Unified policies with Cloud App Security and the Microsoft Data Classification Service

First published on CloudBlogs on Jun 13, 2018
Microsoft Cloud App Security now integrates with the Microsoft Data Classification Service to create a consistent policy creation experience across Office 365, Azure Information Protection and Microsoft Cloud App Security. Find out how this allows your teams responsible for data security to leverage existing processes and apply them more broadly.

The need to protect your data

Organizations today focus heavily on cloud-run solutions, whether to increase employee productivity or to drive other efficiencies across the business. For the majority of these organizations, data is their most valuable corporate asset and to operate successfully, data must be ubiquitous. That’s why companies invest heavily in information protection services to ensure secure handling and sharing of their data, without slowing down the business. Data classification can help organizations manage and monitor the usage and sharing of sensitive information such as personal data, financial data, or intellectual property. Whether a user acts with malicious intent or employees simply aren’t familiar with existing processes for information protection, both can contribute to data loss or exposure.

An integrated experience with the Microsoft Data Classification Service

Organizations invest a lot of time to determine which data can be shared and how - across and outside your organization. Microsoft understands how important it is to make the most of your time and thought investments and enable you to benefit from a more holistic, cross-service paradigm. That’s why Microsoft Cloud App Security is now natively integrated with the Microsoft Data Classification Service to help classify the files in all of your cloud apps. It provides a consistent information protection experience across Office 365, Azure Information Protection and Microsoft Cloud App Security (MCAS) and allows you to extend your data classification efforts to those third-party cloud apps that are protected by MCAS, leveraging the decisions you already made across an even greater number of apps. With no additional configuration required, when creating a data loss prevention policy for your files in Microsoft Cloud App Security, you will automatically have the option to set the Inspection method to use the Microsoft Data Classification Service .

Create a policy and select the new Data Classification Service as the Inspection method

You can use the default sensitive information types as well as custom sensitive information types (which support complex patterns with Regex, keywords and large dictionary) that you may have already created in Office 365, and reuse them to define what happens to files protected by Microsoft Cloud App Security.

Select default sensitive information types or create custom ones to meet your data classification needs

Setting these policies in Microsoft Cloud App Security enables you to easily extend the strength of the Office 365 DLP capabilities to all your other sanctioned cloud apps and protect the data stored within them with the full toolset provided to you by Microsoft Cloud App Security – such as the ability to automatically apply AIP labels and the ability to control sharing permissions. This is the first step in creating a simplified information protection experience. Later this year we will release an experience that provides a central location to create all of your policies and apply them across all of your apps, on-premises and the cloud. If you already protect your cloud apps with Microsoft Cloud App Security, this feature is now available in your tenant *. If you don’t work with Microsoft Cloud App Security yet, this is a great opportunity to start a free trial and get started today by gaining visibility into your cloud apps and services, leveraging our sophisticated analytics to identify and combat cyber threats and control how your data travels.

Provide feedback and learn more

We love hearing your feedback. Let us know what you think in the Microsoft Cloud App Security Tech Community . For more detailed information about this new capability, as well as a step-by-step guide for how to setup DLP policies using the Microsoft Data Classification service, please visit our technical documentation website . *Deployment limitations: The Data Classification Service (DCS) is currently only available for the following Office 365 tenant locations: United States, Europe – excluding France. We are working with the DCS team to deploy the service to additional regions and will update the list as more become available.