Do not miss new blog posts! Subscribe to new posts, news, and updates.

Virtual work with M365 – how to protect your information?

Virtual work means that work happens anywhere, Corporate information is accessed from home offices, smartphones, and tablets. How do you protect this information?

  • Encrypt sensitive information to protect it wherever it may go

  • Stop staff and contractors from sharing, downloading, or printing sensitive information

  • Stop staff from emailing sensitive information to internal or external parties

  • Stop disgruntled employees or contractors trying to steal company information

  • Stop staff from accessing sensitive information from high-risk areas

Below are some of the Microsoft tools available for you.


Data Protection


To apply flexible protection actions that include encryption, access restrictions, and visual markings, use the following capabilities:


Sensitivity labels - A single solution across apps, services, and devices to label and protect your data as it travels inside and outside your organization.


Azure Information Protection unified labeling client - For Windows computers, extends sensitivity labels for additional features and functionality that includes labeling and protecting all file types from File Explorer and PowerShell


Double Key Encryption - Under all circumstances, only you can ever decrypt protected content, or for regulatory requirements, you must hold encryption keys within a geographical boundary


Office 365 Message Encryption (OME) - Encrypts email messages and attached documents that are sent to any user on any device, so only authorized recipients can read emailed information


Service encryption with Customer Key - Protects against viewing of data by unauthorized systems or personnel, and complements BitLocker disk encryption in Microsoft datacenters


SharePoint Information Rights Management (IRM) - Protects SharePoint lists and libraries so that when a user checks out a document, the downloaded file is protected so that only authorized people can view and use the file according to policies that you specify


Rights Management connector - Protection-only for existing on-premises deployments that use Exchange or SharePoint Server, or file servers that run Windows Server and File Classification Infrastructure (FCI)


Azure Information Protection unified labeling scanner - Discovers, labels, and protects sensitive information that resides in data stores that are on-premises


Microsoft Cloud App Security (MCAS) - Discovers, labels, and protects sensitive information that resides in data stores that are in the cloud


Microsoft Information Protection SDK - Extends sensitivity labels to third-party apps and services


Data Loss Prevention


To help prevent accidental oversharing of sensitive information, use the following capabilities:


Data Loss Prevention (DLP) - Helps prevent unintentional sharing of sensitive items (Sensitive Information Types)

Endpoint data loss prevention (preview) - Extends DLP capabilities to items that are used and shared on Windows 10 computers


Insider Risk Management


Many risks are driven by internal events and user activities that can be minimized and avoided.

  • Leaks of sensitive data and data spillage

  • Confidentiality violations

  • Intellectual property (IP) theft

  • Fraud

  • Insider trading

  • Regulatory compliance violations

Insider risk management is centered around the following principles:

  • Transparency: Balance user privacy versus organization risk with privacy-by-design architecture.

  • Configurable: Configurable policies based on industry, geographical, and business groups.

  • Integrated: Integrated workflow across Microsoft 365 compliance solutions.

  • Actionable: Provides insights to enable user notifications, data investigations, and user investigations.

You can select from the following policy templates to quickly get started with insider risk management:

  • Data theft by departing users

  • General data leaks

  • Data leaks by priority users (preview)

  • Data leaks by disgruntled users (preview)

  • General security policy violations (preview)

  • Security policy violations by departing users (preview)

  • Security policy violations by priority users (preview)

  • Security policy violations by disgruntled users (preview)

  • Offensive language in the email

This table shows triggering events for the policies and prerequisites.

Communication Compliance


Communication compliance is an insider risk solution in Microsoft 365 that helps minimize communication risks by helping you detect, capture, and act on inappropriate messages in your organization. Pre-defined and custom policies allow you to scan internal and external communications for policy matches so they can be examined by designated reviewers.


Features include:

  • Prebuilt customizable templates and machine learning

  • Flexible remediation workflows

  • Actionable insights


Information Barriers


Information Barriers restrict communication and collaboration between two internal groups to avoid a conflict of interest. In Microsoft Teams, information barrier policies determine and prevent the following kinds of unauthorized communications:

  • Searching for a user

  • Adding a member to a team

  • Starting a chat session with someone

  • Starting a group chat

  • Inviting someone to join a meeting

  • Sharing a screen

  • Placing a call

  • Sharing a file with another user

  • Access to file through sharing the link


Next Step

A 30-day Infotechtion proof-of-concept for Microsoft Information Protection allows you to test:

  • Manual and automatic classification and protection of sensitive data

  • Warn users in real-time when trying to share sensitive data internally or externally

  • Stop sensitive data from being downloaded or shared externally

  • Stop users from accessing sensitive information from high-risk areas

Visit Infotechtion proof-of-concept for more information.

© Infotechtion