Yesterday at Ignite 2021 Microsoft announced the following renaming of their products.
- Microsoft Sentinel (formerly Azure Sentinel) now offers more than 100 solutions for data collection in a new content hub for easy discovery and deployment. We’re expanding fusion’s capabilities to identify previously unknown threats, integrating with Microsoft Azure Synapse to tap into the power of big data analytics, and introducing a new free trial. Learn more about Microsoft Sentinel.
- Microsoft Defender for Cloud Apps (formerly Microsoft Cloud App Security) now adds a new application governance capability, generally available today. App governance provides security and policy management to help identify, alert, and protect against risky behavior across data, users, and applications. Additionally, Defender for Cloud Apps has extended its app coverage, now including security for more than 26,000 cloud applications and covering all major cloud app use cases. Learn more in today’s blog post.
- Microsoft Defender for IoT (formerly Azure Defender for IoT), our agentless solution, is now integrated with Microsoft 365 Defender to bring IoT protection into the same workflow as the rest of your XDR. Additionally, it can now discover and secure enterprise IoT devices, which are ideal targets for attackers since they are often unpatched, misconfigured, and unmonitored. These updates enable Defender for IoT to provide unified protection for both enterprise IoT and operational technology (OT) devices used in critical industries like oil and gas. Learn more here.
- Azure Active Directory (Azure AD) Identity Protection now includes token theft detection, one-click enablement for risk data extensibility, and a built-in workbook to help detect and remediate identity-based threats
Table of Contents
DLP Policies based on file extension or type
In addition to scanning across even more types of files. Microsoft is adding support to identify when a file is sensitive based upon the file’s type or extension. This means you can now extend your endpoint DLP policy controls to detect and protect even more content types such as CAD drawing files, video and audio files, and custom file types used in your specific industry.
Protect sensitive files stored in archives
It is common practice for users to create and store sensitive files in archives like ZIP or ARJ as they use, access, and share sensitive files with their peers as part of standard business processes. It is also common for malicious users to attempt to exfiltrate sensitive data by concealing it in archive files. Endpoint DLP allows you to monitor when sensitive files are created and added to archives, and you can apply restrictions to archived files when they contain sensitive files, reducing the risk of inappropriate file transfer.
Quarantine sensitive files from Cloud-Synch apps
As Microsoft extends and adds new controls to our policies, they also recognize that it’s vital to ensure the user’s experience remains positive and friction-free. To assure this, you can now configure Endpoint DLP to automatically move or quarantine a sensitive file when it is accessed by an unallowed app, such as a file sync app, preventing repeated notifications that can sometimes occur when a sync app repeatedly attempts to access a blocked file.
Restrict app groups and customized restrictions
In the modern workplace, information workers rely upon a diverse set of applications and services that may require access or transfer of sensitive files between different sanctioned Line Of Business (LOB) applications. Microsoft announced new Endpoint DLP controls that are designed to give organizations the flexibility to scope different access restrictions to sensitive files when they’re accessed by different applications and people. We’re currently rolling out this feature to our preview audience, and it will be available to all organizations in the next few weeks.
Customizable DLP Policy Tips
Many organizations want to customize the text that appears in the policy tips when users are restricted. This new capability enables you to use language that is familiar to your users to inform them about your organization’s data use policies.
Re-cap from release features
- Extended content analysis support for region-specific content types
- New DLP policy controls to restrict access to sensitive files based on the file’s extension or filetype
- Monitor when sensitive files are added or stored in archives, and restrict access to archives when they contain sensitive files
- Automatically quarantine sensitive files when they’re accessed by restricted cloud-sync apps
- Fine-grained policy controls to define different access restrictions to groups of applications when they access sensitive files
- Customize the DLP Policy Tip notification that appears when users are affected by a DLP policy on an Endpoint
Additional resources for Ignite releases:
- To join the Ignite Public preview of DLP for macOS see this
- For a podcast on Microsoft’s Data Loss Prevention, see this
- For more information on Sensitivity Labels as a condition for DLP policies, see this
- For more information on Sensitivity Labels, please see this
- For more information on Predicates for Unified DLP, please see this
- For the latest on Microsoft Information Protection, see this
A lot of new stuff came out and have to focus on testing and then writing posts, so stay tuned!