Azure information protection
Download as PPTX, PDF3 likes2,308 views
The document summarizes Microsoft's enterprise mobility and security solution. It focuses on identity-driven security, managed mobile productivity, and providing a comprehensive solution through products like Azure Active Directory, Microsoft Cloud App Security, Azure Information Protection, and Intune. These products help secure users, devices, apps and data across cloud apps, SaaS, and on-premises environments through features such as identity management, data classification, labeling, encryption, access controls and monitoring/response capabilities.
![aEZQAR]ibr{qU@M]
BXNoHp9nMDAtnBfr
fC;jx+Tg@XL2,Jzu
()&(*7812(*:
Use rights +
Secret cola formula
Water
Sugar
Brown #16
PROTECT
Usage rights and symmetric
key stored in file as “license”
Each file is protected by
a unique AES symmetric
License protected
by customer-owned
RSA key
Water
Sugar
Brown #16
UNPROTECT](https://image.slidesharecdn.com/azureinformationprotection-170505101145/85/Azure-information-protection-15-320.jpg)
![Use rights
+
Azure RMS never
sees the file content,
only the license
Apps protected with
RMS enforce rights
SDK
Apps use the SDK to
communicate with the
RMS service/servers
File content is never sent
to the RMS server/service
aEZQAR]ibr{qU@M]B
XNoHp9nMDAtnBfrfC
;jx+Tg@XL2,Jzu
()&(*7812(*:
Use rights
+
LOCAL PROCESSING ON PCS/DEVICES](https://image.slidesharecdn.com/azureinformationprotection-170505101145/85/Azure-information-protection-16-320.jpg)
Azure information protection
- 2. Enterprise Mobility + Security The Microsoft vision Identity Driven Security Managed Mobile Productivity Comprehensive Solution AppsDevices DataUsers
- 3. Azure Information Protection Protect your data, everywhere Microsoft Cloud App Security Azure Active Directory Detect threats early with visibility and threat analytics Advanced Threat Analytics Extend enterprise-grade security to your cloud and SaaS apps Intune Protect your users, devices, and apps Manage identity with hybrid integration to protect application access from identity attacks Enterprise Mobility +Security The Microsoft solution
- 5. Unregulated, unknown Managed mobile environment How much control do YOU have? On-premises Perimeter protection Identity, device management protection Hybrid data = new normal It is harder to protect
- 7. Azure Information Protection DOCUMENT TRACKING DOCUMENT REVOCATION Monitor & Respond LABELINGCLASSIFICATION Classify & Label ENCRYPTION Protect ACCESS CONTROL POLICY ENFORCEMENT Full Data Lifecycle
- 8. Classification + Automation + Protection + Reporting + Collaboration
- 10. Confidential Restricted Internal Public IT admin sets policies, templates, and rules Personal Classify data based on sensitivity Start with the data that is most sensitive IT can set automatic rules; users can complement it Associate actions such as visual markings and protection
- 12. FINANCE CONFIDENTIAL Persistent labels that travel with the document Labels are metadata written to documents Labels are in clear text so that other systems such as a DLP engine can read Labels travel with the document, regardless of location
- 14. VIEW EDIT COPY PASTE Email attachment FILE Protect data needing protection by: Encrypting data Including authentication requirement and a definition of use rights (permissions) to the data Providing protection that is persistent and travels with the data Personal apps Corporate apps
- 15. aEZQAR]ibr{qU@M] BXNoHp9nMDAtnBfr fC;jx+Tg@XL2,Jzu ()&(*7812(*: Use rights + Secret cola formula Water Sugar Brown #16 PROTECT Usage rights and symmetric key stored in file as “license” Each file is protected by a unique AES symmetric License protected by customer-owned RSA key Water Sugar Brown #16 UNPROTECT
- 16. Use rights + Azure RMS never sees the file content, only the license Apps protected with RMS enforce rights SDK Apps use the SDK to communicate with the RMS service/servers File content is never sent to the RMS server/service aEZQAR]ibr{qU@M]B XNoHp9nMDAtnBfrfC ;jx+Tg@XL2,Jzu ()&(*7812(*: Use rights + LOCAL PROCESSING ON PCS/DEVICES
- 19. Monitor use, control and block abuse Sue Joe blocked in Ukraine Jane accessed from France Bob accessed from North America MAP VIEW Jane Competitors Jane access is revoked Sue Bob Jane
- 22. Share internally, with business partners, and customers Bob Jane Internal user ******* External user ******* Any device/ any platform Sue File share SharePoint Email LoB
- 23. Azure Active Directory On-premises organizations doing full sync On-premises organizations doing partial sync Organizations completely in cloud …and all of these organizations can interact with each other. Organizations created through ad-hoc signup ADFS Using Azure AD for authentication
- 25. Authentication & collaboration RMS connector Authorization requests via federation (optional) Data protection for organizations at different stages of cloud adoption Ensures security because sensitive data is never sent to the RMS server Integration with on-premises assets with minimal effort AAD Connect ADFS Service supplied Key BYOK
- 26. Authentication & collaboration RMS connector Authorization requests via federation (optional) Data protection for organizations at different stages of cloud adoption Ensures security because sensitive data is never sent to the RMS server Integration with on-premises assets with minimal effort Hold your key on premises AAD Connect ADFS HYOK Service supplied Key BYOK for Regulated Environments
- 27. Classification only Understand your data classification needs, enable the service and define a default policy so all documents are labelled. + Automation + Protection + Reporting + Collaboration Define content based actions to automatically classify and label documents or make recommendations to users to confirm. For sensitive information, define protection policies that require authentication and enforce use rights. Gain insights into the types of information you have, users that work with different sensitivity levels and trends in data creation. Securely share documents and email with internal and external recipients.
- 28. Check out more sessions: Tuesday: BRK2127 Adopt a comprehensive identity-driven solution for protecting and sharing data securely – 9am THR2107 Collaborate securely using Azure Information Protection – 12:05 pm Wednesday: THR2108 Ensure comprehensive protection of your data with Azure Information Protection – 11:05 am BRK3095 Learn how classification, labeling, and protection delivers persistent data protection – 12:30 pm BRK2128 Protect and share data with anyone securely using Azure Information Protection – 4 pm Friday: BRK3323 Meet Azure Information Protection customers and learn about their success stories – 9:15 am (General Motors)
- 29. Try Enterprise Mobility + Security for free, today: www.microsoft.com/en-us/cloud-platform/enterprise-mobility-trial See Microsoft Cloud App Security in action https://www.microsoft.com/en-us/cloud-platform/cloud-app-security-trial Evaluate and try Microsoft Advanced Threat Analytics now www.microsoft.com/en-us/evalcenter/evaluate-microsoft-advanced-threat-analytics Explore Identity + Access Management www.microsoft.com/en-us/cloud-platform/identity-management Learn more about Azure Information Protection www.microsoft.com/en-us/cloud-platform/information-protection Discover new MDM and MAM solutions with Microsoft Intune www.microsoft.com/en-us/cloud-platform/mobile-device-managementlink Check out new Desktop virtualization capabilities www.microsoft.com/en-us/cloud-platform/desktop-virtualization
- 30. From your PC or Tablet visit MyIgnite at http://myignite.microsoft.com From your phone download and use the Ignite Mobile App by scanning the QR code above or visiting https://aka.ms/ignite.mobileapp Please evaluate this session Your feedback is important to us!