Microsoft continues to expand the capabilities included within their various cloud subscription plans. In the first part of our series, we covered what to keep in mind while building security policies and how Microsoft security tools can be used in that process. Today, we are going to look at some of the foundational, introductory attributes that can help you with your information security journey. As I approach this conversation with clients, I often ask, “Have you have gone through any formal data discovery or classification effort?” Many times, they are discussing the process and maybe even starting it, but it has not been completed. So how do you see the project through?
Azure Information Protection (AIP) Scanner
If you have rights to AIP Plan 1, you have a tool that can be used to point to your on-premises file shares. One thing to keep in mind here is the licensing, especially if you have a mix of levels (Office 365 and Microsoft 365) for different user types. AIP Plan 1 needs to be licensed for any user that has created content on the storage target that the scanner is pointing to. As you can imagine, this can be very challenging to determine if you are pointing to large data volumes. Let’s assume that the licensing is not an issue that needs to be addressed. The AIP Scanner acts as the discovery engine for analyzing the on-premises repositories for sensitive information that may need to be classified and protected.
What if you already have some users embracing cloud storage? If these destinations are not completely locked down, users could be leveraging personal accounts for company data. How can you find out if unsanctioned apps or platforms are being used currently?
Azure Active Directory (AD) Cloud App Discovery
This functionality comes with the Azure AD Premium Plan 1 entitlement and gives the IT group visibility into shadow IT within the organization. Cloud Discovery utilizes the full catalog (over 16,000 cloud apps) from the full Microsoft Cloud App Security (MCAS) platform. Outputs such as log analysis, cloud application risk assessment, and usage analytics by application/user/IP address are all available for consumption.
Now that you have a better understanding of the data repositories and any cloud storage currently in use, you will need to determine which data the organization deems as sensitive and how you want the user population to be able to interact with this data. This may be the appropriate time to revisit current company policy and any regulatory considerations. Make sure that written security policy aligns with your actual technology enforcement and delivery. In my next post in this series, we will start down the enforcement path with topics like rights management, retention labels and policies, and data loss prevention (DLP) rules.
If you’re ready to get started or want more information, our Microsoft specialists are only a phone call away. You can also learn more about our Modern Work and Security Services. Reach out today!