Blog Post

Security, Compliance, and Identity Blog
3 MIN READ

Dynamic watermarking hits the mark in protecting highly sensitive data

Anna_Chiang's avatar
Anna_Chiang
Icon for Microsoft rankMicrosoft
Jul 11, 2024

In most organizations teams collaborate and handle sensitive and business critical information, such as documents that contain blueprints, entertainment artwork, classified government secrets or strategic alliances. It’s important to protect this high-business value corporate intellectual property at all times to deter data exfiltration. Clear labeling and protection (encryption) of confidential files helps communicate the importance and sensitivity of an item and protects against exfiltration to unauthorized users, as well as can prevent copy and paste, forward or print actions.

 

However, there is a situation where labels and protections aren’t enough. It’s still possible for users to take screenshots or pictures with a camera of confidential files. These pictures can end up in the wrong hands of competitors or the public via website posts.  

 

With Microsoft Purview Information Protection, we provide an integrated solution that is built-in, intelligent, unified, and extensible.  It identifies and protects sensitive data across your digital estate, which includes Microsoft clouds such as Microsoft 365 and Azure, as well as on-premises, hybrid and third-party clouds, and SaaS applications.

 

Today at Inspire, we are excited to announce the public preview of a new Information Protection capability for Microsoft 365 Office Word, Excel, and PowerPoint files called dynamic watermarking. This highly requested capability enables system admins to configure Purview sensitivity labels that visually displays the reader’s email address and date/timestamp information over the file content to attribute and deter leaks. This is now available to any customers who need to protect high-value Intellectual Property (IP) in various industries.

 

Extending comprehensive protection with differentiated capabilities

Dynamic watermarking is already supported in Teams meetings (), and each participant will see their own email address overlaid on the meeting video or shared content. This deters participants from taking unauthorized screenshots or pictures of the meeting content.

 

The application files that are shared in Teams meetings often consist of Word, Excel, or PowerPoint files which can be shared directly with others outside of meetings. There are existing ways to share highly sensitive information accessible only by a list of specific team members, for example using SharePoint user-defined-permissions. Dynamic watermarking extends protection of sensitive data by enabling an extra deterrent to oversharing by attributing the source of any potential leaks to specific people via their email address, as shown in the image below.

 

Figure 1: PowerPoint file with dynamic watermarking enabled.

Although there are existing security solutions that may offer different aspects of dynamic watermarking, Microsoft provides the most comprehensive offering with the following differentiators:

 

  1.   Broad support in many views (e.g., slide view, notes view, etc.) so it’s not the only the primary application view that’s protected for more comprehensive coverage.
  2.   Ability to set dynamic watermarking for a sensitivity label and have it apply to all Office files with that sensitivity label (rather than a separate setting), making it easier for admins to apply labels across application types and files all at once.  
  3.   Cross-platform support: Web, Windows, and Mac
  4.   Ability to edit (and coauthor) a watermarked file. Coauthoring enables users to collaborate on Word, Excel, and PowerPoint files that are labeled with sensitivity labels across Web, Windows and Mac.

For dynamic watermarking for Word, Excel, and PowerPoint, this will require a Microsoft 365 E5, Microsoft 365 E5 Compliance, Microsoft Information Protection and Governance E5, Microsoft Enterprise Mobiity and Security E5, or Microsoft Security and Compliance for Frontline Workers F5 license. E3 customers can still participate in the public preview.

 

Figure 2: Word file with dynamic watermarking enabled.

For additional technical information on dynamic watermarking, read this Tech Community blog. 

 

Call to Action

Participate in the public preview (E3 or E5 license required). At GA, dynamic watermarking is included for those customers who have an E5 license. 

 

How to Get Started 

Learn more about Information Protection here. Try Microsoft Purview Information Protection and other Microsoft Purview solutions directly in the Microsoft Purview compliance portal with a free trial.

 

Additional resources

 

Join the Data Security and Privacy Customer Connection Program (CCP) to get information and access to upcoming capabilities in private previews in Microsoft Purview Information Protection and other Purview solutions. An active NDA is required. Click here to join

Updated Jul 08, 2024
Version 1.0
  • VFX_Pro's avatar
    VFX_Pro
    Brass Contributor

    Does this work when opening documents from Word Online?

    Can the user be a non-licensed user, like a customer who wants to look at our documents, but cannot leak it, thus we have their name watermarked on it in browser, if printed or if downloaded?