data Loss Prevention (DLP)

• Policies can span all locations in O365 including

Exchange Online (EXO), SharePoint Online (SPO) and

OneDrive for Business (ODfB) or you can choose

specific payloads

• Detect when this content is shared outside your

organization

• Ability to test the policy, while it's being created

• Can customize tool tip messages & email text

Search & Investigation

Search for sensitive content in your tenant & create saved searches

Review O365 audit logs

Create activity alerts for "specific users"

Create & manage eDiscovery cases

Security & Compliance in SharePoint Online

Security & Compliance in SharePoint Online

Recommended to set Default Link Type to “Direct” or “Internal”

Security & Compliance in SharePoint Online

Recommended to limit sharing to specific domains, if possible

Security & Compliance in SharePoint Online

Recommended to set expiry on Anonymous links

Security & Compliance in SharePoint Online

If needed, restrict access to your sites based on certain IP subnets

Security & Compliance in SharePoint Online

Restrict access from apps that don’t support modern auth’n

Security & Compliance in OneDrive for Business

Restrict access from apps that don’t support modern auth’n

Security & Compliance in OneDrive for Business

Restrict access from apps that don’t support modern auth’n

Recommended to limit sharing to specific domains, if possible

Recommended to set expiry on Anonymous links

If needed, restrict access to your sites based on certain IP subnets

Cloud App Security

Cloud App Security

Enterprise-grade security for Cloud Apps like O365, Google, AWS,

Salesforce, ServiceNow, Dropbox, etc.

Provides App Discovery, Data Control & Threat Protection (e.g.

Ransomware)

Available with Enterprise Mobility + Security E5 subscription or

standalone at $5/user/month

Objectives

Simplify and protect access

Allow collaboration and prevent leaks

Stay compliant

Secure administrative access

Summary

Encourage users to set permissions on documents

Configure External Sharing policies

Configure Device Access policies

Use Labels to implement Classification-based protection

Stay compliant with retention policies on labels

Configure DLP to protect unauthorized access

Separate duties of administrators by role — SharePoint Online,

Exchange Online, and Skype for Business Online

https://support.office.com/en-gb/article/Overview-of-labels-af398293-c69d-465e-a249-d74561552d30?ui=en-

US&rs=en-GB&ad=GB#howlong

https://technet.microsoft.com/library/dn876574.aspx

Real Life Application by MSIT (Case Study) - https://msdn.microsoft.com/en-us/library/mt718319.aspx

Advanced e-Discovery in O365 (Channel 9) - https://channel9.msdn.com/Shows/Mechanics/Office-365-Advanced-

eDiscovery

Plan for Security & Information Protection in O365 - https://support.office.com/en-us/article/Plan-for-Office-365-

security-and-information-protection-capabilities-3d4ac4a1-3920-4ff9-918f-011f3ce60408?ui=en-US&rs=en-

US&ad=US

What is Cloud App Security? - https://docs.microsoft.com/en-us/cloud-app-security/what-is-cloud-app-security

Anonymize Cloud User Discovery Data - https://docs.microsoft.com/en-us/cloud-app-security/cloud-discovery-

anonymizer

Thank You

Ajay IyerSr. SharePoint Consultant

ajiyer@microsoft.com