6 hours 59 minutes
welcome Siberians to the M s 3 65 Security Administration. Course.
I'm your senator Jim Daniels.
We're O module four in s 3 65. Information protection
lesson one. Information protection,
part dose. As your information protection
in this lesson, we will undoubtably learn how 80 as your information per section helps an organization to classify and protect documents and emails.
We're gonna look at considerations when you plan your AARP implementation
functions of those a happy policies,
the super user role within a API and how to extend a happy to one premise environment.
So as your information protection is a cloud based solution,
the pre word azar's to give you a good idea of that. It's a cloud based solution. It helps an organization classify and protect its documents and emails by applying labels.
Well, it was gonna be applauded automatically.
I advance to define the rules and conditions manually by users or a combination where users are given recommendations.
Never use beef stew as your computer password
because it's not stroganoff.
All right? Yeah,
be the growing all right. Now that
let's take a closer look at as your information protection as a whole
you get a classified data,
you configure policies to classify, label and protect that. A basin sensitivity.
Classify you also protect
you. Add classifications of protection information
for persistent protection. Remember, persistent.
It doesn't matter where the foul was that it stays with the foul. It's not directory protection. Its final protection.
You can track activities of shared data and revoke access as necessary.
An example. Always use is if you send an email out to somebody
and you, that means there
it's bye bye, that person's good grace, that they
remove the email.
if you use a happy
you know, I will revoke their access to it
at any time.
E mails, fouls,
documents, all of that stuff
being a securely collaborate
share data safely with co workers as well as customers and partners, internally and externally,
that a classification and protection controls are integrated into Microsoft office in common applications
as you open up your office. 2019 were 3 65 enterprise applications.
It's built in after he is totally built into it. Now
2013 you had to have an adult. You have a plug in 2019 and above is all integrated.
Finally, the flexibility to Appy allows.
It helps protect your data, whether it is stored
in the cloud on premise. Wherever is that
the flexibility is key because it travels with the item you're protecting
some considerations you should have in planning for a happy
subscription and licensing levels.
You need to prepare to tenant for a happy.
Have your labels and policies mapped out and define.
Have your client deployed if you're using the client. In addition to the office, Adan's
configure rice management and other services that are underlying and require for a happy
and end user
never forget the documentation on the train that you need to provide for your users.
It's not a field of dreams. If you build it, they won't use it.
You have to show them how to use it. Show them how it benefits them.
Paint a scenario for each department of data loss
fines, compliance regulations, being broken, pain that scenario and say, Hey,
this helps with that
Paint us an area of disgruntled employees
wagons. Now, if they downloaded 1000 valves in quit more, do they still have access to those files?
If they had a off, you could actually
remote provoke access to those files, even if they still had to file
it will be useless to them. They couldn't even open it.
All of these are scenarios to help you get buy in from your stakeholders.
AP label was contained. Different settings.
One had a mark and protect documents, files and emails that were sent to your users.
Sub label was gonna add additional settings to label
before customizing the label was. You have to create your strategy.
Remember, map it out.
Happy provides a set of default labels and policies that are created when you activate a happy for your tenants.
Every label in strategy is going to be unique to that organization.
My main advice.
Use labels that are easy to interpret for your users.
If something is okay for public consumption,
label in public.
Make sure it is crystal clear
and as intuitive as possible for every in user in your organization.
All right, so on this screen we have a work screenshot as well isn't self screenshot
with the word we actually have a traditional protection AP client icon
with the Excel one. We have the sensitivity
before unified labeling,
which is currently out now There was a different
and the this WAAS really separated
between office 3 65.
As far as the collaboration Poor part
with unified labeling, it applies. One label applies across your whole entire tenant.
A policy is an additional set of rules that are used to group
labels to be available for users and Gerdes
all pre defined labels and sub labels and 03 65 or configured in the default policy name Global.
You cannot SCO global policy to any specific users or groups.
By default, it is meant to be global.
The following rules apply When you create a new policy,
custom labels can be added. Only one policy
create a sub level. His parent level must be in the same policy or in the global policy.
The F client for Windows is that client organizations that use Appy to classify and protect documents and emails.
They Happy client also has a viewer.
Organizations that don't have their own information protections infrastructure.
Once you consume protected concept,
the standalone AARP viewer APP is available for Windows Mac windows find No one really uses that anymore.
Android and IOS.
The flexibility to deploy him to your in users is available because it has both e x e and S I files for deployment.
Here's an example of the unified labeling client.
We have the ability to download both
the traditional as well as the UL. Client
systems need one or the other
unless you already have something established in your tenant.
Where is unified of labelling isn't being utilized yet.
Utilize that unified light Born is the future
the traditional, as were info protection. That client will be phased out.
Is this statement true of faults?
Effie Global policies can be scope to a specific set of users. True or false
Global policies cannot be scope to a specific set.
They apply to all users.
Additional non global policies must be created to plot does through a specific subset of users.
A builds on the Azure Rights Management Service as your RMS and uses RMS templates for various features.
Our miss templates are utilized to apply labels to documents process with on premise services and for office 3 65 and message encryption of any
McRae in exchange transport rule for protection, you're using rights management in place with the RMS connector.
When you activate Appy for 10
your subscription does not include azure information protection licence.
Just to default or missed in place are automatically created,
confidential and highly confidential.
Let's talk about licensing.
AARP is a feature within the Enterprise Mobility and Security Suite.
There are two versions of a Happy, Just like as Raydi. There's a P one Plan one and P two plan to
and a prize ability and security Suite E three has the P one
and a possible on a security suite. E five
has the P two
same follows with the M s 3. 65 weeks.
Them s for 65 sweet e three
as a PP one.
The necessary 65 sweet e five has the A P P two,
you know, said at a happy ala cart, Whether it be p one or P two
automatic labelling feature can assign labels to documents, files and emails
without user interaction. We configured conditions are fulfilled
when it triggers the policy conditions.
Automatic labelling consists of conditions for applying light was automatically
automatic processing and recommendations for emails with attachments.
The on premise AP scanner is required to label local documents and files. The automatic labelling does require a PP two.
Look. It's a bird. It's a plane is super user.
The other arm a super user feature
of rice management
Insurers authorize people when services can always read. Inspect data
is used to access. All. Present a content of your tender
by default. The Super User feature is not enabled.
Super users Configured Willpower Shell commandments from the
as your active directory rights management model.
You'll use enable Dash a, D or E um Super user Feature commandment
to give that feature government
as your information protection Tenant keys. A root key for your organization.
Other keys can be derived from the root key, such as user keys, computer keys and document encryption keys.
Whenever a up he uses these keys for your organization,
they cryptographic Lee chain to your as your information protection 10 and Key.
There are three times Microsoft manage.
Bring your own key and hold your own king
for Microsoft. Manage
my crystal ball. Mackel generates a key for your organization, and the key is used exclusively for a happy that is the easiest and the recommend away unless you absolutely have compliance and other reasons where you have tohave and manage your own key.
Bring your own key
is complete control of your Kentucky Uses the azure key. Vote with Effie
that allows you to encrypt content with he isolated from the cloud
you hold your key on premise.
Content can only be read for more free maps and warm, prim services.
If you decide to manage your own tenant. Key volume includes information about using their tenancy.
You can see the following sniff. It is from a log file displayed in Excel,
where the key vote decrypt request and the key vote signed Requests
type showed the tenant key is being utilized.
The scanner is a tool for automatic labelling and classification of 1000 documents from one premise. Foul shares
and one premise. SharePoint servers.
The AARP scanner can work as an extension to Windows Server file Classification Infrastructure FC I.
The scanner is installed when Windows Server, with access to the one premise environment
containing the foul shares and SharePoint libraries to label
the scanning tool, really goes with Microsoft's philosophy of Cloud. First,
you create your policies, you create all of your happy infrastructure in the cloud
and then you bring it on, friend.
I was planning on deploying the on premise. RMS connector
Disconnected Enable was existing on premise servers to use information rights management functionality.
Cloud based a happy services.
Our mess connector is delivered as an execute herbal. It could be a stolid or any Windows server
you must provide to administrator identities For a song on the connector,
you can monitor the health and the usage of that connector.
If you want to manage as information protection Power Shoe,
you need to have dot net framework 45 and beyond. Powershell three War buff
AARP service module replaces
the older as your active directory Rice Man's with model
so you can't uninstall
and then install a happy service module
after the modules installed.
You do connect Dash a happy service
to connect to that Viet. Our show.
To recap this lesson AP is a cloud based solution that helps an organization classify and optionally protects documents and emails. By applying labels,
labels can be a plot automatically by administrators who defined rules and conditions.
Remember that requires a a PP to Austen's
manually by users or combination where users are given recommendations.
The super user ensures authorized people and services can always read and inspect the data that as a rice management protects.
Thank you for joining me in this lesson. I hope to see you for the next one. Take care.