Scribd Logo
Upload

Welcome to Scribd!

  • Endpoint DLP Overview

    Uploaded by

    avinashsharma.in
    37 views25 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    37 views25 pages

    Endpoint DLP Overview

    Uploaded by

    avinashsharma.in

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 25

    Endpoint Data Loss

    Prevention Microsoft 365


    Information Protection & Governance
    Protect and govern data – wherever it lives

    Understand your data Prevent accidental


    landscape and identify KNOW PREVENT oversharing of sensitive
    important data across your information
    hybrid environment YOUR DATA DATA
    LOSS

    Apply flexible
    protection actions PROTECT GOVERN Automatically retain,
    including encryption, delete, and store data
    access restrictions and
    YOUR DATA YOUR DATA and records in a
    visual markings compliant manner

    Powered by an intelligent platform


    Unified approach to automatic data classification, policy management, analytics and
    APIs
    DLP Solution
    Overview
    Comprehensive support across workloads

    Future: Expand
    Exchang Teams SharePoint, Endpoint Non- On-prem to non-M365
    e OneDrive Microsoft file workloads
    Online Clouds and shares
    SaaS apps

    Unified and integrated experiences

    Guided Unified & flexible Integrated with Unified alerting & Integrated end-user
    onboarding policy management MIP Remediation experiences
    Unified and integrated
    experiences - Cloud native, no on-prem infra required
    - Out-of-the-box analytics, no policy needed
    Easy onboarding - Tailored experience for policy creation, driven by
    insights from analytics (underway)

    - Single console to control movement of


    Unified, flexible
    sensitive information across devices, apps,
    policy management and services
    & enforcement - Rich policy controls
    Admin

    Integrated with MIP - Leverage 100+ sensitive information types,


    classification & functions, custom patterns & dictionaries
    labels - Labels integrated with DLP policy (preview)

    -
    Notify data officer when sensitive data is
    Unified alerting and exposed, with rich incident details and triage
    remediation - SIEM integration – API support to retrieve
    audit and alert data, and remediate
    End user

    Integrated end-user - Native experiences in Office, Windows, Edge,


    experiences and other apps helps preserve user
    productivity
    Easy
    onboarding

    Cloud native, no on-


    prem infra required

    Out-of-the-box
    analytics, no
    policy needed

    Tailored experience for


    policy creation, driven
    by insights from
    analytics (underway)
    Unified, flexible policy management &
    enforcement

    Configure policies across


    devices, apps and services in
    the Microsoft 365
    Compliance center

    Rich flexibility in configuring


    Lorem Ipsum (future locations)
    rules and enforcement
    actions
    Integrated with MIP classification &
    labels

    100+ sensitive information types

    40+ built-in policy templates for


    common industry regulations
    and compliance needs.

    Labels as conditions in DLP


    policy
    (preview)
    Unified alerting and
    remediation
    Alert : DLP rule match detected : “CCN
    Rule” in “Sensitive Data Policy”

    Rich detail to
    triage
    2 and remediate

    API support
    enabling SIEM
    integration

    This enhanced experience is work-in-progress, not live yet


    API for analytics, SIEM
    integration
    Available via the Office 365 Management Activity API
    • REST-based API exposing audit events
    • ISVs can build rich compliance-oriented applications.
    • Customer data is not accessible unless customer grants consent to application
    • Documentation here: https://msdn.microsoft.com/en-us/office-365/get-started-with-office-365-management-apis

    2 types of DLP events:


    Exposed via this Content Type Required
    DLP event type Available Data in Activity API Permission

    • Document or Email that triggered the hit


    Read Activity Data
    Non-sensitive • User that triggered the hit Audit.Exchange
    Audit.SharePoin
    for your
    • Policy, Rule t
    organization
    • Actions taken
    • Type of sensitive data detected (e.g. Credit card)

    All non-sensitive data, plus: Read DLP policy


    events including
    Sensitive • Value of sensitive data (e.g. Visa 4916-6867-9255-1997) Dlp.All
    sensitive data
    Integrated end-user
    experiences
    Built-in experiences in Office, Windows,
    Edge, and other apps helps preserve
    user productivity

    Policy Tips help educate users when


    they
    are about to violate a policy.

    Supported across platforms:


    desktop, web, and mobile apps.
    Integrated end-user
    experiences

    Built-in experiences in Office, Windows,


    Edge, and other apps helps preserve
    user productivity

    Policy Tips help educate users when


    they
    are about to violate a policy.

    Available across platforms: desktop,


    web, and mobile apps.
    DLP enforcement across devices, apps,
    services

    Email & Documen Cloud


    chat ts services
    DLP policies for DLP policies for Office Microsoft Cloud App Security
    Exchange Online, apps, SharePoint Online, DLP policies for sensitive
    Microsoft OneDrive for Business information in 3rd-party
    Teams cloud services
    Announcing Endpoint Data Loss
    Prevention
    Identify and protect information on endpoints

    Native protection
    Built-in to Windows 10, Office Apps, Edge – no agent required

    Seamless deployment
    Cloud-delivered, lightweight configuration leads to immediate
    value

    Integrated
    Integrations (e.g. with Microsoft Information Protection)
    build on existing capabilities and focus on risks that matter
    Key customer pain
    points

    Friction Difficult to manage Effectiveness

    On-prem infrastructure “You can’t protect what you can’t see” Heavy handed lockdown
    Endpoint agent Complicated policies Siloed solution
    DLP from the ‘outside-
    in’
    Large system footprint
    Next generation Endpoint
    DLP

    Quick time to value

    Seamless

    Data-centric,
    Risk-aware
    Seamle
    ss

    Cloud delivered Built into Microsoft apps


    No on-premise infrastructure Reliable and performant DLP from the inside

    Built into Windows 10 Plug & play for MDATP customers


    No agent on Windows Just own the license
    Quick time to
    value
    Discover sensitive data on devices on day 1
    • Audit activity of common file types with rich context
    • Data classification without any policy
    • Data driven policy orchestration

    Integrated to MIP
    • Managed through Microsoft Compliance Center
    • Single click extends existing DLP policies to devices
    Data-centric,Risk-
    aware
    Data-centric protection
    • Content-centric auditing and enforcement
    • Apply sensitivity label and encryption (future)

    DLP Threat Protection


    • Prioritize incident response based on data sensitivity
    • DLP sensors and data exfil detection in MDATP
    • Risk-aware DLP policies (future)
    • Serves as Insider Risk Management endpoint sensor
    Demo
    Video
    Endpoint Data Loss
    Prevention
    Identify and protect information on endpoints

    Native protection
    Built-in to Windows 10 (1809+), Office Apps, Edge – no
    agent required From private preview customers

    “Deployment is a breeze”
    Seamless deployment “It plugs into my M365 DLP eco-
    Cloud-delivered, lightweight configuration leads to immediate system”
    value “Bridges the visibility gap for data
    on endpoints”
    Integrated
    Integrations (e.g. with Microsoft Information Protection)
    build on existing capabilities and focus on risks that
    matter

    Public preview July 30 (ETA)


    GA Q4 CY20
    Endpoint Data Loss
    Prevention
    Technical Requirements

    Operation System
    Windows 10, builds 1809 and up.

    License
    • Microsoft 365 E5/A5
    • Microsoft 365 E5/A5 Compliance
    • Microsoft 365 E5/A5 Information Protection and Governance
    • Microsoft 365 E5 Information Protection + DLP (add-on)
    Endpoint DLP
    Microsoft 365 E5/A5
    Licensing

    • Microsoft 365 E5/A5 Compliance
    • Microsoft 365 E5/A5 Information Protection and
    Governance
    • Microsoft 365 E5 Information Protection + DLP (add-on)
    Microsoft 365 E5 Compliance
    Pre-req: M365 E3/A3 or Office 365 E3 + EMS E3

    M365 E5 Info Protection & Governance M365 E5 Insider Risk Management M365 E5 eDiscovery and Audit

    Information Protection and Governance: Advanced Audit


    Insider Risk Management
    • Records Management
    Communication Compliance Advanced eDiscovery
    • Rules-based automatic classification
    and retention Information Barriers
    • Machine Learning-based automatic Customer Lockbox
    classification and retention
    Privileged Access
    Microsoft Cloud App Security
    Management
    (MCAS) Communication DLP (Teams
    chat)
    Endpoint DLP
    Customer Key Pre-req: Any M365 or Office 365 plan
    Advanced Message Encryption Pre-req: Any M365 or Office 365 plan
    Pre-req: Any M365 plan or [any Office 365
    plan + Azure Info Protection Plan 1/EMS]

    See Microsoft 365 licensing guidance for security & compliance for detailed guidance and license
    Endpoint DLP
    Roadmap

    Improvements to MIP integration Data-centric protection

    Cross-Platform, cross-browser Enhanced visibility

    Data-aware threat protection,


    Advanceddata classification
    Risk-aware DLP policies
    Q&
    A
    Thank
    you!

    You might also like