Time
6 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
7

Video Transcription

00:00
welcome Siberians to the M s 3 65 Security Administration. Course.
00:05
I'm your senator Jim Daniels.
00:07
We're O module four in s 3 65. Information protection
00:11
lesson one. Information protection,
00:13
part dose. As your information protection
00:17
in this lesson, we will undoubtably learn how 80 as your information per section helps an organization to classify and protect documents and emails.
00:29
We're gonna look at considerations when you plan your AARP implementation
00:33
functions of those a happy policies,
00:36
the super user role within a API and how to extend a happy to one premise environment.
00:43
So as your information protection is a cloud based solution,
00:48
the pre word azar's to give you a good idea of that. It's a cloud based solution. It helps an organization classify and protect its documents and emails by applying labels.
00:58
Well, it was gonna be applauded automatically.
01:00
I advance to define the rules and conditions manually by users or a combination where users are given recommendations.
01:08
Room tip.
01:10
Never use beef stew as your computer password
01:14
because it's not stroganoff.
01:18
All right? Yeah,
01:19
be the growing all right. Now that
01:25
let's take a closer look at as your information protection as a whole
01:29
you get a classified data,
01:30
you configure policies to classify, label and protect that. A basin sensitivity.
01:38
Classify you also protect
01:40
you. Add classifications of protection information
01:44
for persistent protection. Remember, persistent.
01:47
It doesn't matter where the foul was that it stays with the foul. It's not directory protection. Its final protection.
01:55
You can track activities of shared data and revoke access as necessary.
02:00
An example. Always use is if you send an email out to somebody
02:06
and you, that means there
02:08
it's bye bye, that person's good grace, that they
02:12
remove the email.
02:14
However,
02:15
if you use a happy
02:16
you know, I will revoke their access to it
02:19
at any time.
02:21
E mails, fouls,
02:23
documents, all of that stuff
02:24
being a securely collaborate
02:27
share data safely with co workers as well as customers and partners, internally and externally,
02:35
that a classification and protection controls are integrated into Microsoft office in common applications
02:43
as you open up your office. 2019 were 3 65 enterprise applications.
02:49
It's built in after he is totally built into it. Now
02:52
2013 you had to have an adult. You have a plug in 2019 and above is all integrated.
02:59
Finally, the flexibility to Appy allows.
03:01
It helps protect your data, whether it is stored
03:06
internally
03:07
in the cloud on premise. Wherever is that
03:10
the flexibility is key because it travels with the item you're protecting
03:16
some considerations you should have in planning for a happy
03:20
subscription and licensing levels.
03:23
You need to prepare to tenant for a happy.
03:27
Have your labels and policies mapped out and define.
03:30
Have your client deployed if you're using the client. In addition to the office, Adan's
03:36
configure rice management and other services that are underlying and require for a happy
03:43
and end user
03:45
never forget the documentation on the train that you need to provide for your users.
03:51
It's not a field of dreams. If you build it, they won't use it.
03:54
You have to show them how to use it. Show them how it benefits them.
03:58
Paint a scenario for each department of data loss
04:01
fines, compliance regulations, being broken, pain that scenario and say, Hey,
04:10
this helps with that
04:11
Paint us an area of disgruntled employees
04:15
wagons. Now, if they downloaded 1000 valves in quit more, do they still have access to those files?
04:20
If they had a off, you could actually
04:23
remote provoke access to those files, even if they still had to file
04:27
it will be useless to them. They couldn't even open it.
04:30
All of these are scenarios to help you get buy in from your stakeholders.
04:35
Anger users
04:38
AP label was contained. Different settings.
04:41
One had a mark and protect documents, files and emails that were sent to your users.
04:46
Sub label was gonna add additional settings to label
04:48
before customizing the label was. You have to create your strategy.
04:54
Remember, map it out.
04:56
Happy provides a set of default labels and policies that are created when you activate a happy for your tenants.
05:02
Every label in strategy is going to be unique to that organization.
05:09
My main advice.
05:10
Use labels that are easy to interpret for your users.
05:15
If something is okay for public consumption,
05:19
label in public.
05:20
Make sure it is crystal clear
05:24
and as intuitive as possible for every in user in your organization.
05:30
All right, so on this screen we have a work screenshot as well isn't self screenshot
05:35
with the word we actually have a traditional protection AP client icon
05:42
with the Excel one. We have the sensitivity
05:46
before unified labeling,
05:47
which is currently out now There was a different
05:53
hey happy
05:55
and the this WAAS really separated
05:59
between office 3 65.
06:00
As far as the collaboration Poor part
06:04
and exchange
06:06
with unified labeling, it applies. One label applies across your whole entire tenant.
06:14
A policy is an additional set of rules that are used to group
06:17
labels to be available for users and Gerdes
06:21
all pre defined labels and sub labels and 03 65 or configured in the default policy name Global.
06:29
You cannot SCO global policy to any specific users or groups.
06:33
By default, it is meant to be global.
06:36
The following rules apply When you create a new policy,
06:40
custom labels can be added. Only one policy
06:44
create a sub level. His parent level must be in the same policy or in the global policy.
06:49
The F client for Windows is that client organizations that use Appy to classify and protect documents and emails.
06:57
They Happy client also has a viewer.
07:00
Organizations that don't have their own information protections infrastructure.
07:03
Once you consume protected concept,
07:05
the standalone AARP viewer APP is available for Windows Mac windows find No one really uses that anymore.
07:13
Android and IOS.
07:15
The flexibility to deploy him to your in users is available because it has both e x e and S I files for deployment.
07:25
Here's an example of the unified labeling client.
07:29
We have the ability to download both
07:31
the traditional as well as the UL. Client
07:35
systems need one or the other
07:39
unless you already have something established in your tenant.
07:42
Where is unified of labelling isn't being utilized yet.
07:46
Utilize that unified light Born is the future
07:49
the traditional, as were info protection. That client will be phased out.
07:56
Quiz.
07:57
Is this statement true of faults?
07:59
Effie Global policies can be scope to a specific set of users. True or false
08:07
balls.
08:07
Global policies cannot be scope to a specific set.
08:11
They apply to all users.
08:13
Additional non global policies must be created to plot does through a specific subset of users.
08:22
A builds on the Azure Rights Management Service as your RMS and uses RMS templates for various features.
08:30
Our miss templates are utilized to apply labels to documents process with on premise services and for office 3 65 and message encryption of any
08:41
McRae in exchange transport rule for protection, you're using rights management in place with the RMS connector.
08:48
When you activate Appy for 10
08:50
your subscription does not include azure information protection licence.
08:54
Just to default or missed in place are automatically created,
08:58
confidential and highly confidential.
09:03
Let's talk about licensing.
09:05
AARP is a feature within the Enterprise Mobility and Security Suite.
09:11
There are two versions of a Happy, Just like as Raydi. There's a P one Plan one and P two plan to
09:18
and a prize ability and security Suite E three has the P one
09:24
and a possible on a security suite. E five
09:26
has the P two
09:28
same follows with the M s 3. 65 weeks.
09:31
Them s for 65 sweet e three
09:33
as a PP one.
09:35
The necessary 65 sweet e five has the A P P two,
09:41
you know, said at a happy ala cart, Whether it be p one or P two
09:46
automatic labelling feature can assign labels to documents, files and emails
09:50
without user interaction. We configured conditions are fulfilled
09:56
when it triggers the policy conditions.
09:58
Automatic labelling consists of conditions for applying light was automatically
10:03
automatic processing and recommendations for emails with attachments.
10:09
The on premise AP scanner is required to label local documents and files. The automatic labelling does require a PP two.
10:18
Look. It's a bird. It's a plane is super user.
10:31
The other arm a super user feature
10:33
of rice management
10:35
Insurers authorize people when services can always read. Inspect data
10:41
is used to access. All. Present a content of your tender
10:45
by default. The Super User feature is not enabled.
10:48
Super users Configured Willpower Shell commandments from the
10:52
as your active directory rights management model.
10:56
You'll use enable Dash a, D or E um Super user Feature commandment
11:01
to give that feature government
11:03
as your information protection Tenant keys. A root key for your organization.
11:07
Other keys can be derived from the root key, such as user keys, computer keys and document encryption keys.
11:15
Whenever a up he uses these keys for your organization,
11:18
they cryptographic Lee chain to your as your information protection 10 and Key.
11:26
There are three times Microsoft manage.
11:28
Bring your own key and hold your own king
11:31
for Microsoft. Manage
11:33
my crystal ball. Mackel generates a key for your organization, and the key is used exclusively for a happy that is the easiest and the recommend away unless you absolutely have compliance and other reasons where you have tohave and manage your own key.
11:48
Bring your own key
11:50
is complete control of your Kentucky Uses the azure key. Vote with Effie
11:56
whole drinking
11:58
that allows you to encrypt content with he isolated from the cloud
12:01
you hold your key on premise.
12:03
Content can only be read for more free maps and warm, prim services.
12:09
If you decide to manage your own tenant. Key volume includes information about using their tenancy.
12:16
You can see the following sniff. It is from a log file displayed in Excel,
12:20
where the key vote decrypt request and the key vote signed Requests
12:24
type showed the tenant key is being utilized.
12:28
Boat classifications.
12:30
The scanner is a tool for automatic labelling and classification of 1000 documents from one premise. Foul shares
12:37
and one premise. SharePoint servers.
12:41
The AARP scanner can work as an extension to Windows Server file Classification Infrastructure FC I.
12:48
The scanner is installed when Windows Server, with access to the one premise environment
12:52
containing the foul shares and SharePoint libraries to label
12:56
the scanning tool, really goes with Microsoft's philosophy of Cloud. First,
13:01
you create your policies, you create all of your happy infrastructure in the cloud
13:05
and then you bring it on, friend.
13:09
I was planning on deploying the on premise. RMS connector
13:13
Disconnected Enable was existing on premise servers to use information rights management functionality.
13:18
Cloud based a happy services.
13:22
Our mess connector is delivered as an execute herbal. It could be a stolid or any Windows server
13:28
you must provide to administrator identities For a song on the connector,
13:33
you can monitor the health and the usage of that connector.
13:37
If you want to manage as information protection Power Shoe,
13:41
you need to have dot net framework 45 and beyond. Powershell three War buff
13:46
AARP service module replaces
13:50
the older as your active directory Rice Man's with model
13:54
so you can't uninstall
13:56
Marshall
13:58
and then install a happy service module
14:01
after the modules installed.
14:03
You do connect Dash a happy service
14:05
to connect to that Viet. Our show.
14:07
To recap this lesson AP is a cloud based solution that helps an organization classify and optionally protects documents and emails. By applying labels,
14:18
labels can be a plot automatically by administrators who defined rules and conditions.
14:24
Remember that requires a a PP to Austen's
14:28
manually by users or combination where users are given recommendations.
14:33
The super user ensures authorized people and services can always read and inspect the data that as a rice management protects.
14:43
Thank you for joining me in this lesson. I hope to see you for the next one. Take care.

Up Next

MS-500: Microsoft 365 Security Administration

The Microsoft 365 Security Administration course is designed to prepare students to take and pass the MS-500 certification exam. The course covers the four domains of the exam, providing students with the knowledge and skills they need to earn their credential.

Instructed By

Instructor Profile Image
Jim Daniels
IT Architect
Instructor