At its Inspire 2020 partners conference this week, Microsoft rolled out new Microsoft 365 security, risk management, and compliance tools for remote work. The company announced its Endpoint Data Loss Prevention solution and Double Key Encryption in public preview. Other security announcements included new features for Insider Risk Management and Communication Compliance in public preview.
These additions are meant to help companies better protect their data, especially given the shift to remote work over the past few months. Microsoft argues organizations need to reevaluate their security and risk management practices now that employees are increasingly accessing corporate data on home computers and collaborating in new ways.
“The shift to remote work has amplified two core priorities for our customers: preventing data leaks and mitigating risks from inside the organization,” Alym Rayani, Microsoft senior director of compliance marketing, said in a press briefing. “Now many customers tell us it’s a challenge to identify, protect, and govern their data state. In fact, more than half of security compliance decision-makers now tell us that data leakage is their top challenge. In addition, most organizations feel vulnerable to insider risks, whether those are inadvertent or malicious. With increasing remote work, customers are feeling more vulnerable than ever to risks coming from within their organization. We’ve been listening and have expedited engineering timelines to help our customers address these needs now.”
Endpoint Data Loss Prevention
Microsoft 365 already includes built-in data loss prevention capabilities in Microsoft Teams, SharePoint, Exchange, and OneDrive. Microsoft is now extending data loss prevention to the endpoint with the Endpoint Data Loss Prevention (DLP) public preview. The new preview will help organizations “better protect and govern data on the device itself,” Rayani said.
Endpoint DLP is built into Windows 10, Microsoft Edge, and the Office apps. It provides data-centric protection for sensitive information to prevent risky or inappropriate sharing, transfer, or use of sensitive data in accordance with an organization’s policies. Because Endpoint DLP builds on the existing DLP capabilities in Microsoft 365, you’ll see when sensitive data is accessed right in the Microsoft 365 compliance center (picture above).
Double Key Encryption
The Double Key Encryption public preview is meant to address specific data privacy and regulatory compliance needs. Some organizations in highly regulated industries, for example, must have complete control of the encryption key.
The Double Key Encryption public preview allows you to protect your most confidential data by providing two keys: The first is in your control and the second in Microsoft Azure’s. Viewing the data requires access to both keys. Since Microsoft can only access the key in Azure, the company claims it cannot access your data.
Insider Risk Management
In February, Microsoft announced the general availability of Insider Risk Management. The service leverages AI and machine learning to identify anomalies in user behavior and flag high-risk activities. Specifically, the ML algorithms consider variables like file activity, communications sentiment, and abnormal user behaviors. Microsoft promises that the tool identifies patterns and risks in a privacy-preserving fashion (names are anonymized).
Today’s public preview expands the quality of signals Insider Risk Management uses to intelligently flag potentially risky behavior. New categories include expanded Windows 10 signals (e.g., files copied to a USB or transferred to a network share), integration with Microsoft Defender ATP for endpoint security signals, more native signals from across Microsoft 365 (including Teams, SharePoint, and Exchange), and enhancements to the native HR connector.
Microsoft argues these updates are especially important now because remote work increases the number of distractions and stressors we’re facing. Shared home workspaces, remote learning for children, and potential job loss or safety concerns all increase the potential for inadvertent or malicious leaks.
Also released in February, Communication Compliance in Microsoft 365 helps organizations intelligently detect regulatory compliance and code of conduct violations, including workplace threats and harassment. The feature could be particularly useful now, given the increased number of messages sent over collaboration platforms and the heightened awareness around diversity, equity, and inclusion.
Communication Compliance is getting image detection and enhanced review capabilities in public preview. That includes intelligent pattern detection to prioritize alerts from repeat offenders, a global feedback loop to improve the detection algorithms, and rich reporting capabilities. Additional third-party connectors to extend the capabilities to sources like Bloomberg Message data and ICE Chat data are also now available. And if you use Microsoft Teams, you’ll get improved remediation actions, like the ability to remove messages from the Teams channel. Most importantly, Microsoft promises that Slack and Zoom support is coming soon.