Assess and manage compliance risks with Compliance Manager
Because achieving organizational compliance can be very challenging, it can be helpful for organizations to periodically perform risk assessments to understand their compliance posture. Compliance Manager is a cross–Microsoft Cloud services solution designed to help organizations meet complex compliance obligations like the GDPR. The Compliance Manager is now generally available for Azure, Dynamics 365, and Office 365 Business and Enterprise customers in public clouds.
Perform risk assessments with Compliance Score
Compliance Score—a Compliance Manager feature—enables you to perform ongoing risk assessments on Microsoft Cloud services with a risk-based score reference, giving you visibility into your compliance performance. Each control is assigned a risk weight based on the level of risk involved due to control failure, and as you implement and assess controls, you will see your score change. Compliance Score is currently available for Office 365 and will be rolling out to other Microsoft Cloud services soon.
Protect sensitive data on-premises
Azure Information Protection scanner addresses hybrid and on-premises scenarios by allowing you to configure policies to automatically discover, classify, label, and protect documents in your on-premises repositories such as File servers and on-premises SharePoint servers. The scanner can be configured to periodically scan on-premises repositories based on company policies. Azure Information Protection scanner is now generally available.
Protect sensitive data in apps and across cloud services
Since data travels through many locations—across devices, apps, cloud services, and on-premises—it is important to build the protection into the file so this protection persistently stays with the data itself. Azure Information Protection provides persistent data protection by classifying, labeling, and protecting sensitive files and emails.
Microsoft Cloud App Security (MCAS) can read files labeled by Azure Information Protection and set policies based on the file labels. For example, a file labeled as Confidential, with an associated policy of “do not forward or copy,” cannot leave your network via file sharing apps like Box.net or Dropbox. In addition, the service scans and classifies sensitive files in cloud apps and automatically applies AIP labels for protection—including encryption.
Support for data protection across platforms
As part of Microsoft’s information protection vision, their goal is to cover all major device platforms. Microsoft is now previewing the ability to label and protect sensitive data natively, with no plugins required, in Office applications running on Mac devices. This enables Mac users to easily classify, label, and protect Word, PowerPoint, and Excel documents in a similar manner that customers are used to with the Azure Information Protection client on Windows. Considering that a significant amount of sensitive information is in PDF format, Microsoft is in the process of working with Adobe to have the same consistent labeling and protection of PDFs available in Adobe Reader.
Consistent labeling schema experience now in preview
Microsoft is previewing a consistent labeling schema that will be used across information protection solutions in Microsoft 365. To start, this means that the same default labels will be used across both Office 365 and Azure Information Protection—eliminating the need to create labels in two different places.
The consistent labeling model also helps ensure that sensitive labels—regardless of where they were created—are recognized and understood across Microsoft 365, including Azure Information Protection, Office 365 Advanced Data Governance, Office 365 Data Loss Prevention, and Microsoft Cloud App Security.
Detect and classify personal data relevant to GDPR
The ability to automatically classify personal data is a critical part of helping you achieve your GDPR goals. Today, there are over 80 out-of-the-box sensitive information types that can be used to detect and classify your data. Soon Microsoft will provide a GDPR sensitive information type template to help detect and classify personal data relevant to GDPR. The upcoming GDPR sensitive information type template will help consolidate the sensitive data types into a single template—as well as add several new personal data types to detect (such as addresses, telephone numbers, and medical information).
For sensitive emails, Microsoft 365 enables users to collaborate on protected messages with anyone inside or outside the organization via Office 365 Message Encryption. To provide more flexibility over controlling and protecting personal information shared in sensitive emails, Microsoft rolled out the new encrypt-only policy in Office 365 Message Encryption in February.