Table of Contents

Get Started

Data Loss Prevention

It’s not a matter of if, but when. Protect, detect, and respond to breaches and inadvertent data loss with Microsoft.

Our salespeople are our revenue pipeline. These are high-value people to Callaway; they are constantly meeting with our customers and taking orders. With Windows Intune watching over their computers, we can keep orders and money flowing into the company.
Callaway Golf

Bill Connaghan Global Desktop System Administrator at Callaway Golf

Users, Devices and Apps

If you are only addressing some of the threats, you may be adding locks to a door while a window is left open. 

Data Loss Prevention is the catchall term for the prevention of losing company data, either to maliciously intended actors, from inadvertent user error (i.e. sending a file to the wrong person cached in your Outlook To: window), or from replying to all in error.

Microsoft doesn’t offer one specific Data Loss Prevention product, per se, but instead protects data loss at multiple layers:

  • Locking down files with Azure Information Protection to keep users from sharing personally identifiable information within documents
  • Enabling access controls to critical data (i.e. SharePoint files) and systems (role based access control)
  • Monitoring for and alerting on anomalous behavior (i.e. mass download from OneDrive), especially on users with access to and files with financial data (financial account information, personally identifiable information (PII), payment cards, medical records).
  • Full disk encryption, with Bit Locker is on by default after Windows 8.1
  • Protecting from malware, which is the entry point to many command/control or keylogger attacks, using Advanced Threat Protection in Office 365
  • Protecting user devices from being the entry point via remote application wipe/control using Office 365 Mobile Devices Management or Intune Mobile Application Management

In their unique interactive infographic about the anatomy of a breach, Microsoft outlines an intruder’s approach to infiltrating and extracting data, as well as some of the other Microsoft capabilities that protect, detect, and respond. 

Are data breaches completely preventable?  No, but the impact can be minimized by employing all possible prevention techniques, along with monitoring and response tools.

Video: Data Loss Prevention

Resources

Advanced Threat Protection – Attack Simulator

Do you know if your organization is under attack? Short answer is yes, even if you don’t know about it. If there is a potential monetary gain from your organization, there is a bad actor out there...

The Perimeter is Dead. Long Live the CASB!

Remember only a few months back when workers were safely inside the four walls, surrounded by firewalls, proxies, and IPS’s? Work from home has hastened the irrelevance of the network edge as a means...

Azure AD Conditional Access – Session Controls

In the previous article, we discussed the various controls to decide on whether to allow access to the user and/or device to the apps and data with Azure AD Conditional Access Grant controls. ...

Data Loss Prevention

Want to learn how Microsoft’s DLP tools can help you improve the protection of your company data and reputation?  Fill out your info to have a chat with one of our engineers.

 

ref:_00D80KtFf._5000y1WwWQD:ref