Get in Touch
Published: 30th May 2023 | In: Insights
With the rapid advancement of technology and growing concerns over data security and privacy, Microsoft Purview has introduced a range of new features and functions to better protect sensitive information. This short article aims to highlight key potential elements your business should seek to benefit from. These include focusing on context-based classification, retention auto-labelling, optical character recognition (OCR) in data loss prevention (DLP), exciting enhancements with insider risk management, and new adaptive protection to flexibly monitor risk behaviours.
Let’s get started!
Microsoft Purview now offers context-based classification, which enables organisations to classify and label sensitive files based on attributes such as the document name, size, type, creator, or default site label. This feature is especially useful for OneDrive and SharePoint Online (SPO) sites, helping businesses maintain better control over their data as there are now different ways to detect and maintain the data according to pre-defined policies, streamlining the process of managing and protecting sensitive information across an organisation.
More information: Microsoft 365 Roadmap
Optical Character Recognition in Data Loss Prevention
This feature has been the most sought after for many years. Microsoft has incorporated the use of OCR technology to allow for text extraction from image files or images embedded in PDFs and screenshots. This capability enables files to be auto-labelled and to be protected because data exfiltrated this way was previously extremely hard to detect. Now organisations can monitor data on endpoints and protect against common sharing activities such as copying to cloud service or printing at home.
Additional pricing and licensing: The OCR service costs $1.00 for every 1,000 items scanned. Licensing options include metered and E3/E5 licensing.
Endpoint DLP Proactive Protection – Just-In-Time Protection
Proactive protection on endpoint devices means that every document, regardless of its creation or modification date, is scanned before relevant restrictions are applied. The policies set up by your business will then block all egress activities on monitored files that have not yet been evaluated or deemed sensitive by the platform. Again, it’s being able to monitor and protect against vulnerable content that otherwise could have been shared previously without initial scanning. There have been elements of these features in the past in SharePoint Online and OneDrive for Business, however, these have been locked away in PowerShell. These features allow for ‘sensitive by default’, meaning that until the content has been indexed and scanned it can’t be shared.
More information: Microsoft Purview – Learn about Endpoint data loss prevention
DLP for Virtualised Environments
To further enhance data security, Microsoft Purview extends its DLP capabilities to virtualised environments, such as Windows Virtual Desktop and Citrix. This allows businesses to protect sensitive files accessed through these platforms, similarly to Endpoint DLP.
More information: Get started with Endpoint data loss prevention
DLP for Sensitive Files Stored on Network Shares
Microsoft Compliance also offers DLP for sensitive files stored on network shares, ensuring that data remains secure even when accessed remotely.
More information: Network share coverage and exclusions (preview)
The new Adaptive Protection feature combines content-centric controls from DLP with people-centric context from insider risk management. This helps businesses balance data protection with productivity, meaning that users flow in and out of these adaptive policies that are configured to your organisational requirements. The riskier the activities, the more restrictive the policies. If the end user doesn’t pose a potential threat, the user is removed from the policy.
More information: Enable Adaptive Protection with Microsoft Purview
Forensic Evidence in Insider Risk Management
Insider risk is used as a monitoring solution for different types of business risk and it’s able to collect the evidence of activities and content that was used in risky ways. All done without installing any agents on the devices for Windows 10/11. However, there’s a new set of additions to this; by installing a new ‘Purview Client’, risk owners can now capture additional evidence through a ‘dashcam’ feature. Once triggered through defined policies, the reviewer can play back the evidence as a video file. There are also web add-ins for Edge and Chrome for extra monitoring of web-based risks.
Even if the machine were to go offline, evidence is saved locally, up to the 500-MB limit, and can be stored for up to 60 days.
Additional pricing and licensing: Microsoft offers 20 GB of storage for free with options to pay yearly or monthly.
More information: Learn about insider risk management forensic evidence
Microsoft Purview’s latest features and functions offer a powerful, comprehensive, and secure solution, designed to replace the multiple-point solutions that businesses currently have today. As the necessity to accomplish more with fewer resources becomes increasingly crucial, organisations must prioritise safeguarding sensitive information to tackle ever-growing risks. Wouldn’t it be nice to have a suite of solutions that integrate and talk to each other to assess, protect and maintain a health risk posture?
At Quorum Cyber, we are committed to helping good people win. We believe that every organisation can strengthen their data security and privacy without sacrificing efficiency and productivity. By utilising the existing tools that you have within Microsoft 365 we can take assessments and regulations you need to adhere to and provide a roadmap to success.