Event banner
Event details
29 Comments
- Trevor_Rusher
Community Manager
Thank you for watching this session! We would love to hear your feedback on this event, tell us what you thought here: https://aka.ms/TechAccelSurvey9 - Trevor_Rusher
That concludes today’s Secure data with an intelligent and people-centric approach AMA. Thanks to everyone who was able to join us live - and to those catching up on demand!
Up next: Information Protection and DLP
- Heather_Poulsen
- all of the various add-ons are making licensing even more complicated. some simplification would be greatly appreciated
- Patrick_David
Microsoft
Thank you for this feedback. Is you have questions about licensing I recommend working with your account team who can help. - Ha! That will never happen in my opinion. :) But it is not super complex. Maybe just a little bit. Licencing stuff is my hobby for the last two decades 🙂
- Trevor_RusherHope you are enjoying today's AMA. What do you like about this event? Share your feedback here in the Comments and help shape the direction of our future events on the Tech Community!
- Is DLP a security or a compliance thing? it depends, and its confusing, sometimes MSFT treats it as compliance, but then the alerts go through the Defender connector which is a "security" thing. reconciling these discrepancies would be helpful.
- Heather_PoulsenThanks for participating in the Tech Accelerator! For reference, the panel covered this topic at around 22:20.
- It's a lovely bit that is both. You have the mandate to protect PII/PHI data, which makes it a compliance issue, but also you have the security elements for needing to protect company/proprietary data.
- Sarahzin_Shane
Hi Dean! It really can be and is both. You have a way that you build in security using DLP. You are also able to maintain compliance with industry regulations. We have built in templates to help guide that process as well. What would be the ideal scenario to combine these two streams for you? It is feedback I can take back to my team.
- implementing least privileged admin roles to work with DLP is just one of many related issues. As an MSSP who monitors many organizations, DLP alerts lead to all kinds of complex response processes.
- IRM is great in correlation of the signals in M365 and showing the relations of the event rising alerts.... what is your suggestion how to include the SOC team, which is not natively working with the Purview portal but out of Sentinel... For bigger organizations the UI in purview portal is not very efficient. Are they plans to include the same correlation details and views in Sentinel?
- Heather_PoulsenThanks for participating in the Tech Accelerator! For reference, the panel covered this topic at around 15:30.
- Patrick_DavidInsider Risk Management can send signals to Sentinel today when they opt into sending these to the O365 Management APIs which can help SOC teams. https://learn.microsoft.com/en-us/microsoft-365/compliance/insider-risk-management-settings?view=o365-worldwide#export-alerts. We would love to hear more about the use case.
- IRM integration is actually in Preview inside the Sentinel so that you can utilize that data. But you need to remember about the privacy and anonymity of the potential IRM users (from the top of the org as C-level, across admins, privileged users, and departing users). There are regulations in several countries where, when you investigate IRM you cannot have knowledge of who is the user.
- will any slide decks be provided for the sessions today
- Patrick_DavidThere is not any slides today during the AMA folks are just hear to help answer questions.
what are the plans to include azure services in the Insider Risk Management solution,
All of the services in azure could be at risk to an insider, but I would start with those services that affect overall governance and compliance.
- Heather_PoulsenThanks for participating in the Tech Accelerator! For reference, the panel covered this topic at around 07:12.
Actually, several actions which can be made in Azure services are observable in Priva-Purview ' like 38 ready-to-go DLP policies around Azure services. But you need to remember that we have hundreds of services solutions in Azure, and adaptation of the services, and protection via Priva/IRM/DLP/Compliance and more solutions, are applicable in a little bit slower way. Plus, as Erin explained, understanding what is happening and where and why how users perform some actions are important too. Additionally, from the Compliance Manager's perspective - action, security, and overall governance are by default sliced into 'boxes'/'siloses' like M365 and Azure, so even from this perspective, we need to have at least a different prospect view of the data.
- Patrick_DavidDean are you able to expand on what you mean by including Azure Services.
changes to security controls that an insider would use to hide their tracks.
sending data out of an azure storage account.
- Trevor_RusherWelcome to the Secure data with an intelligent and people-centric approach AMA and the Microsoft Secure Tech Accelerator. Let's get started! Please post your questions here in the Comments. We will be answering questions in the live stream—and others will be answering here in the Comments.
