Outlook Plugin - Calendar permissions
We are developing a plugin solution that has to connect with our CRM (endpoints provided via Graph QL), allowing clients to schedule, edit, cancel, invite participants to assignments, and request services through it. We need assistance with a few items: 1) Potential privacy implications of read and write permissions required by the plugin to access users' calendars. 2) Exposing calendar to personal and corporate accounts without using AD FEDERATION
New Blog | Embracing the Data Protection and Data Privacy Act
ByManny Sahota In an era where data breaches and privacy concerns are at the forefront of concerns, the Data Protection and Data Privacy (DPDP) Act 2023 emerges to enhance protection for individuals' personal information. This landmark legislation signifies a pivotal shift in the global data privacy landscape, imposing rigorous standards for data handling and compelling organizations to elevate their data protection measures. As we navigate the intricacies of compliance with the DPDP. Microsoft Compliance Manager emerges as a tool to help our customers meet regulatory obligations. Compliance regulations protect customers and the organizations they serve, and Microsoft Compliance Manager is here to help protect private data. Unpacking the DPDP Act 2023 The DPDP Act 2023 introduces a stringent legal framework aimed at safeguarding personal data against misuse, unauthorized access, and breaches. It mandates comprehensive data protection protocols, consent mechanisms for data collection, and stringent penalties for non-compliance, thereby setting a new benchmark for data privacy. This act underscores the importance of responsible data stewardship, emphasizing transparency, security, and the individual's right to privacy. For organizations, the enactment of the DPDP Act 2023 signifies a call to action—a mandate to reassess and fortify their data handling practices. It necessitates a holistic approach to data privacy, requiring robust governance, risk management, and compliance (GRC) frameworks to ensure adherence to the law. This is where the strategic deployment of Microsoft's Compliance Manager can make a substantial difference. Read the full post here:Embracing the Data Protection and Data Privacy Act: A Strategic Approach with Microsoft's Compliance
Newsletter for updates - as per customer request
one of my colleague asked a question and i couldn't help him maybe here you ll be able to clarify <::One of my customers mentioned, that they want to be proactively informed about security incidents and news around the topic security from Microsoft, as they have critical infrastructure. Does anyone know, which newsletter that customer could register for?::>How does Microsoft Azure ensure data security & compliance for businesses storing PII data
For any business storing sensitive data in the cloud, data security is paramount. Microsoft Azure recognizes this sensitivity and has made data protection a cornerstone of its cloud platform. Businesses can rest assured that Azure empowers them to keep their data safe from emerging threats. The foundation for Azure's security is its infrastructure. Industry-gold standard encryption ensures data is scrambled both when transmitted and stored, using either Microsoft-managed or customer-controlled keys. The global backbone of Azure data centers features robust physical protections as well to prevent unauthorized access. But security extends beyond infrastructure to also safeguard access. Azure's identity and access management toolkit limits data and application access to only authorized users. Businesses can further isolate critical resources using private links and firewalls. Advanced protections like multifactor authentication and activity monitoring enable businesses to stay ahead of threats. Adherence to major compliance regulations also provides validation of Azure's security standards. Rigorous auditing and reporting demonstrates Azure's verifiable compliance with regulations like HIPAA, FedRAMP, and PCI DSS. Businesses can take advantage of Azure compliance offerings to fulfill their regulatory obligations. The depth and breadth of Microsoft Azure's security portfolio gives businesses the versatile tools they need to create cloud environments tailored to their unique data protection and compliance requirements. In this way, Azure provides assurance that sensitive business data will remain private and secured from emerging threats.
Clarification on window.clarity("consent")
The documentation on granting consent to Clarity is a little vague to mehttps://learn.microsoft.com/en-us/clarity/setup-and-installation/cookie-consent Is window.clarity('consent') only supposed to fire when consent has changed? Or is it supposed to fire on every page load? At first I thought maybe it was supposed to be fired on every page. But then I hunted and found this GitHub thread that mentions the call to window.clarity('stop');https://github.com/microsoft/clarity/issues/75and that was useful. So now I'm thinking they just need to be fired appropriately when consent changes, and subsequent page loads will use cookies correctly. But I'm also wondering if a user grants consent and then later revokes it, do we need to also delete the _clck and _clsk cookies from the browser? Or does Clarity respect the "stop" call and no longer looks at those cookies even though they are still present in the browser?Unidentified login prompts
Hi, Anybody else having had multiple Microsoft apps running and especially after change password (yes, don't blame because of pwd 🙂 several apps starts asking re-authenticate. Then the prompt like following is pretty family: The issue with this screen is, the source of this prompt is unknown. Yes, I can close it from "x" but then some application stop working. But isn't better to have an identification visible on here from where this prompt has appeared? I would like to believe that the user-agent could be shown on here, perhaps?
Sensitive Information Catching Methods
Hello, I'm running a project to my customer about DLP and AIP Servis. I created custome sensitive information types for what organizastion need to detect on AIP or DLP. Meanwhile, customer asks about, the keywords that we added to SITs, can it be detected when the keywords in same sentence? In the default never read or heard about this. But they said they can do that in old product they used to use. It was ForcePoint DLP. So, is there any way to do it on built-in or workaround? Example: Keywords: Apple, Orange. Dont want to catch: I ate apple to day. bla bla. I saw an orange tree. Want to catch: I buy apple and orange on the store. Thank you.
New Blog | Become a Microsoft Priva Ninja
We are very excited and pleased to announce this edition of the Ninja Training Series. We have compiled several videos, document guides, and other resources to aid users in mastering the Microsoft Priva Ninja training realm. Our goal is to get you the most current links to the community blogs, training videos, Interactive Guides, learning paths, and any other relevant documentation. To make it easier for you to start and advance your knowledge gradually we split content for each Priva module, Risk Management and Subject Rights Requests, into three levels: beginner, intermediate, and advanced. Read the blog:Become a Microsoft Priva Ninja - Microsoft Community HubSurvey opportunity | Data governance, compliance and risk management requirements
With the ever-increasing number of regulatory standards (like GDPR, HIPAA, FISMA) along with the increasing threat to backed-up data and the process of recovery, data governance & risk management for backup and DR has become an area to be focused on. The Azure BCDR product group has been exploring various use cases in this area and would appreciate any and every input from stakeholders who have worked with customers in regulated industries such as banking, healthcare, etc. If you or your end customers have been involved in processes around data governance, compliance or risk management (for Azure in general), we would love to connect with you and learn more about these processes, challenges faced and overall experience of various stakeholders. Please help us out by filling up this short survey! Your inputs would greatly help us prioritize the right set of product investments. Link to survey: https://aka.ms/DataGovernanceAndComplianceSurvey Looking forward to hearing from you all!
