Microsoft Purview Information Protection now includes enhanced security for detection of credentials

Published Jul 18 2022 10:25 AM 5,089 Views
Microsoft

Hybrid work environments have introduced new vulnerable access points to organizations’ data and credentials, requiring improvements in credential security to help prevent the risk of cyber-attacks. In addition, the associated costs of security incidents that involve remote work are over $1 million more expensive on average than incidents that don’t involve remote work.1 Sixty-one percent of data breaches involve credentials, making them the most compromised data type in breaches.2 Cyber attackers often leverage compromised credentials to access personal data like medical history and banking information, which they can later sell on the “dark web.”

 

At Microsoft, our goal is to provide a built-in, intelligent, unified, and extensible solution to protect sensitive data across your digital estate – in Microsoft 365 cloud services, on-premises, third-party SaaS applications, and more. With Microsoft Purview Information Protection, we are building a unified set of capabilities for data classification, labeling, and protection not only in Office Apps, but also in other popular productivity services where information resides (e.g., SharePoint Online, Exchange Online, and Microsoft Teams), as well as endpoint devices.  

 

There are currently over 250 pre-built Sensitive Information Types available (e.g., PII identifiers, social security, credit card, bank account numbers, etc.). We are pleased to announce that we are now starting public preview* of 42 new Sensitive Information Types (SITs) enabling organizations to identify, classify, and protect credentials found in documents across OneDrive, SharePoint, Teams, Office Web Apps, Outlook, Exchange Online, Defender for Cloud Apps, and Windows devices. These credential SITs can be included in information protection auto-labeling and data loss prevention policies to help organizations discover a wide range of digital authentication credential types (aka “secrets”), such as user credentials (username and passwords), default passwords, and Azure cloud resources (e.g., Storage Account Keys, SQL Server Connection Strings, and SAS). Also included are new SITs for Amazon S3 Client Secret Access Key, X.509 Certificate Private Key, GitHub Personal Access Token, ASP.NET Machine Key, Slack Access Token, Google API, Ansible Vault, and more. Note that many of these SITs are credentials that provide access to cloud development and other resources, which have been the target of sophisticated attacks on DevOps pipelines within organizations.

 

List of all 42 new SITs:

 

Amazon S3 Client Secret Access Key

Azure Subscription Management Certificate

Azure SQL Connection String

Azure Service Bus Shared Access Signature

Azure Redis Cache Connection String Password

Azure IoT Shared Access Key

Azure Storage Account Shared Access Signature

Azure Storage Account Shared Access Signature for High-Risk Resources

Azure Logic App Shared Access Signature

Azure Storage Account Access Key

Azure COSMOS DB Account Access Key

Azure App Service Deployment Password

Azure DevOps Personal Access Token

Azure DevOps App Secret

Azure Function Master / API Key

Azure Shared Access Key / Web Hook Token

Azure AD Client Access Token

Azure AD User Credentials

Azure AD Client Secret

Azure Bot Service App Secret

Azure Databricks Personal Access Token

Azure Container Registry Access Key

Azure Batch Shared Access Key

Azure SignalR Access Key

Azure EventGrid Access Key

Azure Machine Learning Web Service API Key

Azure Cognitive Search API Key

Azure Cognitive Service Key

Azure Maps Subscription Key

Azure Bot Framework Secret Key

X.509 Certificate Private Key

User Login Credentials

ASP.NET Machine Key

General Password

Http Authorization Header

Client Secret / API Key

General Symmetric Key

GitHub Personal Access Token

Google API key

Microsoft Bing Maps Key

Slack Access Token

SIT that includes all 41 previous SITs

 

New credential SITs key capabilities

  • Within the Microsoft Purview compliance portal, these new credential SITs can be added to auto-labeling and DLP policies to quickly and accurately detect and classify complex digital authentication credentials
  • System administrators can test the accuracy of individual SITs against sample data
  • These new credential SITs will be visible in Content Explorer and Activity Explorer, enabling users to:
    • Locate documents that contain sensitive credentials within their environment
    • Identify activity involving the use of credential data within their environment

Public preview also includes:

Support for: Microsoft Purview solutions
Sensitivity labels Information Protection
Auto-labeling** Data Loss Prevention (DLP) policies 
Exact Data Match SITs Insider Risk Management
  Data Lifecycle Management
  Records Management
  eDiscovery
  Microsoft Priva

 

*Note: Rollout has begun as of July 18th and is expected to be fully completed within a 24-hour window (July 19th).

**Note: Office client-side labeling is currently not supported, but it will be available sometime in CY22H2. Please stay tuned for additional updates on this capability. 

 

In-Product Screenshot(s)

 

__________________________0-1656626825649.png

Figure 1: Detection of general passwords using Credential SIT. Note that an E5 or A5 license is required for accessing Credential SITs, which will be in public preview within the next few weeks for commercial cloud customers and government clouds (GCC, GCC-High, Department of Defense).

 

Learn more about Microsoft Purview Information Protection and Credential SITs here. We are constantly extending our product capabilities to help organizations more easily classify and protect sensitive data.

 

Get Started 

We are happy to share that there is now an easier way for you to try Microsoft Purview solutions directly in the Microsoft Purview compliance portal with a trial. By enabling the trial in the Purview compliance portal, you can quickly access the new Credential SITs and Easy Trials, and start using all capabilities of Microsoft Purview, including Insider Risk Management, Records Management, Audit, eDiscovery, Communication Compliance, Information Protection, Data Lifecycle Management, Data Loss Prevention, and Compliance Manager. Visit your Microsoft Purview compliance portal for more details or check out the Microsoft Purview solutions trial (an active M365 E3 subscription is required as a prerequisite).

 

With Information Protection Easy Trials, users can apply default labels and get label recommendations on items containing sensitive data such as credit card numbers and activate features with a single click. System admins can review items containing credit card numbers and decide whether to automatically apply a label to them. Also, get further information on how to set up recommended information protection features and how to create auto-labeling policies.

 

We look forward to hearing your feedback! 


1 IBM Security and Ponemon Institute, “Cost of a Data Breach Report 2021,” July 2021

2 Verizon “2021 Data Breach Investigations Report”, May 2021

4 Comments
Version history
Last update:
‎Jul 18 2022 10:23 AM
Updated by: