Table of Contents

Get Started

Data Loss Prevention

It’s not a matter of if, but when. Protect, detect, and respond to breaches and inadvertent data loss with Microsoft.

Our salespeople are our revenue pipeline. These are high-value people to Callaway; they are constantly meeting with our customers and taking orders. With Windows Intune watching over their computers, we can keep orders and money flowing into the company.
Callaway Golf

Bill Connaghan Global Desktop System Administrator at Callaway Golf

Users, Devices and Apps

If you are only addressing some of the threats, you may be adding locks to a door while a window is left open. 

Data Loss Prevention is the catchall term for the prevention of losing company data, either to maliciously intended actors, from inadvertent user error (i.e. sending a file to the wrong person cached in your Outlook To: window), or from replying to all in error.

Microsoft doesn’t offer one specific Data Loss Prevention product, per se, but instead protects data loss at multiple layers:

  • Locking down files with Azure Information Protection to keep users from sharing personally identifiable information within documents
  • Enabling access controls to critical data (i.e. SharePoint files) and systems (role based access control)
  • Monitoring for and alerting on anomalous behavior (i.e. mass download from OneDrive), especially on users with access to and files with financial data (financial account information, personally identifiable information (PII), payment cards, medical records).
  • Full disk encryption, with Bit Locker is on by default after Windows 8.1
  • Protecting from malware, which is the entry point to many command/control or keylogger attacks, using Advanced Threat Protection in Office 365
  • Protecting user devices from being the entry point via remote application wipe/control using Office 365 Mobile Devices Management or Intune Mobile Application Management

In their unique interactive infographic about the anatomy of a breach, Microsoft outlines an intruder’s approach to infiltrating and extracting data, as well as some of the other Microsoft capabilities that protect, detect, and respond. 

Are data breaches completely preventable?  No, but the impact can be minimized by employing all possible prevention techniques, along with monitoring and response tools.

Video: Data Loss Prevention

Resources

Azure AD Conditional Access – Session Controls

In the previous article, we discussed the various controls to decide on whether to allow access to the user and/or device to the apps and data with Azure AD Conditional Access Grant controls. ...

Azure AD Conditional Access – Beyond MFA

Azure AD Conditional Access Policies have some of the most powerful capabilities within Azure Active Directory (Premium P1 feature).  And you can scope these policies to meet just about any scenario...

5 Tips for Securing the @ Home Worker

As organizations hustle to enable employees to work from home, they'll inherently expand their attack surface. Here are five simple steps that can mitigate the risk in the months ahead.  

Data Loss Prevention

Want to learn how Microsoft’s DLP tools can help you improve the protection of your company data and reputation?  Fill out your info to have a chat with one of our engineers.

 

ref:_00D80KtFf._5000y1WwWQD:ref