SlideShare a Scribd company logo

NIC 2017 Did you like Azure RMS? You will like Azure Information Protection even more!

Download as PPTX, PDF
Morgan Simonsen, profile picture
Morgan Simonsen

The document discusses Azure Information Protection (AIP), highlighting its advantages over Azure Rights Management Services (RMS) and features such as data classification, tracking, and encryption. It addresses the increasing challenges organizations face regarding data security and compliance in a complex environment, emphasizing the need for robust information protection solutions. The speaker, Morgan Simonsen, also outlines the integration of AIP with Microsoft services and its capabilities to manage sensitive data effectively.

Technology
Related topics:
Microsoft Azure
1 of 35
Downloaded 32 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
NIC 2017 Did you like Azure RMS? You will like Azure Information Protection even more!
Did you like Azure RMS? You will like Azure Information Protection even more!
About Your Speaker: Morgan Simonsen • Cloud Evangelist@Lumagate • P-TSP@Microsoft • MCSE, MCSA, MCT • MVP • Twitter: @msimonsen • Email: morgan.simonsen@lumagate.com • Blog: morgansimonsen.com
Agenda • Threat Landscape 2017 • Azure RMS 101 • Introducing Azure Information Protection • Data Classification and Labelling • Tracking and Revocation • Deployment
Threat Landscape 2017
Audience Participation 1. How many are using Azure RMS today? 2. How many are using Azure IP today? 3. (How many are using AD DS Rights Management?)
Enterprise Mobility+Security The Microsoft vision Identity Driven Security Managed Mobile Productivity Comprehensive Solution AppsDevices DataUsers
Azure Information Protection Protect your data, everywhere Microsoft Cloud App Security Azure Active Directory Detect threats early with visibility and threat analytics Advanced Threat Analytics Extend enterprise-grade security to your cloud and SaaS apps Intune Protect your users, devices, and apps Manage identity with hybrid integration to protect application access from identity attacks Enterprise Mobility+Security The Microsoft solution Privileged Identity Management Identity Protection ENFORCE MFA ALLOW BLOCK Conditional Access Windows 10 Azure AD Join, Health Attestation, Windows Hello, BitLocker
Challenges with the complex environment Employees Business partners Customers Apps Devices Data Users Data leaks Lost device Compromised identity Stolen credentials It’s 11PM, do you know where your data is?
The problem is ubiquitous Intellectual Property theft has increased 56% rise data theft Accidental or malicious breaches due to lack of internal controls 88% of organizations are Losing control of data 80% of employees admit to use non-approved SaaS app 91% of breaches could have been avoided Organizations no longer confident in their ability to detect and prevent threats Saving files to non-approved cloud storage apps is common
CISO’s Information Protection Challenges
Unregulated, unknown Managed mobile environment How much control do you have? On-premises Perimeter protection Identity, device management protection Hybrid data = new normal It is harder to protect
Azure RMS 101
Why Rights Management? • Protection that travels with the data • Azure RMS is a complete end to end information protection solution for documents, email, and any unstructured data that is sensitive for your organization • Highly integrated into Office, O365, Windows Server, and 3rd party applications for broad reach and consistent user experience • Built on modern encryption and authentication standards (PKI, AES, OAuth, ….)
aEZQAR]ibr{qU@M] BXNoHp9nMDAtnBfr fC;jx+Tg@XL2,Jzu ()&(*7812(*: Use rights + Secret cola formula Water Sugar Brown #16 PROTECT Usage rights and symmetric key stored in file as “license” Each file is protected by a unique AES symmetric License protected by customer-owned RSA key Water Sugar Brown #16 UNPROTECT
Use rights + Azure RMS never sees the file content, only the license Apps protected with RMS enforce rights SDK Apps use the SDK to communicate with the RMS service/servers File content is never sent to the RMS server/service aEZQAR]ibr{qU@M]B XNoHp9nMDAtnBfrfC ;jx+Tg@XL2,Jzu ()&(*7812(*: Use rights + LOCAL PROCESSING ON PCs/DEVICES
Share internally, with business partners, and customers Bob Jane Internal user ******* External user ******* Any device/ any platform Roadmap Sue File share SharePoint Email LoB
Azure Active Directory On-premises organizations doing full sync On-premises organizations doing partial sync Organizations completely in cloud …and all of these organizations can interact with each other. Organizations created through ad-hoc signup ADFS Using Azure AD for authentication
Introducing Azure Information Protection
DOCUMENT TRACKING DOCUMENT REVOCATION Monitor & respond LABELINGCLASSIFICATION Classification & labeling ENCRYPTION Protect ACCESS CONTROL POLICY ENFORCEMENT
Data Lifecycle Classification and Protection CLASSIFY LABEL PROTECT At data creation Manual classification Automatic classification as much as possible Persistent tag User awareness through visual labels Industry standard, enables wide ecosystem Encryption with Azure RMS DLP & Compliance actions Audit trails to track data ORCHESTRATE
SECRET CONFIDENTIAL INTERNAL NOT RESTRICTED IT admin sets policies, templates, and rules PERSONAL Classify data based on sensitivity Start with the data that is most sensitive IT can set automatic rules; users can complement it Associate actions such as visual markings and protection
FINANCE CONFIDENTIAL Persistent labels that travel with the document Labels are metadata written to documents Labels are in clear text so that other systems such as a DLP engine can read it
Reclassification You can override a classification and optionally be required to provide a justification Automatic Policies can be set by IT Admins for automatically applying classification and protection to data Recommended Based on the content you’re working on, you can be prompted with suggested classification User set Users can choose to apply a sensitivity label to the email or file they are working on with a single click
Azure IP Header, Footer, or Watermark variables • Example: If you specify the string Document: ${item.name} Classification: ${item.label} for the Secret label footer, the footer text applied to a documented named project.docx will be Document: project.docx Classification: Secret Variable Description Example ${Item.Label} Selected label Internal ${Item.Name} File name or email subject JulySales.docx ${Item.Location} Path and file name for documents, and the email subject for emails Sales2016Q3JulyReport.docx ${User.Name} Owner of the document or email (Windows SAMAccountName) rsimone ${User.PrincipalName} Owner of the document or email (Azure Information Protection client signed in email address (UPN)) rsimone@vanarsdelltd.com ${Event.DateTime} Date and time when the selected label was set 8/16/2016 1:30 PM
VIEW EDIT COPY PASTE Email attachment FILE Protect data needing protection by: Encrypting data Including authentication requirement and a definition of use rights (permissions) to the data Providing protection that is persistent and travels with the data Personal apps Corporate apps
Azure RMS Key Management Options
Key Management This is BYOK. Customer generates key, exports/imports into Azure KV HSM This is HYOK. ADRMS uses the on-premises HSM for keys. Azure RMS AD RMS
HYOKBYOK Label A Apply Protection: AzRMS Label B Apply Protection: ADRMS Data that can be stored anywhere, travel, collaborated on and protected by a cloud service Toxic data that must reside on- premises and be protected by customer held keys
NIC 2017 Did you like Azure RMS? You will like Azure Information Protection even more!
NIC 2017 Did you like Azure RMS? You will like Azure Information Protection even more!
NIC 2017 Did you like Azure RMS? You will like Azure Information Protection even more!
Licensing • Azure Active Directory Premium P2 required • Enterprise Mobility+Security E5 Plan features Enterprise Mobility + Security E3 Enterprise Mobility + Security E5 Information protection •Azure Information Protection Premium P1 •Encryption for all files and storage locations •Cloud-based file tracking •Azure Information Protection Premium P2 •Intelligent classification and encryption for files shared inside and outside of your organization •Includes all P1 capabilities
Questions?
Please evaluate the session on your way out… Hated It! Meh… Best session ever!

More Related Content

PPTX
Cloud Based Rights Management with Azure RMS
Morgan Simonsen
 
PDF
Azure Active Directory
Sovelto
 
PPTX
Azure Active Directory - An Introduction for Developers
John Garland
 
PPTX
Microsoft Azure ad in 10 slides
Andre Debilloez
 
PPTX
Identity Management for Office 365 and Microsoft Azure
Sparkhound Inc.
 
PPTX
Certifications for Azure Developers
Krunal Trivedi
 
PPTX
What's new in Azure Active Directory and what's coming new ?
Vignesh Ganesan I Microsoft MVP
 
PPTX
Azure security and Compliance
Karina Matos
 
Cloud Based Rights Management with Azure RMS
Morgan Simonsen
 
Azure Active Directory
Sovelto
 
Azure Active Directory - An Introduction for Developers
John Garland
 
Microsoft Azure ad in 10 slides
Andre Debilloez
 
Identity Management for Office 365 and Microsoft Azure
Sparkhound Inc.
 
Certifications for Azure Developers
Krunal Trivedi
 
What's new in Azure Active Directory and what's coming new ?
Vignesh Ganesan I Microsoft MVP
 
Azure security and Compliance
Karina Matos
 

What's hot (20)

PPTX
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
DIWUG
 
PPTX
Azure AD with Office 365 and Beyond!
Ravikumar Sathyamurthy
 
PDF
SPSNL17 - Secure Collaboration: Start classifying, labeling, and protecting y...
DIWUG
 
PDF
From classification to protection of your data, secure your business with azu...
Joris Faure
 
PPTX
Azure Global Bootcamp 2017 Azure AD Deployment
Anthony Clendenen
 
PPTX
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
Peter Selch Dahl
 
PDF
ECS19 - Bram De Jager - Design a secure collaboration solution with Azure In...
European Collaboration Summit
 
PPTX
Windows Azure Active Directory
Krunal Trivedi
 
PPTX
Cloud Reference Architecture - Part 1 Foundation
Ammar Hasayen
 
PPTX
Azure Active Directory - An Introduction
Venkatesh Narayanan
 
PPTX
2018 November - AZUGDK - Azure AD
Peter Selch Dahl
 
PDF
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Peter Selch Dahl
 
PDF
Protect your data in / with the Cloud
GWAVA
 
PPTX
Azure active directory
Raju Kumar
 
PDF
Microsoft Azure Security Overview
Alert Logic
 
PPTX
ADFS + IAM
Richard Harvey
 
PPTX
AWS Security
Magdy El-Faramawy , MBA,PMP,CISA,CM,ITIL
 
PPTX
Microsoft Azure Technical Overview
gjuljo
 
PDF
Adelaide Global Azure Bootcamp 2018 - Azure 101
Balabiju
 
PDF
SCU Berlín | Cloud identity for maximum productivity
Diana Carolina Torres Viasus
 
SPSNL17 - Securing Office 365 and Microsoft Azure like a rock star (or groupi...
DIWUG
 
Azure AD with Office 365 and Beyond!
Ravikumar Sathyamurthy
 
SPSNL17 - Secure Collaboration: Start classifying, labeling, and protecting y...
DIWUG
 
From classification to protection of your data, secure your business with azu...
Joris Faure
 
Azure Global Bootcamp 2017 Azure AD Deployment
Anthony Clendenen
 
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
Peter Selch Dahl
 
ECS19 - Bram De Jager - Design a secure collaboration solution with Azure In...
European Collaboration Summit
 
Windows Azure Active Directory
Krunal Trivedi
 
Cloud Reference Architecture - Part 1 Foundation
Ammar Hasayen
 
Azure Active Directory - An Introduction
Venkatesh Narayanan
 
2018 November - AZUGDK - Azure AD
Peter Selch Dahl
 
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Peter Selch Dahl
 
Protect your data in / with the Cloud
GWAVA
 
Azure active directory
Raju Kumar
 
Microsoft Azure Security Overview
Alert Logic
 
ADFS + IAM
Richard Harvey
 
AWS Security
Magdy El-Faramawy , MBA,PMP,CISA,CM,ITIL
 
Microsoft Azure Technical Overview
gjuljo
 
Adelaide Global Azure Bootcamp 2018 - Azure 101
Balabiju
 
SCU Berlín | Cloud identity for maximum productivity
Diana Carolina Torres Viasus
 
Ad

Similar to NIC 2017 Did you like Azure RMS? You will like Azure Information Protection even more! (20)

PPTX
Azure information protection
Kjetil Lund-Paulsen
 
PDF
Microsoft Azure Rights Management
David J Rosenthal
 
PPTX
Secure Collaboration: Start classifying, labeling, and protecting your (most ...
Bram de Jager
 
PPTX
2° Ciclo Microsoft Fondazione CRUI 6° Seminario: Classificazione e protezion...
Jürgen Ambrosi
 
PDF
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Jürgen Ambrosi
 
PPTX
What's New in Microsoft Rights Management Services
UL Transaction Security
 
PDF
Information protection & classification
David De Vos
 
PDF
Azure Information Protection
Microsoft
 
PDF
Azure Information Protection for Data Protection with Microsoft AIP tool
ssuser381403
 
PPTX
Como o Azure Information Protection pode manter seus dados seguros
Bruno Lopes
 
PDF
CSS17: Houston - Azure Shared Security Model Overview
Alert Logic
 
PDF
O365Con18 - Classify, Label and Protect your Data with Azure Information Prot...
NCCOMMS
 
PDF
Techorama - Shadow IT with Cloud Apps
David De Vos
 
PDF
Azure information protection_datasheet_en-us
Kjetil Lund-Paulsen
 
PPTX
Azure Fundamentals Part 3
CCG
 
PPTX
Securing Intellectual Property using Azure Rights Management Services
SPC Adriatics
 
PPTX
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
European Collaboration Summit
 
PPTX
Microsoft TechDays Netherlands 2017 - Azure Information Protection Scanner
Albert Hoitingh
 
PDF
June 2020 Microsoft 365 Need to Know Webinar
Robert Crane
 
PDF
SPUnite17 Secure Collaboration with AIP
NCCOMMS
 
Azure information protection
Kjetil Lund-Paulsen
 
Microsoft Azure Rights Management
David J Rosenthal
 
Secure Collaboration: Start classifying, labeling, and protecting your (most ...
Bram de Jager
 
2° Ciclo Microsoft Fondazione CRUI 6° Seminario: Classificazione e protezion...
Jürgen Ambrosi
 
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Jürgen Ambrosi
 
What's New in Microsoft Rights Management Services
UL Transaction Security
 
Information protection & classification
David De Vos
 
Azure Information Protection
Microsoft
 
Azure Information Protection for Data Protection with Microsoft AIP tool
ssuser381403
 
Como o Azure Information Protection pode manter seus dados seguros
Bruno Lopes
 
CSS17: Houston - Azure Shared Security Model Overview
Alert Logic
 
O365Con18 - Classify, Label and Protect your Data with Azure Information Prot...
NCCOMMS
 
Techorama - Shadow IT with Cloud Apps
David De Vos
 
Azure information protection_datasheet_en-us
Kjetil Lund-Paulsen
 
Azure Fundamentals Part 3
CCG
 
Securing Intellectual Property using Azure Rights Management Services
SPC Adriatics
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
European Collaboration Summit
 
Microsoft TechDays Netherlands 2017 - Azure Information Protection Scanner
Albert Hoitingh
 
June 2020 Microsoft 365 Need to Know Webinar
Robert Crane
 
SPUnite17 Secure Collaboration with AIP
NCCOMMS
 
Ad

More from Morgan Simonsen (14)

PPTX
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...
Morgan Simonsen
 
PDF
How to create awesome customer experiences
Morgan Simonsen
 
PPTX
Azure Introduction for IT Pros #1 Mobility
Morgan Simonsen
 
PPTX
Azure intoduksjon for it pro 02 data protection public
Morgan Simonsen
 
PPTX
Turning off the lights - Going all in with the Public Cloud (Lumagate Nordic ...
Morgan Simonsen
 
PPTX
Massive Lift & Shift Migrations to Microsoft Azure with the Microsoft Migrati...
Morgan Simonsen
 
PPTX
Building Azure RemoteApp - Microsoft Campus Days 2014
Morgan Simonsen
 
PPTX
Microsoft EMS Mixtape
Morgan Simonsen
 
PPTX
Lumagate Microsoft Azure RemoteApp Webinar
Morgan Simonsen
 
PPTX
Microsoft Azure Introduction
Morgan Simonsen
 
PPTX
Azure seminar mai 2014 01 hvorfor er azure riktig for din bedrift
Morgan Simonsen
 
PPTX
Integrating your network with windows azure
Morgan Simonsen
 
PPTX
Digitalkonferansen 2014 - Cirrus or Cumulus: Which cloud provider is the righ...
Morgan Simonsen
 
PPTX
NIC 2014 Modern Authentication for the Cloud Era
Morgan Simonsen
 
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...
Morgan Simonsen
 
How to create awesome customer experiences
Morgan Simonsen
 
Azure Introduction for IT Pros #1 Mobility
Morgan Simonsen
 
Azure intoduksjon for it pro 02 data protection public
Morgan Simonsen
 
Turning off the lights - Going all in with the Public Cloud (Lumagate Nordic ...
Morgan Simonsen
 
Massive Lift & Shift Migrations to Microsoft Azure with the Microsoft Migrati...
Morgan Simonsen
 
Building Azure RemoteApp - Microsoft Campus Days 2014
Morgan Simonsen
 
Microsoft EMS Mixtape
Morgan Simonsen
 
Lumagate Microsoft Azure RemoteApp Webinar
Morgan Simonsen
 
Microsoft Azure Introduction
Morgan Simonsen
 
Azure seminar mai 2014 01 hvorfor er azure riktig for din bedrift
Morgan Simonsen
 
Integrating your network with windows azure
Morgan Simonsen
 
Digitalkonferansen 2014 - Cirrus or Cumulus: Which cloud provider is the righ...
Morgan Simonsen
 
NIC 2014 Modern Authentication for the Cloud Era
Morgan Simonsen
 

Recently uploaded (20)

PDF
How Open Source Changed My Career by abdelrahman ismail
a0m0rajab1
 
PDF
Orbitly Pitch Deck|A Mission-Driven Platform for Side Project Collaboration (...
zz41354899
 
PDF
Accelerating Oracle Database 23ai Troubleshooting with Oracle AHF Fleet Insig...
Sandesh Rao
 
PDF
Unlocking the Future- AI Agents Meet Oracle Database 23ai - AIOUG Yatra 2025.pdf
Sandesh Rao
 
PDF
Get More from Fiori Automation - What’s New, What Works, and What’s Next.pdf
Precisely
 
PDF
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
 
PDF
Advances in Ultra High Voltage (UHV) Transmission and Distribution Systems.pdf
Nabajyoti Banik
 
PDF
Automating ArcGIS Content Discovery with FME: A Real World Use Case
Safe Software
 
PDF
REPORT: Heating appliances market in Poland 2024
SPIUG
 
PDF
Cloud-Migration-Best-Practices-A-Practical-Guide-to-AWS-Azure-and-Google-Clou...
Artjoker Software Development Company
 
PDF
A Strategic Analysis of the MVNO Wave in Emerging Markets.pdf
IPLOOK Networks
 
PDF
The Future of Artificial Intelligence (AI)
Mukul
 
PPTX
AI in Daily Life: How Artificial Intelligence Helps Us Every Day
vanshrpatil7
 
PDF
Doc9.....................................
SofiaCollazos
 
PDF
Tea4chat - another LLM Project by Kerem Atam
a0m0rajab1
 
PDF
Event Presentation Google Cloud Next Extended 2025
minhtrietgect
 
PPTX
IT Runs Better with ThousandEyes AI-driven Assurance
ThousandEyes
 
PDF
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
 
PDF
Trying to figure out MCP by actually building an app from scratch with open s...
Julien SIMON
 
PDF
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
 
How Open Source Changed My Career by abdelrahman ismail
a0m0rajab1
 
Orbitly Pitch Deck|A Mission-Driven Platform for Side Project Collaboration (...
zz41354899
 
Accelerating Oracle Database 23ai Troubleshooting with Oracle AHF Fleet Insig...
Sandesh Rao
 
Unlocking the Future- AI Agents Meet Oracle Database 23ai - AIOUG Yatra 2025.pdf
Sandesh Rao
 
Get More from Fiori Automation - What’s New, What Works, and What’s Next.pdf
Precisely
 
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
 
Advances in Ultra High Voltage (UHV) Transmission and Distribution Systems.pdf
Nabajyoti Banik
 
Automating ArcGIS Content Discovery with FME: A Real World Use Case
Safe Software
 
REPORT: Heating appliances market in Poland 2024
SPIUG
 
Cloud-Migration-Best-Practices-A-Practical-Guide-to-AWS-Azure-and-Google-Clou...
Artjoker Software Development Company
 
A Strategic Analysis of the MVNO Wave in Emerging Markets.pdf
IPLOOK Networks
 
The Future of Artificial Intelligence (AI)
Mukul
 
AI in Daily Life: How Artificial Intelligence Helps Us Every Day
vanshrpatil7
 
Doc9.....................................
SofiaCollazos
 
Tea4chat - another LLM Project by Kerem Atam
a0m0rajab1
 
Event Presentation Google Cloud Next Extended 2025
minhtrietgect
 
IT Runs Better with ThousandEyes AI-driven Assurance
ThousandEyes
 
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
 
Trying to figure out MCP by actually building an app from scratch with open s...
Julien SIMON
 
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
 

NIC 2017 Did you like Azure RMS? You will like Azure Information Protection even more!

  • 2. Did you like Azure RMS? You will like Azure Information Protection even more!
  • 3. About Your Speaker: Morgan Simonsen • Cloud Evangelist@Lumagate • P-TSP@Microsoft • MCSE, MCSA, MCT • MVP • Twitter: @msimonsen • Email: [email protected] • Blog: morgansimonsen.com
  • 4. Agenda • Threat Landscape 2017 • Azure RMS 101 • Introducing Azure Information Protection • Data Classification and Labelling • Tracking and Revocation • Deployment
  • 6. Audience Participation 1. How many are using Azure RMS today? 2. How many are using Azure IP today? 3. (How many are using AD DS Rights Management?)
  • 7. Enterprise Mobility+Security The Microsoft vision Identity Driven Security Managed Mobile Productivity Comprehensive Solution AppsDevices DataUsers
  • 8. Azure Information Protection Protect your data, everywhere Microsoft Cloud App Security Azure Active Directory Detect threats early with visibility and threat analytics Advanced Threat Analytics Extend enterprise-grade security to your cloud and SaaS apps Intune Protect your users, devices, and apps Manage identity with hybrid integration to protect application access from identity attacks Enterprise Mobility+Security The Microsoft solution Privileged Identity Management Identity Protection ENFORCE MFA ALLOW BLOCK Conditional Access Windows 10 Azure AD Join, Health Attestation, Windows Hello, BitLocker
  • 9. Challenges with the complex environment Employees Business partners Customers Apps Devices Data Users Data leaks Lost device Compromised identity Stolen credentials It’s 11PM, do you know where your data is?
  • 10. The problem is ubiquitous Intellectual Property theft has increased 56% rise data theft Accidental or malicious breaches due to lack of internal controls 88% of organizations are Losing control of data 80% of employees admit to use non-approved SaaS app 91% of breaches could have been avoided Organizations no longer confident in their ability to detect and prevent threats Saving files to non-approved cloud storage apps is common
  • 12. Unregulated, unknown Managed mobile environment How much control do you have? On-premises Perimeter protection Identity, device management protection Hybrid data = new normal It is harder to protect
  • 14. Why Rights Management? • Protection that travels with the data • Azure RMS is a complete end to end information protection solution for documents, email, and any unstructured data that is sensitive for your organization • Highly integrated into Office, O365, Windows Server, and 3rd party applications for broad reach and consistent user experience • Built on modern encryption and authentication standards (PKI, AES, OAuth, ….)
  • 15. aEZQAR]ibr{qU@M] BXNoHp9nMDAtnBfr fC;jx+Tg@XL2,Jzu ()&(*7812(*: Use rights + Secret cola formula Water Sugar Brown #16 PROTECT Usage rights and symmetric key stored in file as “license” Each file is protected by a unique AES symmetric License protected by customer-owned RSA key Water Sugar Brown #16 UNPROTECT
  • 16. Use rights + Azure RMS never sees the file content, only the license Apps protected with RMS enforce rights SDK Apps use the SDK to communicate with the RMS service/servers File content is never sent to the RMS server/service aEZQAR]ibr{qU@M]B XNoHp9nMDAtnBfrfC ;jx+Tg@XL2,Jzu ()&(*7812(*: Use rights + LOCAL PROCESSING ON PCs/DEVICES
  • 17. Share internally, with business partners, and customers Bob Jane Internal user ******* External user ******* Any device/ any platform Roadmap Sue File share SharePoint Email LoB
  • 18. Azure Active Directory On-premises organizations doing full sync On-premises organizations doing partial sync Organizations completely in cloud …and all of these organizations can interact with each other. Organizations created through ad-hoc signup ADFS Using Azure AD for authentication
  • 21. Data Lifecycle Classification and Protection CLASSIFY LABEL PROTECT At data creation Manual classification Automatic classification as much as possible Persistent tag User awareness through visual labels Industry standard, enables wide ecosystem Encryption with Azure RMS DLP & Compliance actions Audit trails to track data ORCHESTRATE
  • 22. SECRET CONFIDENTIAL INTERNAL NOT RESTRICTED IT admin sets policies, templates, and rules PERSONAL Classify data based on sensitivity Start with the data that is most sensitive IT can set automatic rules; users can complement it Associate actions such as visual markings and protection
  • 23. FINANCE CONFIDENTIAL Persistent labels that travel with the document Labels are metadata written to documents Labels are in clear text so that other systems such as a DLP engine can read it
  • 24. Reclassification You can override a classification and optionally be required to provide a justification Automatic Policies can be set by IT Admins for automatically applying classification and protection to data Recommended Based on the content you’re working on, you can be prompted with suggested classification User set Users can choose to apply a sensitivity label to the email or file they are working on with a single click
  • 25. Azure IP Header, Footer, or Watermark variables • Example: If you specify the string Document: ${item.name} Classification: ${item.label} for the Secret label footer, the footer text applied to a documented named project.docx will be Document: project.docx Classification: Secret Variable Description Example ${Item.Label} Selected label Internal ${Item.Name} File name or email subject JulySales.docx ${Item.Location} Path and file name for documents, and the email subject for emails Sales2016Q3JulyReport.docx ${User.Name} Owner of the document or email (Windows SAMAccountName) rsimone ${User.PrincipalName} Owner of the document or email (Azure Information Protection client signed in email address (UPN)) [email protected] ${Event.DateTime} Date and time when the selected label was set 8/16/2016 1:30 PM
  • 26. VIEW EDIT COPY PASTE Email attachment FILE Protect data needing protection by: Encrypting data Including authentication requirement and a definition of use rights (permissions) to the data Providing protection that is persistent and travels with the data Personal apps Corporate apps
  • 27. Azure RMS Key Management Options
  • 28. Key Management This is BYOK. Customer generates key, exports/imports into Azure KV HSM This is HYOK. ADRMS uses the on-premises HSM for keys. Azure RMS AD RMS
  • 29. HYOKBYOK Label A Apply Protection: AzRMS Label B Apply Protection: ADRMS Data that can be stored anywhere, travel, collaborated on and protected by a cloud service Toxic data that must reside on- premises and be protected by customer held keys
  • 33. Licensing • Azure Active Directory Premium P2 required • Enterprise Mobility+Security E5 Plan features Enterprise Mobility + Security E3 Enterprise Mobility + Security E5 Information protection •Azure Information Protection Premium P1 •Encryption for all files and storage locations •Cloud-based file tracking •Azure Information Protection Premium P2 •Intelligent classification and encryption for files shared inside and outside of your organization •Includes all P1 capabilities
  • 35. Please evaluate the session on your way out… Hated It! Meh… Best session ever!