This article is contributed. See the original author and article here.
There are lots of new announcements at Ignite’20 and it is the great time to reflect and summarize our journey thus far with security and compliance in SharePoint, OneDrive, and Teams. We are excited to share with you a roundup of recent new security and compliance controls in SharePoint and OneDrive and Teams. In this new norm of working remotely, safeguarding your business critical data is super important and we are here to help.
Click on the links below to learn more about respective scenarios and features. All the features mentioned below are generally available, except the ones explicitly called out as Public Preview or Private Preview.
For our Ignite 2020 announcements in Security and Compliance in SharePoint and OneDrive, check out this blog here.
User & session security
Multi-factor-authentication is new norm and our recommended scheme to identify and authenticate users accessing content in Microsoft 365. Azure Active Directory offers MFA capabilities that you can turn on for internal and external users. Check out the link above for more details.
User has lost his device and you want to sign him/her out across all sessions on all devices? We are providing you a unified session sign-out capability powered by continuous access evaluation. Check out the link above for more details.
External users, sharing, and access
Collaborating with partners and clients external to your organization is bread and butter of many businesses. With our continued investments in external collaboration, SharePoint, OneDrive, and Teams is the hub for your external collaboration teamwork. Check the links above for details.
Managing external users access is important to ensure no loss of organization’s data after the external project is completed. You can now configure a The solution is here, automatic expiration of external access for content. Check out the link above for more details.
Access governance insights in SharePoint and OneDrive – Private Preview
With growing digital data it becomes important to govern the access policies for your top sites and teams that matter the most. Access governance insights in SharePoint and OneDrive aims to help you on these regards. If interested to be an early adopter, sign-up for the private preview here.
Conditional access policies – Devices and Locations security
Azure Active Directory offers the coarse grained conditional access policies, and within SharePoint and OneDrive you can do a site specific fine grained device policies. For example, top secret sites you want to block access from unmanaged devices. Check out the above link for more details.
Control access to the content based on location IP address that user is accessing from.
Information Protection with Sensitivity labels
As part of the Microsoft Information Protection (MIP) journey, we have a series of capabilities in SharePoint, OneDrive, and Teams to protect your sensitive content and we call out a few below. We continue to invest in this journey.
The encrypted files are now treated as first class experience in SharePoint, OneDrive, and Teams, and users can search for them and also co-author in Office Apps in them.
With the scale at which digital data is growing, it is not sufficient to have manual labelling only and expect the users and administrators to manually label files. Auto classification with sensitivity labels aim to power you to automatically detect sensitive content in your digital estate and label them.
Not only at the Files level, you can also now classify and label a SharePoint site, Team, and Microsoft 365 Group and holistically secure all contents in them.
Sensitivity labels with external sharing policies – Public Preview coming soon
We are expanding the policies that can be associated with sensitivity labels, now with external sharing policy settings in SharePoint and OneDrive sites. If interested, sign-up here.
Sensitivity labels with MFA Policy – Private Preview
Multi-factor authentication (MFA) is our recommended authentication scheme for user authentication. You can now associate MFA (multi-factor-authentication) policy to sensitivity labels. If interested to try this out, sign up for the private preview here.
Data loss prevention (DLP)
To comply with business standards and industry regulations, organizations must protect sensitive information and prevent accidental leakage of organization’s data. Microsoft 365 Data Loss Prevention policies designed to help you prevent accidental data loss.
External collaboration is important for business, however, you do want to protect your sensitive files accidentally shared with external users. This feature specifically helps you meet that need. You can now block external sharing and access until a DLP scan is run on a given file that just got uploaded to SharePoint or OneDrive. Check out this feature link for more details.
Often you want to share sensitive content with external collaborators, however, you want to prevent access and sharing anyone with the link option. This new DLP rule helps you to achieve that granular control, check out the link above.
With remote working and proliferation of devices, end points have exponentially grown, we are helping you to protect and avoid leakage of sensitive content at all end points on Windows devices. Learn more about Endpoint DLP here.
Compliance – Information governance
Communication compliance is an insider risk solution in Microsoft 365 and they help you with reviewing messages in scanned email, Microsoft Teams, Yammer, or third party communication tools. Check out the above link for more details.
More organizations are becoming global and have a need to meet data residency compliance in keeping the users OneDrive and Mailbox in their home geo. Multi-Geo helps you to meet these data residency needs while at the same time offering the modern productivity experience to your global workforce.
You may have compliance need to put barriers in collaboration and communication between certain set of users in your organization to avoid conflict of interest. You can now achieve these controls in Microsoft 365, checkout the Information Barriers scenario link above.
You can meet your governance needs for retaining or deleting the content after certain period of time, check out the retention labels and policies link above.
Organizations of all types require a records management solution to meet their regulatory, legal, and business requirements. Microsoft 365 records management is designed to help you meet these requirements. Check out the link above.
Check out Microsoft 365 compliance solutions page for many more compliance features available in Microsoft 365.
Other security controls
To reduce the number of administrators with privileged global admin roles, Azure Active Directory introduced Global Reader role. This role is now supported in SharePoint admin center so that they have only read access to all things SharePoint administration. Check out the link above for more details.
Microsoft 365 has additional layer of encryption called service encryption on top of volume-level encryption thru BitLocker. Customer key is built on service encryption and enhances the ability to meet the demands of compliance requirements. To learn more, check out the link above.
Customer key for Exchange and SharePoint is already generally available. Customer key for Teams will come to private preview later calendar year 2020.
For licensing related information, check out the Microsoft 365 licensing guidance for security and compliance.
We hope this compilation of security and compliance controls was useful and informative for you.
Check out many more Ignite sessions in the Ignite website and Microsoft 365 Adoption Center: Virtual Hub. If you are new to Microsoft 365, learn how to try or buy a Microsoft 365 subscription.
As you navigate this challenging time, we have additional resources to help. For more information about how we are responding together to COVID-19, visit our Remote Work site. We’re here to help in any way we can.
Sesha Mani – Principal Group Product Manager (GPM)
Microsoft 365, SharePoint and OneDrive
Praveen Vijayaraghavan, Principal PM Manager
Microsoft 365, Teams
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.