Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

7/21/2020
04:35 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

Microsoft 365 Updated with New Security, Risk, Compliance Tools

Updates built for remote employees include an endpoint data loss prevention platform, insider risk management, and double key encryption.

Microsoft today debuted new security, risk management, and compliance tools for its Microsoft 365 platform during its 2020 Inspire partners conference. These updates arrive as organizations reconsider data protection and compliance strategies while they plan for a future of remote work.

Today's announcements include the public preview of Microsoft Endpoint Data Loss Prevention (DLP), Double Key Encryption, new Insider Risk Management capabilities, and communication compliance tools in Microsoft Teams. All are meant to help businesses better protect their data. 

"This whole shift to remote work has really increased the need for organizations to re-evaluate their security, compliance, and risk management practices," said Alym Rayani, senior director of Microsoft 365 compliance marketing, in a press briefing. "You have a lot of employees accessing corporate data at times from home computers, or sharing and collaborating in new ways, so that creates more risk and potential for data leaks for organizations."

Microsoft Endpoint DLP extends the security measures already offered in Microsoft Information Protection (MIP), a built-in tool that classifies and protects data across Microsoft 365 apps and services including Word, PowerPoint, OneDrive, SharePoint, and Exchange, on-premises or in the cloud. Endpoint DLP brings these classification and security capabilities to endpoint devices, where it identifies and protects data without restricting the use of apps, browsers, or services.

When someone takes a potentially risky action, Endpoint DLP sends an alert with policy tips and guidance to remediate. The experience carries over to third-party apps like Dropbox: If someone tries to copy a file with sensitive data to a personal Dropbox account on Microsoft Edge, they person will see an alert and the event will be recorded and available in the compliance center.

Endpoint DLP is built into Windows 10 and the Edge browser, so companies don't need to install or manage additional software to use it. Users only need to create a DLP policy once in the Microsoft 365 compliance center, then apply the policies to Exchange, Teams, SharePoint, OneDrive for Business, and now endpoint devices. The tool is now available in public preview, Microsoft reports, and it'll be released in a Windows 10 update when it's generally available.

Another risky aspect of remote work is the distractions employees face. Shared home offices, kids taking remote classes, and other disruptions could drive unintentional insider incidents, CERT research shows. To identify and mitigate these risks, Microsoft is building on capabilities introduced in Insider Risk Management, a tool released in February to detect insider threats.

Part of this involves expanding the types of behaviors that could be considered risky. Insider Risk Management will now flag insights across Teams, SharePoint, and Exchange, including sharing folders, files, and websites from SharePoint Online to domains marked "unallowed"; downloading content from Teams; and emailing outside the business to "unallowed" domains.

IRM captures signals from Windows 10 endpoints to provide data on the capture and exfiltration of sensitive information. This may include using the Edge browser to copy files to personal cloud storage, using Edge to download content from an unallowed domain, or transferring files to a network share. Businesses using Microsoft Defender Advanced Threat Protection can see when someone tries to disable MFA or install unwanted software.

Double Key Encryption, a new feature now in public preview, brings stronger protection for mission-critical data. Microsoft 365 already encrypts customer data at rest and in transit. Double Key Encryption lets businesses use two keys to protect their data: one they control and the other stored in Microsoft Azure. Both are required to view data protected under Double Key Encryption. Microsoft can only access one key, meaning it can't access the data.

This added protection is meant to help organizations in highly regulated industries – financial services and healthcare, for example – protect sensitive data, like trade secrets and patents, from cybercriminals. These businesses can add access controls to the Double Key Encryption service, store their data on-premises or in the cloud, or move highly sensitive data to the cloud.

The pandemic has forced employees to communicate electronically, a shift that has implications for regulatory and code-of-conduct compliance. To help businesses address communication risks, Microsoft is making changes to its native Teams integration. 

These include the ability to remove Teams messages that violate policy and replace them with a message explaining why it wasn't compliant. New communication compliance roles are meant to help manage roles and responsibilities across different departments, including IT, legal, and compliance. These roles are separated into different categories, including administrator, investigator, analyst, and viewer, with more granular permissions for each role. Teams will now detect repeated bad behavior over time, which lets reviewers prioritize remediation actions.

Related Content:

 

 

Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DrBernsteinNYC
50%
50%
DrBernsteinNYC,
User Rank: Apprentice
7/23/2020 | 8:51:03 AM
Re: Good update
It is a lot of work but well worth the investment.  As a managing partner of a large New Jersey medical practice, we started using Microsoft Sharepoint and Teams to unify communications throughout all of our offices.  We wanted to stay compliant with HIPAA requirements so we turned to our outsourced IT vendor,  Baroan Technologies, to help out. They helped us migrate our files from an aging file server to sharepoint and enabled these features recently to help with data loss prevention. Now I have peace of mind knowing we are identifying and protecting sensitive data so it stays safe in our EHR system and Sharepoint. 
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
7/22/2020 | 10:39:33 AM
Re: Good update
I agree its highly welcomed from the security side. But I am curious to see how our other IT brethren think about it. No one will ever say "I don't care about security." However, putting it into practice will result in more work on the other IT groups and historically that has been met with resistance unfortunately. 

What are your thoughts on that?
rubenward
50%
50%
rubenward,
User Rank: Apprentice
7/21/2020 | 6:04:33 PM
Good update
This is definitely a highly-welcomed update. 
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26244
PUBLISHED: 2020-12-02
Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issues are: 1) The IdToken signature algorithm was not checked automatically, but only if the expecte...
CVE-2020-28206
PUBLISHED: 2020-12-02
An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An "User enumeration and Improper Restriction of Excessive Authentication Attempts" vulnerability exists in the admin login form, allowing a remote user to enumerate users in the administrator group. This also ...
CVE-2017-14451
PUBLISHED: 2020-12-02
An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read which can subsequently trigger an out-of-bounds write resulting in remote code execution. An attacker can create/send m...
CVE-2017-2910
PUBLISHED: 2020-12-02
An exploitable Out-of-bounds Write vulnerability exists in the xls_addCell function of libxls 2.0. A specially crafted xls file can cause a memory corruption resulting in remote code execution. An attacker can send malicious xls file to trigger this vulnerability.
CVE-2020-13493
PUBLISHED: 2020-12-02
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an atta...