by Contributed | Sep 1, 2023 | Technology
This article is contributed. See the original author and article here.
Intellectual property (IP) theft can wreak havoc on the supply chain and defense, stripping away an organization’s, or nation’s, competitive advantage. Hackers don’t necessarily pose the biggest threat to IP. Insider threats from employees, contractors and partners pose just as big a threat (some might argue bigger) from both accidental and deliberate data loss. While IP comes in many common forms, such as documents and spreadsheets, but images and CAD files pose just as big a risk and are more difficult to protect with traditional security tools. It is possible to protect and watermark CAD files stored and shared in Microsoft 365 applications to help prevent data loss and IP theft and meet Defense compliance requirements such as CMMC. Read on to learn more.
WHAT ARE CAD FILES?
If you’re not familiar with them, computer-aided design (CAD) files are used for designing models or architecture plans in a 2D or 3D rendering. CAD files are used for creating architectural designs, building plans, floor plans, electrical schematics, mechanical drawings, technical drawings, blueprints, or for special effects in movies. They are used by every organization related to any type of manufacturing or construction, including those who manufacture tools and equipment for other manufacturers.
2D CAD files are drawings that mimic ‘old school’ drafting work. Most often these still exist as blueprints for structures where the height isn’t as critical for the design or is a standard dimension, however the layout within that 2-dimensional space is critical. For example, how do we fit our desks, chairs, tables, etc., into that space? The problem with portraying complicated 3-dimensional objects like machine parts in only 2 dimensions is that they need to be rendered from multiple angles so that all critical dimensions are portrayed properly. This used to result in a lot of drawings of the same part, but from different angles.
3D files on the other hand can be portrayed in 3 dimensions and can be rotated in space and even ‘assembled’ with other parts. This can help Engineers discover issues (such as a pipe or shaft that has been accidentally routed through another part) much more quickly so they can be resolved long before production begins.
Much like image files, there are several types of CAD file extensions (.DWG, .DXF, .DGN, .STL) and the file type is dependent on the brand of software used to create them.
CHALLENGES TO CAD FILE PROTECTION
Since most CAD files contain intellectual property or IP, protecting them is critical to protect competitive advantage, avoid malicious theft/corporate espionage and stop sharing with unauthorized audiences. Depending on the industry, different regulations and protection policies may also need to be applied to protect CAD files. For example, in the defense industry, file that contain controlled unclassified information (CUI) must be classified and labelled as CUI under CMMC 2.0, NIST 800-17, and NIST 800-53 regulations.
Out of the box tools are often limited in their ability to classify and tag CAD files to meet the stringent requirements. Additionally, CAD files are often shared and collaborated on using file shares or even file sharing and collaboration tools like SharePoint, and Teams. Without the ability to properly classify and tag information Defense suppliers are at risk of losing valuable Government and Defense contracts to accidental sharing or malicious users.
5 TIPS TO PROTECT CAD FILES IN M365
Protecting CAD files is no different to protecting any other sensitive documents in your care. We recommend you:
- Identify Sensitive CAD Files – The first step to any data protection strategy is knowing where your sensitive CAD files exist. If you don’t, you should consider using a scanning tool to find any files and apply appropriate protections.
- Restrict Access – Ensure only users and partners who require access sensitive CAD are authorized to do so. Then follow tip #3.
- Restrict Actions Authorized Users Can Take – Just because a user should be able to access a document, should they have carte blanche? For example, should they be able to edit it, download it or share it? Should they be able to access it on a public Wi-Fi or at an airport? You need to be able to apply fine grain access and usage controls to prevent data misuse and loss.
- Digitally Watermark files to provide a visual reminder of the sensitivity level of files and add information about the user for tracking purposes in the event of a leak. For Defense applications you’ll want to add CUI markings to your watermark such as a CUI Designation Indicator.
- Track Access – Keep an audit log of access and actions authorized users have taken with sensitive CAD files (print, save, download, email, etc.) and have a process in place to identify any suspicious activity (multiple downloads, access in the middle of the night, from a suspicious IP address, etc.).
DYNAMICALLY CLASSIFY, PROTECT AND WATERMARK CAD FILES WITH NC PROTECT
NC Protect from Microsoft Partner and MISA member, archTIS, provides advanced data-centric security across Microsoft applications to enhance information protection for cloud, on-premises and hybrid environments. The platform empowers enterprises to automatically find, classify and secure sensitive data, and determine how it can be accessed, used and shared with granular control using attribute-based access control (ABAC) and security policies.
NC Protect offers a range of unique capabilities to restrict access to, protect and watermark CAD files, as well as other documents, in Microsoft’s document management and collaboration application. Capabilities include:
- Classification
- NC Protect automatically applies Microsoft Information Protection (MIP) sensitivity labels based on the contents of the file.
- Apply additional meta data or classification as required. For example, tag files as CUI.
- Encryption
- NC Protect leverages Microsoft Information Protection (MIP) sensitivity labels and Rights Management System (RMS) to encrypt CAD and other files.
- Encrypt files at rest or in motion (e.g., email attachments)
- Watermarking
- Watermark CAD files with any attributes such as user name, date, time, etc. to deter photographing and remind users of the sensitivity of the file.
- Automatically embed CUI Designator data into a 2D or 3 D CAD file as a secure digital watermark including: Name, Controlled BY, Category, Distribution/Limited Dissemination Control, and POC.
- Add CUI designator markings.
- Restrict Access & Actions
- Protected CAD files can only be opened and modified by authorized users based on predefined policies.
- Force read-only access for internal and guest users with a built-in Secure Viewer to prevent Copy, Paste, Print, Save As and Download capabilities.
- Policies can also control if and who protected CAD files can be shared with.
- Hide sensitive CAD files from the document view of unauthorized users in file sharing applications.
- Tracking
- Track access to all protected files as well as actions users have taken with the file.
- Export user actions and logs to Microsoft Sentinel, Splunk or a CSV file for further analysis and upstream actions.
- Supported Platforms & File types:
- Protects CAD file across all Microsoft 365 applications: SharePoint, Teams, OneDrive, Exchange email, Office 365, as well as SharePoint Server and Windows file shares.
- NC Protect supports multiple CAD file formats including: .dgn, .dwf, .dwfx, .dwg, .dwt, .dxf, .ifc, .iges, .plt, .stl, and .cff2.
- EASY TO CONFIGURE ACCESS, PROTECTION AND WATERMARK POLICES
- Applying these policies and controls with NC Protect from archTIS is easy to do using the product’s built-in policy builder.
EASY TO CONFIGURE ACCESS, PROTECTION AND WATERMARK POLICES
For example, the policy below allows NC Protect to deny any guests users the ability to see that CAD files even exist within the network. With this policy activated, a guest will not see a dwg file – even if it resides in a container or Team that they have full access to. Consider how easy it is to share access to SharePoint, OneDrive and Teams with external users and how critical collaboration with external vendors can be for the business.
Users often place sensitive data into places that they don’t realize are accessible by people outside of the organization. This policy allows NC Protect to apply a blanket restriction on guests and mitigate the potential loss of sensitive intellectual property.
For more granular protection, the policy below forces any users who are not part of the Engineering Department to be limited to read only access to CAD files. Even if someone from the Engineering group gives them access to these files, if their department is not Engineering NC Protect will automatically invoke the Secure Reader when they try to open them. In this case the department attribute is being used, but NC Protect can use any attribute such as existing group memberships, title or any other custom attribute to determine how users can interact with these files.
NC Protect’s built-in Secure Reader enforces ‘true read only’ access. Users can’t download, copy or even print a protected file. NC Protect can also watermark the CAD file (or any other type of file) so if a user screenshots the drawing, the photo will contain their name, date and ‘CONFIDENTIAL’ as seen in the image below.
About the author
Irena Mroz, Chief Marketing Officer, archTIS
As CMO, Irena Mroz is responsible for leading archTIS’ product marketing, branding, demand generation and public relations programs. A technical cybersecurity marketer, Mroz has spent her 25+ year career empowering start-ups and public software companies to exceed growth objectives through successful product positioning, demand generation, high profile events and product evangelism. Mroz holds a Bachelor of Science in Mass Communications from Boston University’s College of Communication.
About archTIS
archTIS is a global provider of innovative software solutions for the secure collaboration of sensitive information. The company’s award-winning data-centric information security solutions protect the world’s most sensitive content in government, defense, supply chain, enterprises and regulated industries through attribute-based access and control (ABAC) policies. archTIS’ complementary NC Protect software enhances Microsoft security capabilities with fine-grain, dynamic ABAC policies to control access to and add unique data protection capabilities to secure sensitive data across Microsoft 365 apps, SharePoint on-premises and Windows file shares. The company is a Microsoft Partner and a member of the Microsoft Intelligent Security Association. For more information, visit archtis.com or follow @arch_tis.
Learn more: https://www.archtis.com/microsoft-365-sharepoint-information-security-solutions-for-public-sector/
by Contributed | Aug 31, 2023 | Technology
This article is contributed. See the original author and article here.
Microsoft Learn has a passionate and inspiring community to support your learning journey wherever it may take you. Here we highlight a few of our global learners who have shared their stories about making successful career changes using Microsoft Learn. Our learners inspire us with their perseverance, ingenuity, and the courage to reinvent themselves (Zoologist to Functional Consultant!). Many had to make a significant career change due to the pandemic, proving to us all that if they could make a switch during such a challenging time, we can all be successful with the right learning path and helpful resources in place. Each career changer started by identifying their goal and strategically working toward it–and you can do the same.
Here are a few of their stories:
Introducing Manoj Bora: Hospitality industry to IT Pro
Photo of Manoj Bora
Manoj came to Microsoft Learn from 20 years in the hospitality industry. When the pandemic struck, he lost his job, and the peace of mind that comes with a stable career. In March 2020, he was forced to start over, finding odd jobs and doing manual labor to provide for his family. At that point, Manoj decided to turn to the tech industry to take advantage of the many career opportunities he found available. He explored careers as a developer, software testing, SAP, and Oracle, but it was Microsoft Dynamics 365 which appealed to him most as he had transferable skills. He dove deep into Dynamics 365 but quickly realized he needed structured and practical training – this led him to Microsoft Learn. Gradually with the help of self-paced learning content, community discussion forums, user groups, and Microsoft organized events, Manoj was able to establish his new career in IT. Today, he works as a Dynamics 365 Customer Engagement Functional Consultant.
“Even if you do not have a computer science degree or any IT expertise,” Manoj points out, “if you put your focus on learning something new, you can achieve it with amazing Microsoft Learn content, the helpful Microsoft community, and the evolution of low-code, no-code Power Platform.”
Key insight from Manoj: His advice to other learners is to identify your learning goals ahead of time and pursue all possibilities because Microsoft Learn offers so many resources and learning paths.
Manoj’s recommended Microsoft Learn resources:
Introducing Ikenna Udeani: Student to Data Analyst
Photo of Ikenna Udeani
Ikenna was fresh out of college when he discovered Microsoft Learn. Our platform played a crucial role in helping Ikenna secure his first job immediately after graduation. Microsoft Learn was instrumental in preparing him to earn the Microsoft Certified: Azure Data Fundamentals certification, which he showcased on his LinkedIn profile. This caught the attention of hiring managers, and as a result, he was offered a job—but he didn’t stop there. Ikenna went on to earn six additional certifications, while also working towards two more new certifications.
“I can’t overstate the impact that Microsoft Learn has had on my professional growth and development,” says Ikenna. “I would highly recommend it to anyone looking to enhance their skills and advance their career in the tech industry.”
Key insight from Ikenna: His favorite feature on Microsoft Learn is the sandbox environment, which allowed him to get interactive experience using various Azure features for free and to practice his skills.
Ikenna’s recommended Microsoft Learn resources:
Introducing Nikhil More: Zoology college educator to Functional Consultant
Photo of Nikhil More
Our learners come to Microsoft Learn with diverse backgrounds—Nikhil’s includes a master’s degree in zoology and experience in ecological research and teaching. Like many others, the pandemic brought unexpected changes to his life, and he lost his job as a college teacher. That’s when he discovered Microsoft Learn, and quickly realized that the platform had a well-structured approach aligned with the job he aspired to achieve. The continuous learning opportunities provided by Microsoft Learn ensure that he’s always at the forefront of industry trends and equipped to deliver exceptional results.
“It has empowered me to bridge the gap between my biology background and a thriving career in technology,” says Nikhil. “The platform has not only provided me with the knowledge I needed but also bolstered my sense of confidence and purpose. With Microsoft Learn as my guide, I am excited to see where my Dynamics 365 career takes me next.”
Key insight from Nikhil: One of his favorite aspects of Microsoft Learn is that it provides a structured learning path, offering modules and courses that gradually build your knowledge. It feels like you’re embarking on an exciting journey, with each module representing a new stop along the way.
Nikhil’s recommended Microsoft Learn resource:
Share your Microsoft Learn story
Has Microsoft Learn helped you on your journey to building skills and achieving your goals? Fill out our form for a chance to have your story featured. We can’t wait to hear from you!
Explore more with Microsoft Learn:
by Contributed | Aug 30, 2023 | Technology
This article is contributed. See the original author and article here.
This week, we launched a new playlist on the Microsoft Azure YouTube channel that includes all episodes of our interview series, Microsoft SaaS Stories: Learn from Software Experts. This series highlights partners at various stages of their software as a service (SaaS) journey and their unique experiences building, publishing, and growing on the Microsoft commercial marketplace.
In my role as an Engineering Manager at Microsoft, I’ve seen our software partners take a variety of approaches to SaaS. The most successful companies were the ones that spent the time to understand the scope and steps within the journey to SaaS, both on the business and technical sides. As my team helped companies through this journey to build resilient, scalable, secure applications, they each learned unique insights that enabled their success. I saw a significant opportunity to connect companies at different stages in this journey so that they could share and learn from others to be some of the most successful on our platform and in the market.
Here is a summary of each episode we’ve produced so far:
Episode 1: Basis Theory. CTO Brandon Weber shares how they built confidence with customers by creating an easy-to-use SaaS platform that scales while remaining reliable and secure. Learn the challenges they encountered running a 24/7 service while evolving the service and handling customer growth.
Episode 2: Zammo. In this episode with Zammo’s Stacey Kyler and Nicholas Spagnola, we learn about their significant growth in business and much faster time to close based on having their products in the marketplace. They share their experience building for Azure and running a No-Code Conversational AI Software SaaS platform.
Episode 3: Wolfpack. In this episode with Wolfpack’s Koen den Hollander, we learn how they built their SaaS application for retail customers, and how connecting engineers directly to customers enables them to deliver value at scale.
Episode 4: Vocean. In this episode, we explore how Vocean built their SaaS application that changes the way organizations make decisions. They share the importance of taking time to plan, learn, and listen to experts around you before rushing to build features.
Episode 5: Access Infinity. In this episode, we talk to Access Infinity’s Managing Director, Keshav Nagaraja and explore how Access Infinity saw an opportunity in their consulting business to create platforms that help their customers at scale, and how they came up with a pricing model that drives positive user behaviors.
Episode 6: Sage. In this episode, we learn how Sage embraced the opportunities to shift their application to SaaS, how they used SaaS as an opportunity to simplify their pricing model, and how they use a simple set of principles to guide complex changes.
_______________________________________________________________________________________________________________________________
Are you a partner with a SaaS solution on marketplace who is interested in sharing your SaaS story? Comment below and our team will reach out to learn more about your story!
by Contributed | Aug 29, 2023 | Technology
This article is contributed. See the original author and article here.
We are excited to announce that we are currently rolling out a new feature called SharePoint News for Email. This feature enables you to convert your SharePoint News Posts intro distributions that can be read fully in email inboxes. You can now engage your audience directly in their inbox and track their mail reads.
Four pictures – showing the news article in SharePoint – sending email feature – news in the email client – statistics for the view
To create a News post for email, select a “Made for email” template from the news template picker:
Selection of the templates for new news article – showing the email ready templates.
When you are finished authoring, you can now post your news and send it fully to email in one step.
SharePoint News visible in the SharePoint portal and in the email client.
Sending a page as an email will not change existing site permissions, and sending a page as an email will not give your recipients access to the original page if they don’t already have it. You can think of sending mail by email as making someone a photocopy of a page in a book. They can read that page, but nothing else in the book.
Live video demo on the feature.
Frequently asked questions
When will this happen?
This update will roll out to Targeted Release customers starting August 2023, and to all customers by the end of September.
This message is associated with Microsoft 365 Roadmap ID 124803.
How will this impact your organization?
Authors of SharePoint News will now be able to send news posts as emails.
What you need to do to prepare?
You do not need to do anything to prepare for this update, but you may want to let your users know about this improvement.
Will the view counter for news include the email views?
Yes. View counters for your news articles will include also views of the news article through the email client.
Resources
Thanks for reading. Please let us know any feedback or questions in the comments and we’ll get back to you :thumbs_up::rocket::1st_place_medal:
by Contributed | Aug 28, 2023 | Technology
This article is contributed. See the original author and article here.
On July 11, 2023, we introduced Microsoft’s identity-centric security service edge (SSE) solution and two new services: Microsoft Entra Private Access and Microsoft Entra Internet Access, which are now in public preview. In this blog, we take a deeper look into Microsoft
Entra Private Access.
Figure 1: Traditional network security stacks and legacy VPNs are no longer sufficient
Microsoft Entra Private Access
Traditional network security approaches that use legacy VPNs simply cannot scale to modern demands. Once your remote users connect to your corporate network through VPN, they are granted excessive access to your entire network, all it takes is a single compromised user account, infected device, or open port for an attacker to gain entry, move laterally, and access your most critical assets.
Microsoft Entra Private Access, an identity-centric Zero Trust Network Access (ZTNA), reduces the operational complexity and cost of legacy VPNs, while eliminating excessive access and preventing lateral movement. It modernizes access to private applications and resources, helping users quickly and easily connect to private applications from any device and any network, whether they’re at home, remote, or in their corporate office.
What makes Private Access unique
As part of Microsoft’s SSE solution, Private Access is built on Zero Trust principles. It verifies every user and enforces least privilege, giving users access only to the private applications and resources they need. Private Access significantly expands Entra ID Application Proxy capabilities in Microsoft Entra to a complete ZTNA solution that shares the same connectors but offers so much more, it helps you simplify and secure access to any private resource on any port, and protocol. You can apply policies that enable secure, segmented, and granular access to all your private applications in your corporate network, on-premises, or in the cloud. For customers already using Application Proxy, they can seamlessly transition to Private Access – all existing use-cases and access to existing private web applications would continue to work with no disruption.
You can create and enforce per-app, least privilege access controls based on the granular Conditional Access policies that are enriched with context about users, devices, and their locations. You can also terminate ongoing sessions in response to anomalies or changes in user context or device health. For example, if a user connects from one part of the world and then immediately connects from another part of the world (what we call “impossible travel”), you can enforce re-authorization or step up to a stronger authentication method.
Private Access enables secure access to any application, on-premises or cloud-based, and it works across any port or protocol, including RDP, SSH, SMB, FTP, and anything else that uses TCP or UDP. In addition, you can enable single sign-on (SSO) using SAML or http headers or even legacy Kerberos authentication for both web and non-web applications, without making any changes to those applications.
With Private Access delivered from one of the largest global private networks, Microsoft global network, your private applications are not only more secure, but your employees can also access them faster compared to legacy VPNs. The unmatched scale and vast global network edge presence enables you to optimally connect your users and devices to private resources, especially those who work in a hybrid or remote work environment.
Figure 2: Secure access to all private applications, for users anywhere, with an identity-centric Zero Trust Network Access (ZTNA).
Private Access key capabilities
Microsoft Entra Private Access can help you enable secure access to all your private applications and resources. Key capabilities include:
Fast and easy migration from legacy VPNs with Quick Access. Replacing legacy VPNs with an identity-centric ZTNA minimizes the risk of implicit trust and lateral movement. Using Quick Access, you can easily configure broad private IP ranges and fully qualified domain names (FQDNs) to quickly enable identity-centric, Zero-Trust-based access to all private resources.
Figure 3: Fast and easy migration from legacy VPNs with Quick Access
Enhanced identity-centric security controls for all private applications. With Private Access, you can create Conditional Access policies and multi-factor authentication (MFA) that require modern authentication for accessing any private application, even those using legacy protocols such as Kerberos and NT LAN Manager (NTLM). This brings policies based on the sensitivity of the application, level of user risk, network compliance, and so forth to legacy applications. For example, you can easily require multi-factor authentication (MFA) and device compliance checks for users trying to access remote desktop (RDP), secure shell (SSH) or SMB applications.
Figure 4: Enhanced identity-centric security controls for all private applications
Automatic private application discovery and onboarding. You can discover private applications, including existing App Proxy private web applications, whether the applications are hosted locally in a private network, in an on-premises data center, or in the cloud. You can then onboard them to Microsoft Entra ID, group them, and define granular access policies.
Figure 5: Automatic private application discovery and onboarding
Granular segmented application access. Instead of granting remote users access to your entire network, as traditional VPNs do, you can define granular segmented access policies for each application or group of applications based on user, device, or processes running on the endpoint.
Figure 6: Granular segmented application access
Intelligent local access. Employees need a consistent security posture whether they’re accessing private applications remotely or on-premises. The intelligent local access capability enables fast and seamless ZTNA for users, whether they’re within the corporate network or connecting remotely from anywhere outside corporate network boundaries. For example, a user while on the corporate network can connect to on-premises private applications such as RDP or SMB while CA policies such as MFA are still enforced, and application traffic remains local on the corporate network.
Figure 7: Intelligent local access
Getting started with Entra Private Access
Global Secure Access (preview) is the centralized location in the Microsoft Entra admin center where you can configure and manage Microsoft Entra Private Access. Remote workers don’t need to use a VPN to access these resources if they have the Global Secure Access Client installed. The client quietly and seamlessly connects them with the resources they need. The most current version of the client can be downloaded from the Microsoft Entra admin center. You can install the client interactively, silently with the /quiet switch, or use mobile device management platforms like Microsoft Intune to deploy it to their devices.
QuickAccess makes it very easy to get started with a minimum configuration for Private Access, especially when you are planning to move from legacy VPN to ZTNA. After completing initial configurations, and once you deploy a connector agent on-premises, to enable quick access all you need to do is specify the IP address, IP address range, or FQDN and port number. You can then assign specific conditional access policies, which QuickAccess applies to ALL app segments you configured. For example, you can create a “myRDP app” and assign it an IP address-based app segment. You only need to provide a name for the private app, then select the connector you wish to use with the app, and then specify the IP address/range and port number. You can then access your destination by simply launching an RDP session from your remote client machine.
Figure 8: Configure Quick Access to an RDP application
To learn about different use cases and scenarios, configuration prerequisites and how to enable secure access to your private network resources through the client, remote network connectivity, Quick Access, and more, go to the Global Secure Access documentation page.
You can learn more about Private Access in action via our on-demand Tech Accelerator product deep dive sessions.
Learn more about Microsoft’s SSE solution:
Learn more about Microsoft Entra:
Recent Comments