Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

7/21/2020
04:35 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
100%
0%

Microsoft 365 Updated with New Security, Risk, Compliance Tools

Updates built for remote employees include an endpoint data loss prevention platform, insider risk management, and double key encryption.

Microsoft today debuted new security, risk management, and compliance tools for its Microsoft 365 platform during its 2020 Inspire partners conference. These updates arrive as organizations reconsider data protection and compliance strategies while they plan for a future of remote work.

Today's announcements include the public preview of Microsoft Endpoint Data Loss Prevention (DLP), Double Key Encryption, new Insider Risk Management capabilities, and communication compliance tools in Microsoft Teams. All are meant to help businesses better protect their data. 

"This whole shift to remote work has really increased the need for organizations to re-evaluate their security, compliance, and risk management practices," said Alym Rayani, senior director of Microsoft 365 compliance marketing, in a press briefing. "You have a lot of employees accessing corporate data at times from home computers, or sharing and collaborating in new ways, so that creates more risk and potential for data leaks for organizations."

Microsoft Endpoint DLP extends the security measures already offered in Microsoft Information Protection (MIP), a built-in tool that classifies and protects data across Microsoft 365 apps and services including Word, PowerPoint, OneDrive, SharePoint, and Exchange, on-premises or in the cloud. Endpoint DLP brings these classification and security capabilities to endpoint devices, where it identifies and protects data without restricting the use of apps, browsers, or services.

When someone takes a potentially risky action, Endpoint DLP sends an alert with policy tips and guidance to remediate. The experience carries over to third-party apps like Dropbox: If someone tries to copy a file with sensitive data to a personal Dropbox account on Microsoft Edge, they person will see an alert and the event will be recorded and available in the compliance center.

Endpoint DLP is built into Windows 10 and the Edge browser, so companies don't need to install or manage additional software to use it. Users only need to create a DLP policy once in the Microsoft 365 compliance center, then apply the policies to Exchange, Teams, SharePoint, OneDrive for Business, and now endpoint devices. The tool is now available in public preview, Microsoft reports, and it'll be released in a Windows 10 update when it's generally available.

Another risky aspect of remote work is the distractions employees face. Shared home offices, kids taking remote classes, and other disruptions could drive unintentional insider incidents, CERT research shows. To identify and mitigate these risks, Microsoft is building on capabilities introduced in Insider Risk Management, a tool released in February to detect insider threats.

Part of this involves expanding the types of behaviors that could be considered risky. Insider Risk Management will now flag insights across Teams, SharePoint, and Exchange, including sharing folders, files, and websites from SharePoint Online to domains marked "unallowed"; downloading content from Teams; and emailing outside the business to "unallowed" domains.

IRM captures signals from Windows 10 endpoints to provide data on the capture and exfiltration of sensitive information. This may include using the Edge browser to copy files to personal cloud storage, using Edge to download content from an unallowed domain, or transferring files to a network share. Businesses using Microsoft Defender Advanced Threat Protection can see when someone tries to disable MFA or install unwanted software.

Double Key Encryption, a new feature now in public preview, brings stronger protection for mission-critical data. Microsoft 365 already encrypts customer data at rest and in transit. Double Key Encryption lets businesses use two keys to protect their data: one they control and the other stored in Microsoft Azure. Both are required to view data protected under Double Key Encryption. Microsoft can only access one key, meaning it can't access the data.

This added protection is meant to help organizations in highly regulated industries – financial services and healthcare, for example – protect sensitive data, like trade secrets and patents, from cybercriminals. These businesses can add access controls to the Double Key Encryption service, store their data on-premises or in the cloud, or move highly sensitive data to the cloud.

The pandemic has forced employees to communicate electronically, a shift that has implications for regulatory and code-of-conduct compliance. To help businesses address communication risks, Microsoft is making changes to its native Teams integration. 

These include the ability to remove Teams messages that violate policy and replace them with a message explaining why it wasn't compliant. New communication compliance roles are meant to help manage roles and responsibilities across different departments, including IT, legal, and compliance. These roles are separated into different categories, including administrator, investigator, analyst, and viewer, with more granular permissions for each role. Teams will now detect repeated bad behavior over time, which lets reviewers prioritize remediation actions.

Related Content:

 

 

Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
rubenward
50%
50%
rubenward,
User Rank: Apprentice
7/21/2020 | 6:04:33 PM
Good update
This is definitely a highly-welcomed update. 
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
7/22/2020 | 10:39:33 AM
Re: Good update
I agree its highly welcomed from the security side. But I am curious to see how our other IT brethren think about it. No one will ever say "I don't care about security." However, putting it into practice will result in more work on the other IT groups and historically that has been met with resistance unfortunately. 

What are your thoughts on that?
DrBernsteinNYC
50%
50%
DrBernsteinNYC,
User Rank: Apprentice
7/23/2020 | 8:51:03 AM
Re: Good update
It is a lot of work but well worth the investment.  As a managing partner of a large New Jersey medical practice, we started using Microsoft Sharepoint and Teams to unify communications throughout all of our offices.  We wanted to stay compliant with HIPAA requirements so we turned to our outsourced IT vendor,  Baroan Technologies, to help out. They helped us migrate our files from an aging file server to sharepoint and enabled these features recently to help with data loss prevention. Now I have peace of mind knowing we are identifying and protecting sensitive data so it stays safe in our EHR system and Sharepoint. 
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Average Cost of a Data Breach: $3.86 Million
Jai Vijayan, Contributing Writer,  7/29/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-18112
PUBLISHED: 2020-08-05
Affected versions of Atlassian Fisheye allow remote attackers to view the HTTP password of a repository via an Information Disclosure vulnerability in the logging feature. The affected versions are before version 4.8.3.
CVE-2020-15109
PUBLISHED: 2020-08-04
In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipm...
CVE-2020-16847
PUBLISHED: 2020-08-04
Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887.
CVE-2020-15135
PUBLISHED: 2020-08-04
save-server (npm package) before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation (Tokens etc.). The fix introduced in version version 1.05 unintentionally breaks uploading so version v1.0.7 is the fixed version. This is patched by implementing Double submit. The CSRF...
CVE-2020-13522
PUBLISHED: 2020-08-04
An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can allow an unprivileged user to delete any file on the filesystem. An attacker can send a malicious IRP to trigger this vulnerability.