In the recent months, we’ve witnessed sophisticated attacks, like the recent SolarWinds incident, as well as the devices and online experiences have become more central to the way we work, learn, and live. Working alongside customers and partners, Microsoft takes cybersecurity, privacy, and compliance to the next level with innovation and a unique comprehensive approach.
Today at Microsoft Ignite Spring 2021 we are excited to announce the following new security and compliance capabilities in SharePoint, OneDrive, and Teams that help you to secure and govern your data holistically in this remote work era.
Here is what’s new in:
- Secure external collaboration
- Securing access with contextual and conditional policies
- Comprehensive compliance
Secure external collaboration
Control SharePoint external sharing policies with sensitivity labels
In Spring’20, we introduced the ability to apply Microsoft Information Protection (MIP) sensitivity labels to a SharePoint Site or a Team and associate that label with privacy and unmanaged device policies. This enables you to holistically secure all sensitive content in a site/team, be it a file or a chat or a list. We are thrilled to extend our support with more policies.
Today we are announcing the general availability of external sharing policies with sensitivity labels. Administrators can tailor external sharing policies based on the sensitivity of data. For example, for ‘Top secret’ label you may block external sharing but for ‘General’ label you may allow it. Site owners are empowered to manage external sharing for their sites by simply choosing an appropriate label.
To learn more about this feature and SharePoint & OneDrive external sharing policies, refer to the product documentation here.
Access governance insights in SharePoint and OneDrive
As your organization digitally transforms and expands globally, your digital estate grows exponentially and so does the external sharing of your sensitive data. Admins can now use access governance insights dashboard in SharePoint admin center to monitor the external sharing activities and policy settings for the sites that matter the most.
In last year’s Ignite, we introduced this roadmap feature. Today we are happy to announce that access governance insights feature is coming to preview in Q2 CY’21. If you are interested, sign up here.
These insights allow you to validate that your top sites, the sites with the greatest number of sensitive documents or with most content shared using anyone links, have access policies that are appropriate for your security posture and to tailor the policies as needed.
Microsoft Teams Connect and Secure Files Collaboration
SharePoint powers the files collaboration experience in Microsoft Teams. There are several new features announced for the Microsoft Teams today, the one we want to highlight here is Microsoft Teams Connect.
Microsoft Teams Connect aims to make it easier to collaborate with people and teams across organizations. Admins have access to granular controls, allowing their organization to stay in control of how external users access data and information within Teams.
For more details on this Teams’ feature announcement, check out What’s New in Teams announcement blog.
Co-authoring and AutoSave on Microsoft Information Protection (MIP) labelled and encrypted files
We are continuing our Microsoft Information Protection (MIP) journey to help protect your sensitive files while at the same time offering modern productivity experience to the users. We announced general availability of MIP sensitivity labels for Office files in SharePoint, OneDrive, and Teams in Summer 2020 that included many rich productivity experiences like co-authoring in Microsoft 365 apps on the web, such as Word, Excel, and PowerPoint on the web.
Today, we are taking a big step forward and extend co-authoring and AutoSave on labelled and encrypted files to Microsoft 365 apps on the desktop (on Windows and Mac) – now available in preview! Two or more users can co-author an encrypted file and experience modern productivity, while at the same time the protection of the file is intact. In addition, labelled and encrypted files will have auto-save capability so that users can spend their time on what matters the most instead of manually saving files.
To learn more about these capabilities and pre-requisites, refer to the product article here and our Ignite feature announcement blog.
Securing access with contextual and conditional policies
Conditional access policies have been supported in SharePoint, OneDrive, and Teams for many years now. With labels-based policies approach, we provided simple and powerful access control solutions that secure your content holistically at SharePoint Sites or Teams or Microsoft 365 Groups level. We are continuing this journey and taking a major leap step with contextual and granular conditional policies support.
Secure sensitive sites with labels-based granular conditional access (CA) policies
Passwordless technology is the new norm for authenticating users and providing access to resources. For accessing certain sensitive sites, you may require additional authentication based on the condition in which user accesses them and the sensitivity and authentication context of the sites. For example, when users visit a Confidential labelled high-sensitive site you want to enforce a step-up authentication with granular policies like MFA (multi-factor-authentication) provided the user’s context does not meet the access requirement of the site.
To help you secure sensitive sites, today we are announcing Microsoft Information Protection (MIP) labels-based granular conditional access policies for SharePoint and OneDrive Sites. Administrators can now create the conditional access authentication contexts in their Azure Active Directory tailored for their organization’s security posture and then associate them with MIP sensitivity labels.
For example, ‘Low authentication context’ requires single factor authentication whereas ‘High authentication context’ requires MFA like OTP (one time passcode) verification and IP network location policy. Admins can then associate the authentication contexts with MIP sensitivity labels in Microsoft 365 Compliance center. For example, ‘General’ label requires ‘Low authentication context’ policies whereas ‘Confidential’ label requires ‘High authentication context’ policies. When a sensitivity label is assigned to a site, the associated policies are automatically enforced.
All the complexity of security policies is now transparent to the users. Users can simply assign the appropriate labels to their sensitive sites and behind the scenes the granular contextual and conditional policies are enforced. Users can be productive without any interruptions and only when accessing sensitive sites that require additional context then on-demand provide additional verifications.
Labels-based granular conditional access policies for sites are coming to preview soon. If interested, sign up here. For a quick peak on conditional access authentication contexts, check out Azure Active Directory announcement blog. We will share more news in Apr'21.
Figure. Configuring sensitivity labels with granular conditional access policies in Microsoft 365 Compliance Center and secure SharePoint sitesComprehensive compliance
We continue to improve our compliance story, empowering you to meet the changing and evolving compliance needs. Today we have two announcements to share with you.
Information barriers improvements in SharePoint and OneDrive
In Fall’20, we announced information barriers for SharePoint and OneDrive that enables admins to put barriers in place blocking communication and collaboration between segments of users. We are continuing to improve this compliance capability across administrators and site owners experiences.
Today we are excited to announce the general availability of the next set of improvements in Information Barriers, which includes administrator and site owner experience in SharePoint. Administrators can now manage information segments associated with the sites right within SharePoint admin center. They can get the information barriers compliance report to view the compliance status of sites using SharePoint admin PowerShell cmdlets. SharePoint Site Owners can now add explicit segments to their sites from within the Site Information pane. Also, Microsoft 365 information barrier policies are now honored at groups’ members’ addition experience across Microsoft 365 Groups experience.
These improvements are already being rolling out. Learn more in our product documentation here.
Teams Multi-Geo Support
Microsoft 365 Multi-Geo helps customers meet their data residency needs. SharePoint, OneDrive, and Exchange support multi-geo already. Today we are thrilled to announce Teams Multi-Geo and extend that support. For more details on this Teams’ feature announcement, check out Secure and compliant collaboration with Microsoft Teams announcement blog.
There are several other security, compliance, and privacy features for Microsoft Teams announced at Ignite today, such as: End-to-end encryption option for Teams 1:1 VoIP calls, Disable attendee video during meetings, Invite only meeting options, and Safe Links for Teams. Check them out at: Secure and Compliant Collaboration with Microsoft Teams.
To take a quick tour of some of the security, privacy, and compliance features announced today for Microsoft Teams, check out the Ignite session Secure and Compliant Collaboration with Microsoft Teams.
Interested to know updates coming to Microsoft 365? Check out Omar Shahine’s Mechanics video session on Updates to Microsoft 365 experiences in Teams, Lists, OneDrive, Stream, and more.
We have a beautiful security and compliance cookbook for SharePoint, OneDrive, and Microsoft 365 administrators, you can download SharePoint and OneDrive Security Cookbook for FREE.
For licensing information for these features, check out the respective product documentation.
Get started!
To learn more about the above features in detail, check out the product documentation articles below:
- SharePoint external sharing policies with sensitivity labels
- Co-authoring and AutoSave for encrypted documents
- Use information barriers with SharePoint
- Use information barriers with OneDrive
- Automatic expiration of external access in SharePoint and OneDrive
- What’s New in Teams announcement blog
- Secure and Compliant Collaboration with Microsoft Teams
To participate in the private previews, sign up here: https://aka.ms/ODSPSecurityPreviews
If you are new to Microsoft 365, learn how to try or buy a Microsoft 365 subscription.
As you navigate this challenging time, we have additional resources to help. For more information about how we are responding together to COVID-19, visit our Remote Work site. We’re here to help in any way we can.
Thank you!
Sesha Mani – Principal Group Product Manager (GPM)
Microsoft 365, SharePoint & OneDrive
John Gruszczyk – Product Marketing Manager
Microsoft 365, Teams