Information Protection Part 2: Azure

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
6 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
7
Video Transcription
00:00
welcome Siberians to the M s 3 65 Security Administration. Course.
00:05
I'm your senator Jim Daniels.
00:07
We're O module four in s 3 65. Information protection
00:11
lesson one. Information protection,
00:13
part dose. As your information protection
00:17
in this lesson, we will undoubtably learn how 80 as your information per section helps an organization to classify and protect documents and emails.
00:29
We're gonna look at considerations when you plan your AARP implementation
00:33
functions of those a happy policies,
00:36
the super user role within a API and how to extend a happy to one premise environment.
00:43
So as your information protection is a cloud based solution,
00:48
the pre word azar's to give you a good idea of that. It's a cloud based solution. It helps an organization classify and protect its documents and emails by applying labels.
00:58
Well, it was gonna be applauded automatically.
01:00
I advance to define the rules and conditions manually by users or a combination where users are given recommendations.
01:08
Room tip.
01:10
Never use beef stew as your computer password
01:14
because it's not stroganoff.
01:18
All right? Yeah,
01:19
be the growing all right. Now that
01:25
let's take a closer look at as your information protection as a whole
01:29
you get a classified data,
01:30
you configure policies to classify, label and protect that. A basin sensitivity.
01:38
Classify you also protect
01:40
you. Add classifications of protection information
01:44
for persistent protection. Remember, persistent.
01:47
It doesn't matter where the foul was that it stays with the foul. It's not directory protection. Its final protection.
01:55
You can track activities of shared data and revoke access as necessary.
02:00
An example. Always use is if you send an email out to somebody
02:06
and you, that means there
02:08
it's bye bye, that person's good grace, that they
02:12
remove the email.
02:14
However,
02:15
if you use a happy
02:16
you know, I will revoke their access to it
02:19
at any time.
02:21
E mails, fouls,
02:23
documents, all of that stuff
02:24
being a securely collaborate
02:27
share data safely with co workers as well as customers and partners, internally and externally,
02:35
that a classification and protection controls are integrated into Microsoft office in common applications
02:43
as you open up your office. 2019 were 3 65 enterprise applications.
02:49
It's built in after he is totally built into it. Now
02:52
2013 you had to have an adult. You have a plug in 2019 and above is all integrated.
02:59
Finally, the flexibility to Appy allows.
03:01
It helps protect your data, whether it is stored
03:06
internally
03:07
in the cloud on premise. Wherever is that
03:10
the flexibility is key because it travels with the item you're protecting
03:16
some considerations you should have in planning for a happy
03:20
subscription and licensing levels.
03:23
You need to prepare to tenant for a happy.
03:27
Have your labels and policies mapped out and define.
03:30
Have your client deployed if you're using the client. In addition to the office, Adan's
03:36
configure rice management and other services that are underlying and require for a happy
03:43
and end user
03:45
never forget the documentation on the train that you need to provide for your users.
03:51
It's not a field of dreams. If you build it, they won't use it.
03:54
You have to show them how to use it. Show them how it benefits them.
03:58
Paint a scenario for each department of data loss
04:01
fines, compliance regulations, being broken, pain that scenario and say, Hey,
04:10
this helps with that
04:11
Paint us an area of disgruntled employees
04:15
wagons. Now, if they downloaded 1000 valves in quit more, do they still have access to those files?
04:20
If they had a off, you could actually
04:23
remote provoke access to those files, even if they still had to file
04:27
it will be useless to them. They couldn't even open it.
04:30
All of these are scenarios to help you get buy in from your stakeholders.
04:35
Anger users
04:38
AP label was contained. Different settings.
04:41
One had a mark and protect documents, files and emails that were sent to your users.
04:46
Sub label was gonna add additional settings to label
04:48
before customizing the label was. You have to create your strategy.
04:54
Remember, map it out.
04:56
Happy provides a set of default labels and policies that are created when you activate a happy for your tenants.
05:02
Every label in strategy is going to be unique to that organization.
05:09
My main advice.
05:10
Use labels that are easy to interpret for your users.
05:15
If something is okay for public consumption,
05:19
label in public.
05:20
Make sure it is crystal clear
05:24
and as intuitive as possible for every in user in your organization.
05:30
All right, so on this screen we have a work screenshot as well isn't self screenshot
05:35
with the word we actually have a traditional protection AP client icon
05:42
with the Excel one. We have the sensitivity
05:46
before unified labeling,
05:47
which is currently out now There was a different
05:53
hey happy
05:55
and the this WAAS really separated
05:59
between office 3 65.
06:00
As far as the collaboration Poor part
06:04
and exchange
06:06
with unified labeling, it applies. One label applies across your whole entire tenant.
06:14
A policy is an additional set of rules that are used to group
06:17
labels to be available for users and Gerdes
06:21
all pre defined labels and sub labels and 03 65 or configured in the default policy name Global.
06:29
You cannot SCO global policy to any specific users or groups.
06:33
By default, it is meant to be global.
06:36
The following rules apply When you create a new policy,
06:40
custom labels can be added. Only one policy
06:44
create a sub level. His parent level must be in the same policy or in the global policy.
06:49
The F client for Windows is that client organizations that use Appy to classify and protect documents and emails.
06:57
They Happy client also has a viewer.
07:00
Organizations that don't have their own information protections infrastructure.
07:03
Once you consume protected concept,
07:05
the standalone AARP viewer APP is available for Windows Mac windows find No one really uses that anymore.
07:13
Android and IOS.
07:15
The flexibility to deploy him to your in users is available because it has both e x e and S I files for deployment.
07:25
Here's an example of the unified labeling client.
07:29
We have the ability to download both
07:31
the traditional as well as the UL. Client
07:35
systems need one or the other
07:39
unless you already have something established in your tenant.
07:42
Where is unified of labelling isn't being utilized yet.
07:46
Utilize that unified light Born is the future
07:49
the traditional, as were info protection. That client will be phased out.
07:56
Quiz.
07:57
Is this statement true of faults?
07:59
Effie Global policies can be scope to a specific set of users. True or false
08:07
balls.
08:07
Global policies cannot be scope to a specific set.
08:11
They apply to all users.
08:13
Additional non global policies must be created to plot does through a specific subset of users.
08:22
A builds on the Azure Rights Management Service as your RMS and uses RMS templates for various features.
08:30
Our miss templates are utilized to apply labels to documents process with on premise services and for office 3 65 and message encryption of any
08:41
McRae in exchange transport rule for protection, you're using rights management in place with the RMS connector.
08:48
When you activate Appy for 10
08:50
your subscription does not include azure information protection licence.
08:54
Just to default or missed in place are automatically created,
08:58
confidential and highly confidential.
09:03
Let's talk about licensing.
09:05
AARP is a feature within the Enterprise Mobility and Security Suite.
09:11
There are two versions of a Happy, Just like as Raydi. There's a P one Plan one and P two plan to
09:18
and a prize ability and security Suite E three has the P one
09:24
and a possible on a security suite. E five
09:26
has the P two
09:28
same follows with the M s 3. 65 weeks.
09:31
Them s for 65 sweet e three
09:33
as a PP one.
09:35
The necessary 65 sweet e five has the A P P two,
09:41
you know, said at a happy ala cart, Whether it be p one or P two
09:46
automatic labelling feature can assign labels to documents, files and emails
09:50
without user interaction. We configured conditions are fulfilled
09:56
when it triggers the policy conditions.
09:58
Automatic labelling consists of conditions for applying light was automatically
10:03
automatic processing and recommendations for emails with attachments.
10:09
The on premise AP scanner is required to label local documents and files. The automatic labelling does require a PP two.
10:18
Look. It's a bird. It's a plane is super user.
10:31
The other arm a super user feature
10:33
of rice management
10:35
Insurers authorize people when services can always read. Inspect data
10:41
is used to access. All. Present a content of your tender
10:45
by default. The Super User feature is not enabled.
10:48
Super users Configured Willpower Shell commandments from the
10:52
as your active directory rights management model.
10:56
You'll use enable Dash a, D or E um Super user Feature commandment
11:01
to give that feature government
11:03
as your information protection Tenant keys. A root key for your organization.
11:07
Other keys can be derived from the root key, such as user keys, computer keys and document encryption keys.
11:15
Whenever a up he uses these keys for your organization,
11:18
they cryptographic Lee chain to your as your information protection 10 and Key.
11:26
There are three times Microsoft manage.
11:28
Bring your own key and hold your own king
11:31
for Microsoft. Manage
11:33
my crystal ball. Mackel generates a key for your organization, and the key is used exclusively for a happy that is the easiest and the recommend away unless you absolutely have compliance and other reasons where you have tohave and manage your own key.
11:48
Bring your own key
11:50
is complete control of your Kentucky Uses the azure key. Vote with Effie
11:56
whole drinking
11:58
that allows you to encrypt content with he isolated from the cloud
12:01
you hold your key on premise.
12:03
Content can only be read for more free maps and warm, prim services.
12:09
If you decide to manage your own tenant. Key volume includes information about using their tenancy.
12:16
You can see the following sniff. It is from a log file displayed in Excel,
12:20
where the key vote decrypt request and the key vote signed Requests
12:24
type showed the tenant key is being utilized.
12:28
Boat classifications.
12:30
The scanner is a tool for automatic labelling and classification of 1000 documents from one premise. Foul shares
12:37
and one premise. SharePoint servers.
12:41
The AARP scanner can work as an extension to Windows Server file Classification Infrastructure FC I.
12:48
The scanner is installed when Windows Server, with access to the one premise environment
12:52
containing the foul shares and SharePoint libraries to label
12:56
the scanning tool, really goes with Microsoft's philosophy of Cloud. First,
13:01
you create your policies, you create all of your happy infrastructure in the cloud
13:05
and then you bring it on, friend.
13:09
I was planning on deploying the on premise. RMS connector
13:13
Disconnected Enable was existing on premise servers to use information rights management functionality.
13:18
Cloud based a happy services.
13:22
Our mess connector is delivered as an execute herbal. It could be a stolid or any Windows server
13:28
you must provide to administrator identities For a song on the connector,
13:33
you can monitor the health and the usage of that connector.
13:37
If you want to manage as information protection Power Shoe,
13:41
you need to have dot net framework 45 and beyond. Powershell three War buff
13:46
AARP service module replaces
13:50
the older as your active directory Rice Man's with model
13:54
so you can't uninstall
13:56
Marshall
13:58
and then install a happy service module
14:01
after the modules installed.
14:03
You do connect Dash a happy service
14:05
to connect to that Viet. Our show.
14:07
To recap this lesson AP is a cloud based solution that helps an organization classify and optionally protects documents and emails. By applying labels,
14:18
labels can be a plot automatically by administrators who defined rules and conditions.
14:24
Remember that requires a a PP to Austen's
14:28
manually by users or combination where users are given recommendations.
14:33
The super user ensures authorized people and services can always read and inspect the data that as a rice management protects.
14:43
Thank you for joining me in this lesson. I hope to see you for the next one. Take care.
Up Next
MS-500: Microsoft 365 Security Administration

The Microsoft 365 Security Administration (MS-500) training course is designed to prepare students to take and pass the MS-500 certification exam. The course covers the four domains of the exam, providing students with the knowledge and skills they need to earn their credential.

Instructed By