Protecting sensitive content is a top priority for security and compliance administrators across all organizations. With Microsoft Purview Information Protection, you have the ability to track and regulate user access to content with sensitivity labels. However, with the accelerated adoption of apps and the evolution of our threat landscape, administrators need to ensure that the same protection of the sensitivity content available to users is also available to the apps running in their organization.
We wanted to share more details around the recent feature rollout for insights and remediation for sensitive content identified by Microsoft Purview Information Protection labels in the Microsoft Defender for Cloud Apps add-on, App governance. Enterprise admins now have visibility into the workloads that these apps access and whether they access sensitive data in these workloads.
With predefined and custom policies, admins are alerted about apps that have attempted to access sensitive data. Moreover, App governance can automatically deactivate noncompliant apps. App governance provides additional app-specific context for allowing or disallowing access to sensitive data. It provides security administrators with more insights into related app activity and the ability to automatically regulate apps.
Overview of the insights and remediation for sensitive content feature:
Insights about data access on Microsoft 365: We provide insights on how much content—sensitive or not—is being accessed through 3rd-party and line-of-business (LOB) OAuth apps on SharePoint (sites, files), OneDrive, Exchange Online, and Teams.
Insights on sensitive content: We provide insights on OAuth apps that access various types of sensitive data as identified by Information Protection sensitivity labels on SharePoint (sites, files), OneDrive, Exchange Online, and Teams.
Policies for monitoring & auto-remediation: We added a new policy condition to flag apps that access sensitive data. This new condition can be combined to track access to sensitive data by apps with other risky attributes. Security admins can choose to configure policies so that apps are automatically deactivated based on their risk tolerance.
Integration with Secure Score: We released a predefined policy that security admins can use to quickly boost their visibility and control over noncompliant apps accessing sensitive data. With a corresponding Secure Score recommendation, security admins can harden their security posture with the right policy.
As organizations continue to implement new capabilities for SaaS app protection, it is critical to maintain a strong data loss prevention strategy. With the app governance insights and remediation for sensitive content feature, companies will be able to get deeper protection for apps accessing data on behalf of another application.
App governance is an add-on feature for Microsoft Defender for Cloud Apps.