Rights Management and Encryption Part 1: Information Rights Management

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
6 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
7
Video Transcription
00:00
All right. Welcome back. Submarines to the S 3 65. Security Administration. Course I'm your structure. Jim Daniels.
00:07
We're on module four in this 3 65 infant protection.
00:11
Listen to rights management and encryption,
00:15
and we're gonna kick things off with information rights management.
00:19
In this lesson, we're going to go over how different M s for 65 encryption works and what the options are.
00:25
How information rice management can be used in exchange as well as in SharePoint.
00:30
M s 3 65 offers a variety of different encryption services. Um, features.
00:36
There's a basic differentiation between data at rest and Dad in transit.
00:40
Four fouls on a device with built locker
00:44
that goes in the M s. That a center and the clients as well
00:48
distributed key manager
00:50
in the end, a stata center and customer key.
00:53
So we told earlier about some of the customer key options. Bring your own key. Always your own key. It also is important to know that the M s data centers
01:02
you the last bit. Walker
01:03
1000 Transit. Too infirm and travel.
01:07
No, You lost to us
01:10
e mail in transit
01:11
utilises either of any
01:14
3 65 message encryption.
01:15
It's mine
01:18
or TLS.
01:19
There are a few different ways that information rights management can be applied to an email.
01:25
The first,
01:26
manually,
01:26
your users can protect the our messages with the 10 places available to them.
01:34
This process uses the Iran functionality and outlook Rather than exchange
01:38
a leader,
01:40
you can use exchange access to messages, and you can take action, such as applying transport rules to enforce your messaging policy.
01:49
You can also do it manually by outlook on the Web.
01:53
When you enable information rights management on outlook on the Web
01:57
users, can I RN protect messages They send and also view those Iran protected messages that they receive from others,
02:07
mainly by mobile outlooks.
02:09
Level devices
02:10
can view and create Iram protected messages with the outlook Mobile app.
02:15
This requires users to connect their devices to a computer, and I innovate them for Iran. You can enable Iran and Microsoft exchange active sync
02:25
so our users of exchange kind of sync devices serve you,
02:30
reply to Ford and create Iran protective messages
02:34
and our environment. That's what I did. We actually have the Iran available so users can do mobile
02:42
web as well as out what client
02:45
automatically.
02:47
You can set up our protection rules automatically. Iran protect messages and I work
02:53
protection rules or deployed automatically to out what clients
02:57
and the protection is applying. Buying a look When the user composes a message
03:01
automatically on mail servers or
03:05
exchange transport rules,
03:07
you create transport protection rules automatically protect messages.
03:12
So in our environment we have some automatic triggers
03:15
based on content of the email. If it reaches a certain threshold and confidence level of Social Security information, credit card information or other sensitive information automatically encrypts.
03:27
We also have a manual rules. Where
03:30
if the user types were confidential in the subject line, it automatically implies that encryption level as a transport, world
03:38
rights management in exchange
03:39
organization and users can control the permission that recipients have.
03:45
Iran can allow or restrict recipient actions
03:50
different office applications like Word, Excel, Power Point or RMS enabled.
03:54
Here's a couple of examples off how it looks in the Outlook client,
04:00
where the permission button
04:01
unrestricted access but an organization we have a few different options. We have encrypted only
04:08
do not Ford Confidential that it goes to
04:12
all employees within organization,
04:14
highly confidential. All employees within organization.
04:16
So again, this
04:17
coincides with our label me strategy,
04:21
and once one of those are applied, actually gives a tool tip at the top of the message.
04:28
For instance, the do not Ford
04:30
recipients can read this message that cannot four prints
04:33
or copy content,
04:35
full disclosure for information rice management.
04:39
And this is for
04:41
all of third party tools as well.
04:45
It cannot prevent information from and copy using third party screen capture
04:50
imaging devices or photography. I RM contact
04:56
users remembering or manually transcribing the information
05:00
I've seen users take a mobile phone and take a picture of their computer.
05:05
Iran is not gonna do anything about that. You can't do anything about that.
05:10
I've seen people look at security cameras,
05:14
fire and contents when the screenshot of the camera
05:17
irons like do anything, that is, the actions on the machine itself that are in focus is one.
05:24
So just full disclosure. If somebody wants to get something, they're going to get something. However we talked about earlier,
05:30
you want to make it as difficult as me barriers as possible
05:34
for the bag castigate your information so they moved on to an easier target. Their return when their attack
05:41
is greatly hampered because of the security measures you have in place and utilize. And I RN is one of those
05:47
within a SharePoint online iron protection is applied to the fouls at the You list in library level.
05:55
Very important at the list and library level
05:58
I Room relies on as your rights management, which is a service front as your information per section.
06:03
And SharePoint
06:04
I. Aaron enables administrators and constant craters to limit the action that users can take
06:11
when those thousands stored in those waters in list.
06:15
The Iran can also be used to prevent these individuals from sharing the content with other employees and the company.
06:21
So it goes specifically for how the list is permission
06:27
to set up information protection.
06:30
We can go into our 3 65 admin center,
06:33
your settings
06:34
services,
06:36
Microsoft Azure information protection and right there is where we can manage and enable the settings on it.
06:43
Within these settings, we had the option for rice management to activate or deactivate it and then have advanced features within rice management.
06:53
Activate
06:54
Iran and SharePoint Alon. We go into the 3 65 admin center as either a global admin or SharePoint out Now.
07:01
Then we go into the SharePoint online and then center
07:04
settings classic settings because as of this moment, it is not in the new modern SharePoint admin center
07:13
in the iron section. As shown below,
07:15
you can be the toggle to do not use Iran or use it.
07:19
One thing of note within SharePoint. When you create a new Iran policy, I do template.
07:27
You have to go back into your SharePoint admin center
07:30
and refresh. It is not automatically refreshed.
07:33
Within exchange,
07:35
he goes through a period of refresh
07:39
with Web mail. It refreshes almost instantly.
07:43
General rule with, um, is a couple hours
07:46
within out What client
07:47
refreshes, I believe once every 5 to 7 days, or you can manually refresh its in place from the client.
07:56
Except for SharePoint online, remember to do template. You're not gonna be able to apply in any
08:01
library or loose on your tenant until you go into the SPL Admin Center and refresh those settings
08:07
to apply information. Rice management to SharePoint
08:11
remember, is either on the list or library level.
08:15
It's not at the file level. It is at the list or library loans to think of it like a folder that contains all of the items in your plying. Protection to that folder is the gatekeeper, if you will.
08:28
So when people download files on a Iran, enable us rely very the 1000 encrypted
08:33
with
08:35
the template of
08:37
the containing was for library.
08:39
So some of the
08:41
abilities that you can do as far as users actions
08:46
you should have full control.
08:48
You can specify edit whether in edit copy, say functions view you can do read only, you know, cannot copy. Cannot modify. I cannot print
08:58
you can either do other permissions that don't really, really dire end that our SharePoint specific chef going. It's very grain, your and permissions.
09:07
In this example. We're actually creating a document library.
09:11
We create it. We go into auberry settings
09:13
and information rice management. So click on that it brings up the i. R. N panels,
09:18
and this is where we can actually restrict permissions
09:22
or in downloads.
09:24
So we go here and we
09:26
Tongal it, so we enable it,
09:28
and we had those additional protections. We can do like this one. Do not allow users to upload documents of them, support Iran
09:35
and opening documents in the browser.
09:39
This one allows users to print.
09:41
If you don't want viewers the permanent toggle it off.
09:43
You have a lot of grain, your control.
09:46
So this really goes into high sensitivity, high compliance settings. Toe where you're utilizing SharePoint Document libraries analyst.
09:56
There's Iran in action.
09:58
You can go to the
10:01
list.
10:03
We created a document.
10:05
Open it up, and that's stop word. And it says restricted access permission is currently restricted.
10:13
If you or the owner
10:16
of the list library SharePoint side admin and you have ultimate control to enable or disable, Iran can actually going to change permissions from
10:26
the office client instead of having to go into share for Milan. That way,
10:33
either way works.
10:35
Here's a few differences between Iran and Chef Will Nolan and a happy.
10:39
So I are in an SPF is default or custom protections in place.
10:43
So within I room in Spoto Default or custom protection 10 place cannot be used
10:50
detected. PDF files with P. PDF extensions or not supported
10:56
Co authoring is not supported. It's going to give you this violence, currently lock and open by another user
11:03
with a happy uses. Iron mechanisms does remember IR in is built upon a happy which contains the rice management service,
11:13
so it uses some of the mechanisms. But primary little works on the client side,
11:16
whereas Iran and SharePoint works on the SharePoint was some other is up.
11:22
The F B client does not require any SharePoint percenters
11:26
and the independently functions
11:28
Quist on which is the phone is not true. In regards to information rights management in SharePoint Online,
11:35
co authoring is not supported.
11:37
Iran is applying individual found level
11:41
iron relies on azure rice management service from Azra Information per section.
11:46
You do not need to be a global admin or SharePoint. I meant to activate I RN in Spoto
11:52
again, which of the phone is not true?
11:58
Survey says B
12:01
Iran is applied to the individual follow. Remember, Iran is Lister lottery level
12:07
to recap.
12:09
Today's lesson
12:09
in this for 65 uses a variety of layered encryption options to keep data safe.
12:15
These include TLS Bit locker, DK Em
12:18
O M E and s Mind
12:20
with Iran. Feature in Exchange organization and users can control the permission recipients have for email
12:28
within a sharp warning on Iran. Protection can also be applied however, it supplied 2000, but at the list and library level.
12:37
Thank you for joining me for this last night. Who? Just see for the next one take care.
Up Next
MS-500: Microsoft 365 Security Administration

The Microsoft 365 Security Administration (MS-500) training course is designed to prepare students to take and pass the MS-500 certification exam. The course covers the four domains of the exam, providing students with the knowledge and skills they need to earn their credential.

Instructed By