Demystifying Microsoft 365 Cloud Security Part 3: Information Protection

Jose Briones

Demystifying Microsoft 365 Cloud Security Part 3: Information Protection

Let’s face it, the use of technology including computers, smartphones, tablets, and laptops has completely evolved. As the use of mobile technology continues to grow, more organizations have come to recognize the data shared across these devices is one of the most valuable resources to an organization. In this third installment of our four-part series on Microsoft 365 security, we’ll dive into data protection with Microsoft Information Protection (MIP).

In our previous articles in the series, we discussed protection around identity and access management (IAM) and threat protection. IAM provides the ability to manage digital identities, roles, and control access to enterprise and cloud resources. Threat protection focuses on a set of policies designed to protect an organization’s email, endpoints, applications, and identities against cyberthreats. Next on our list is data protection.

Figure 1: Four components of Microsoft 365 Defender security suite.

What Is Microsoft’s Approach to Information Protection?

MIP is a unified framework designed for products with integrated capabilities to help organizations establish boundaries around the following platforms of Microsoft 365: Azure Information Protection, Windows Information Protection, and other Microsoft services. Microsoft Information Protection helps with the discovery and classification of data, data labeling, and encryption. It is designed to help the organization understand, govern, and protect their data as well as prevent data loss.

What Is the Importance of Information Protection?

MIP has developed the capability of controlling and helping secure email, documents, and sensitive data shared outside a company’s boundaries. Information protection allows organizations the ability to protect data through their lifecycle by applying protection labels. By leveraging this tool, corporate data can have properties applied to documents, like permission levels, watermarking, encryption, and more.

In efforts to comply with business standards and industry regulations, organizations need to protect sensitive data. Information protection is imperative to organizations because it provides a level of maturity aligned to support business growth.

What Are the Features of Microsoft 365 Cloud Security Information Protection?

Understanding Your Data

With MIP, Microsoft has introduced features to help organizations understand their data landscape to identify important data across your hybrid environment (Microsoft 365, Azure, and on premises data), which includes sensitive information, trainable classifiers, data classification, and Azure Purview.

Through the sensitive information types, MIP finds data by using built-in/custom expressions or functions, which include keywords, confidence levels, and proximity. MIP uses a trainable feature to identify sensitive information by using built-in classifiers or a trained classifier specific to your content.

Through the data classification feature, users have the ability to add sensitivity, retention, or classification labels that further protect data based on the criteria defined in the label policy. Lastly, MIP has an Azure Purview feature that identifies sensitive information and applies automatic labeling to any content in Azure Purview assets, such as Azure Blob Storage, Azure Files, Azure Data Lake Storage, and multi-cloud data sources.

Data Protection

So how are these features going to protect your data? MIP provides flexible protection actions that include encryption, access restriction, and visual markings.

By using sensitive labels, organizations can provide a single solution across apps, services, and devices as data is shared across your organization or as it leaves your organization.
MIP provides Azure an information protection unified labeling client for Windows computers that extends sensitivity labels for added features and functionality that includes labeling and protecting all file types from File Explorer and PowerShell.
MIP also provides the flexibility of enabling double key encryption in which only your organization can decrypt protected content.
MIP provides features to encrypt email messages and attached documents in your Office 365 subscription so only authorized recipients can read the content.
MIP includes SharePoint Information Rights Management that protects documents in SharePoint lists and libraries.
You will also find a feature named Rights Management Connector. This feature provides protection only for existing on-premises deployments that use Exchange, SharePoint Server, or Windows file servers.
Extended features include discovery, labels, and protection for sensitive information that exists in data stores in the cloud Microsoft Defender for Cloud Apps.

Preventing Data Loss

MIP offers several features to help prevent the accidental sharing of sensitive information. MIP includes data loss prevention (DLP), endpoint data loss prevention, Microsoft compliance extension, Microsoft 365 data loss prevention, and protection of sensitive information across Microsoft apps.

DLP can be a huge responsibility, but unintentional sharing of sensitive information can be prevented from several data points with MIP. These data points include endpoints such as Windows 10, files on on-premises servers, browsers, SharePoint folders and libraries, Teams, Power BI, and many more endpoints.

Implementing Information Protection for Microsoft Cloud Security

Implementing Microsoft Information Protection can mean devoting efforts to a full-fledged data classification program. This may involve a multi-phased approach to develop a strategy, complete a risk assessment of existing data, and define compliance requirements. Additionally, look to discover where your data lives and where it is located. Locations may include cloud repositories as well as on-premises data stores. Lastly, look to develop prevention actions, which may include logging, monitoring and alerting that can help identify and remediate issues when they arise.

Implementing Microsoft Information Protection can be challenging enough, but it’s still easy to get overwhelmed with the many features offered through Microsoft 365. We recommend reviewing the security features available through Microsoft 365 and looking to enable these features in your tenant to provide improved and more secure access controls.

Need a Guide for Your Cloud Transformation Journey?

Credera is passionate about helping organizations foster cloud enablement that drives successful cloud adoption and valuable business outcomes. Our unique expertise in corporate strategy, innovation, and application development enables us to bring a holistic approach to your cloud adoption journey.

Explore Credera’s Cloud Transformation Framework to learn more, or reach out to us at findoutmore@credera.com if you have questions or would like to discuss cloud and infrastructure solutions.