Microsoft Purview Information Protection showcase of new capabilities at Ignite
Microsoft Purview’s goal is to provide a built-in, intelligent, unified, and extensible solution to protect sensitive data across your digital estate. This includes Microsoft clouds such as Microsoft 365 and Azure, as well as on-premises, hybrid and third-party clouds, and SaaS applications. With Microsoft Purview Information Protection, we are building a unified set of capabilities for data classification, labeling, and protection for our customer’s multicloud and multiplatform IT landscape.
At Microsoft Ignite, there are several new Information Protection product capabilities that are being highlighted:
- End-user experience enhancements that make it easier to label and protect PDFs, such as built-in native sensitivity labels in Adobe Acrobat and label inheritance when creating PDF files from Office apps, is now generally available.
- New out-of-the-box trainable classifiers, with auto-labeling support that enable organizations to more quickly and comprehensively find sensitive documents across multiple business categories, is now in public preview.
- Credential Sensitive Information Types (SITs), that can be leveraged to discover and label digital authentication credential types such as user credentials, default passwords, and access keys/tokens for multi-cloud development resources, is now generally available.
- Co-authoring of encrypted documents for mobile, which ensures secure collaboration on Android and iOS mobile devices is now generally available.
- New built-in labeling features in Office that make it even easier to protect sensitive data are now in public preview.
- Now in public preview, the AIP Scanner is moving to the Microsoft Purview Compliance portal, for improved ease of use and integration
- Shift JIS and improved file type support are now generally available.
Protect your most important PDF files
PDF is one of the most widely used file types in the enterprise, as they are widely shared within and across organizations for contracts, purchase orders, legal agreements, and more. We are excited to share improvements in the end-user PDF experience and the general availability of:
- Built-in native sensitivity labels for Adobe Document cloud so that users can manually apply sensitivity labels, along with additional features (default labels, mandatory labels, and more) that are described in this blog.
- Users can maintain the sensitivity label and protection when creating PDF files from Office apps (Word, Excel, and PowerPoint).
- SharePoint can now correctly render PDFs and protect them so that encrypted PDFs can be used just like Office documents.
Support of PDFs is an important use case, and we continue to innovate. We will also be offering support for auto-labeling of PDFs in SharePoint, to accelerate deployment and protection at enterprise scale. RMID 85618.
Public preview of new out-of-the-box trainable classifiers
As we continue to enhance our Artificial Intelligence (AI) and Machine Learning (ML) capabilities, we are excited to announce 23 new trainable classifiers, which have been pre-trained and are ready to use. These enable system admins to more quickly and comprehensively discover, label, and protect massive volumes of sensitive data across their digital estate.
These are in addition to the existing 15 pre-trained business content and behavior trainable classifiers.
These new classifiers are different than our custom trainable classifiers that organizations can train to identify proprietary or market-vertical-specific sensitive data using samples of their own documents. These new trainable classifiers are already pre-trained using diverse and large numbers of real-world samples and provide broad coverage of multiple common business functions. Also included are server side auto-labeling for trainable classifier as well as simulation mode for sensitivity auto-labeling, for improved scalability and accuracy. These new trainable classifiers can also be used as conditions in Data Lifecycle Management policies to auto-apply retention labels, and as conditions in Data Loss Prevention policies. See the DLP blog for the latest Ignite updates.
Figure 1: Simulation mode overview of identified sensitive files and emails
General availability of 42 new Credential Sensitive Information Types (SITs)
Sixty-one percent of data breaches involve credentials, making them the most compromised data type in breaches.1 We are pleased to announce the general availability of new credential sensitive information types that can help organizations prevent these data breaches.
These 42 SITs enable organizations to identify, classify, and protect credentials found in documents. They can be included in information protection auto-labeling and data loss prevention policies to help organizations discover a wide range of digital authentication credential types (aka “secrets”), such as user credentials (username and passwords), default passwords, and Azure cloud resources (e.g., Storage Account Keys, SQL Server Connection Strings, and SAS). Support for other cloud access keys and tokens include new SITs for Amazon S3 Client Secret Access Key, X.509 Certificate Private Key, GitHub Personal Access Token, ASP.NET Machine Key, Slack Access Token, Google API, Ansible Vault, and more.
Figure 2: Detection of general passwords using Credential SIT.
In addition to Credential SITs, Microsoft Purview Information Protection also supports auto-classification of more than 200+ personal data types, which can be leveraged by Microsoft Priva. See the Priva Ignite blog for the latest updates.
General availability of co-authoring of encrypted documents for mobile
Hybrid work has made it imperative for workers to be able to securely collaborate with each other, even on highly confidential documents that must be encrypted/protected to meet compliance requirements. We are now able to provide co-authoring protection of encrypted documents for all major enterprise devices and platforms including Windows and Mac and Office on the web. Co-authoring on documents protected with Microsoft Purview Information Protection is now generally available for Word, Excel, PowerPoint, and Office Mobile applications on Android and iOS devices. Documents encrypted with sensitivity labels in Microsoft Purview Information Protection can now be opened and edited at the same time by multiple users from their mobile devices, with auto-save support. This blog provides additional information on how to install and which versions of Office Mobile are supported.
Figure 3: Co-authoring between an iPad and Android device on a document encrypted with a "Confidential" label
New built-in labeling in Office makes it even easier to protect sensitive data
We are in public preview for some exciting new features in Office, which includes a new sensitivity bar in Word, Excel, and PowerPoint for Windows. Sensitivity labels are more visible, are color coded depending on sensitivity level, and more clearly indicate, for example, whether a document is labeled confidential to help prevent accidental oversharing.
Figure 4: Example of how to save a new file with a sensitivity label
In addition, users can send digitally signed and encrypted messages using Secure/Multipurpose Internet Mail Extensions (S/MIME). Now in public preview, admins can add S/MIME options to the Sensitivity drop down menu without needing to do custom configuration. These labels enable users to easily encrypt and sign their emails using S/MIME with a single click. Read when Office Current Channel users can use the built-in client as default (replaces the AIP add-in) along with many other new features that meet or exceed the AIP add-in’s capabilities.
The AIP Scanner is moving to the Microsoft Purview Compliance portal
Coming soon in public preview, the AIP Scanner admin experience will be moving to the Microsoft Purview compliance portal and will be renamed the Microsoft Purview Information Protection scanner. System admins will be able to use a single compliance portal to configure scans of on-premise repositories, have the results be displayed in Activity explorer and Content explorer for analysis, and configure DLP and label policies for the information protection scanner.
Note that current users of the AIP UL client or the AIP mobile viewer can continue to use them, even though they are in maintenance mode. Stay tuned, as in upcoming months, we’ll be sharing additional feature enhancements that further improve upon and modernize users and admins experiences with Microsoft Purview Information Protection.
Shift JIS and improved file type support
One of the most widely used Japanese character encodings is Shift JIS for writing content. We are pleased to announce the upcoming general availability of support for data classification for Shift JIS encoded content. Shift JIS encoded content will now be scanned by our classifiers (SITs, custom SITs, EDM, fingerprint and trainable classifiers) across Exchange emails, SharePoint Online, OneDrive for Business and Teams.
In addition, we now support more than 100 file types on Exchange Online and more than 80 file types on SharePoint and OneDrive.
How to Get Started
Get access to Microsoft Purview solutions directly in the Microsoft Purview compliance portal with a trial. By enabling the trial in the Purview compliance portal, you can quickly access these new trainable classifiers. Visit your Microsoft Purview compliance portal for more details or check out the Microsoft Purview solutions trial (an active Microsoft 365 E5 subscription is required as a prerequisite).
1 Verizon “2021 Data Breach Investigations Report,” May 2021