The shift to remote work over the past few months has increased the need for organizations to re-evaluate their security and risk management practices. With employees accessing corporate data at times on home computers or sharing and collaborating in new ways, organizations could be at greater risk for data leak or other risks.

To help companies with the visibility they need and better protect their data, we are announcing several new capabilities across Microsoft 365 and Azure, including:

  • New Microsoft Endpoint Data Loss Prevention solution in public preview.
  • New features in public preview for Insider Risk Management and Communication Compliance in Microsoft 365.
  • New third-party data connectors in Microsoft Azure Sentinel.
  • New Double Key Encryption for Microsoft 365 in public preview.

Read on to get more information about all these new security and compliance features rolling out starting today.

Announcing Microsoft Endpoint Data Loss Prevention (DLP)

Having the right data protection and governance approach is critical to not only addressing regulatory compliance and privacy, but also to mitigating data leak and risk. Microsoft Information Protection helps you to identify your data and ensure you have the right data classification in place to properly protect and govern that data, which enables you to apply data loss prevention (DLP) to enforce policies against that data. Data Loss Prevention solutions help prevent data leaks and provide context-based policy enforcement for data at rest, in use, and in motion on-premises and in the cloud. Microsoft 365 already includes built-in data loss prevention capabilities in Microsoft Teams, SharePoint, Exchange, and OneDrive, as well as for third-party cloud apps with Microsoft Cloud App Security.

Today we are excited to announce that we are now extending data loss prevention to the endpoint with the public preview of the new Microsoft Endpoint Data Loss Prevention (DLP). Endpoint DLP builds on the labeling and classification in Microsoft Information Protection and extends the existing DLP capabilities in Microsoft 365, helping you to meet compliance requirements and protect sensitive information on endpoints.

Built into Windows 10, Microsoft Edge, and the Office apps, Endpoint DLP provides data-centric protection for sensitive information without the need for an additional agent, enabling you to prevent risky or inappropriate sharing, transfer, or use of sensitive data in accordance with your organization’s policies. For example, organizations can now prevent copying sensitive content to USB drives or print sensitive documents.  The sensitive content labeling integration ensures consistency across all data types and reduces false positive and false negatives within DLP. Microsoft Edge works with Endpoint DLP to extend visibility and control into third-party cloud apps and services. Also, because Endpoint DLP builds on the existing DLP capabilities in Microsoft 365, you immediately get insights when sensitive data is accessed and shared directly from the Activity Explorer in the Microsoft 365 compliance center.

An image showing how you can manage your data loss prevention policies across Microsoft 365 from one location – the Microsoft 365 compliance center.

Figure 1: You can manage your data loss prevention policies across Microsoft 365 from one location – the Microsoft 365 compliance center.

The Microsoft 365 Compliance Center also now provides a single, integrated console to manage DLP policies across Microsoft 365, including endpoints.  The public preview of Endpoint DLP will begin rolling out today. For more information, check out the Tech Community blog.

New features to help you to address insider risk and code of conduct violations

Remote work, while keeping employees healthy during this time, also increases the distractions end users face, such as shared home workspaces and remote learning for children. According to the SEI CERT institute, user distractions are the cause for many accidental and non-malicious insider risks. The current environment has also significantly increased stressors such as potential job loss or safety concerns, creating the potential for increased inadvertent or malicious leaks.

Today we are pleased to announce the public preview of several new features that further enhance the rich set of detection and remediation capabilities available in Insider Risk Management and Communication Compliance in Microsoft 365.

Insider Risk Management

While having broad visibility into signals from end-user activities, actions, or communications are important, when it comes to effectively identifying the risks, the quality of signals also matters. In this release, we are significantly expanding the quality of signals that Insider Risk Management reasons over to intelligently flag potentially risky behavior. New categories include expanded Windows 10 signals (e.g., files copied to a USB or transferred to a network share), integration with Microsoft Defender ATP for endpoint security signals, more native signals from across Microsoft 365 (including Microsoft Teams, SharePoint, and Exchange), and enhancements to our native HR connector.

We are also introducing new security policy violation and data leak policy templates to help you to get started quickly and identify an even broader variety of risks.

Finally, we are also increasing integration to help you to take more action on the risks you identify. For example, integration with ServiceNow’s solution provides the ability for Insider Risk Management case managers to directly create ServiceNow tickets for incident managers. In addition, we are also onboarding Insider Risk Management alerts to the Office 365 Activity Management API, which contains information such as alert severity and status (active, investigating, resolved, dismissed). These alerts can then be consumed by security incident event management (SIEM) systems like Azure Sentinel to take further actions such as disabling user access or linking back to Insider Risk Management for further investigation.

For more information on these new features, check out the Tech Community blog.

Communication Compliance

As we embraced the shift to remote work, the volume of communications sent over collaboration platforms has reached an all-time high. Diversity, equity, and inclusion are now center stage. These new scenarios not only heighten a company’s risk exposure from insiders, but also highlight the need to support employees in these challenging times.

Communication Compliance in Microsoft 365 helps organizations to intelligently detect regulatory compliance and code of conduct violations within an organization’s communications, such as workplace threats and harassment, and take quick remediation efforts on policy violations.

Starting to roll out today, Communication Compliance will introduce enhanced insights to make the review process simpler and less time consuming, through intelligent pattern detection to prioritize alerts of repeat offenders, through a global feedback loop to improve our detection algorithms, and through rich reporting capabilities. New features also include additional third-party connectors to extend the capabilities to sources like Bloomberg Message data, ICE Chat data, and more. Additionally, the solution will see improved remediation actions through Microsoft Teams integration, such as the ability to remove messages from the Teams channel.

You can find more information about these new features in the Tech Community blog.

New partner connectors in Microsoft Azure Sentinel

Microsoft Azure Sentinel is a powerful Security Incident and Event Management (SIEM) solution that can help you collect security data across your entire hybrid organization from devices, users, apps, servers, and any cloud. Using these data sources you can build a more complete picture of the threats that your organization faces, conduct deep threat hunts across your environment, and use the power of automation and orchestration in the cloud to help free up your security analysts to focus on their highest-value tasks.

Today we are announcing several new third-party connectors across Azure Sentinel to simplify getting security insights across many leading solutions and partners, including networks, firewalls, endpoint protection, and vulnerability management.

These connectors, which offer sample queries and dashboards, will help collect security data easily and provide security insights immediately.

An image of new partner connectors provide greater visibility into external threats.

Figure 2: New partner connectors provide greater visibility into external threats.

Some of the new partner connectors include Symantec, Qualys, and Perimeter 81. You can see the full list of new connectors and learn more in our Tech Community blog.

Introducing Double Key Encryption for Microsoft 365

In today’s environment, the success of any organization is contingent upon its ability to drive productivity through information sharing while maintaining data privacy and regulatory compliance. Regulations, particularly in the financial services sector, often contain specialized requirements for certain data, which specifies that an organization must control their encryption key.  Typically, a very small percentage of a customer’s data falls into this category, but it is important for our customers to care for that specific data correctly.

To address that regulatory and unique need for some organizations, today we are pleased to announce the public preview of Double Key Encryption for Microsoft 365, which allows you to protect your most confidential data while maintaining full control of your encryption key. Double Key Encryption for Microsoft 365 uses two keys to protect your data, with one key in your control and the second in Microsoft’s control. To view the data, one must have access to both keys. Since Microsoft can access only one key, your data and key are unavailable to Microsoft, helping to ensure the privacy and security of your data.

With Double Key Encryption for Microsoft 365, you not only hold your own key, but this capability also helps you to address many regulatory compliance requirements, easily deploy the reference implementation, and enjoy a consistent labeling experience across your data estate. For more information, check out the Tech Community blog.

Get started today

Endpoint Data Loss Prevention, Insider Risk Management, Communication Compliance, and Double Key Encryption are rolling out in public preview starting today and are a part of Microsoft 365 E5. If you don’t have Microsoft 365 E5, you can get started with a trial today.

In addition, to learn more about the rest of the Microsoft 365 product updates being announced today, check out the Microsoft 365 blog from Jared Spataro.

You can also learn more about how you can modernize your SIEM with Azure Sentinel. 

To learn more about Microsoft Security solutions visit our website.  Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.