Rights Management and Encryption Part 1: Information Rights Management

00:00

All right. Welcome back. Submarines to the S 3 65. Security Administration. Course I'm your structure. Jim Daniels.

00:07

We're on module four in this 3 65 infant protection.

00:11

Listen to rights management and encryption,

00:15

and we're gonna kick things off with information rights management.

00:19

In this lesson, we're going to go over how different M s for 65 encryption works and what the options are.

00:25

How information rice management can be used in exchange as well as in SharePoint.

00:30

M s 3 65 offers a variety of different encryption services. Um, features.

00:36

There's a basic differentiation between data at rest and Dad in transit.

00:40

Four fouls on a device with built locker

00:44

that goes in the M s. That a center and the clients as well

00:48

distributed key manager

00:50

in the end, a stata center and customer key.

00:53

So we told earlier about some of the customer key options. Bring your own key. Always your own key. It also is important to know that the M s data centers

01:02

you the last bit. Walker

01:03

1000 Transit. Too infirm and travel.

01:07

No, You lost to us

01:10

e mail in transit

01:11

utilises either of any

01:14

3 65 message encryption.

01:15

It's mine

01:18

or TLS.

01:19

There are a few different ways that information rights management can be applied to an email.

01:25

The first,

01:26

manually,

01:26

your users can protect the our messages with the 10 places available to them.

01:34

This process uses the Iran functionality and outlook Rather than exchange

01:38

a leader,

01:40

you can use exchange access to messages, and you can take action, such as applying transport rules to enforce your messaging policy.

01:49

You can also do it manually by outlook on the Web.

01:53

When you enable information rights management on outlook on the Web

01:57

users, can I RN protect messages They send and also view those Iran protected messages that they receive from others,

02:07

mainly by mobile outlooks.

02:09

Level devices

02:10

can view and create Iram protected messages with the outlook Mobile app.

02:15

This requires users to connect their devices to a computer, and I innovate them for Iran. You can enable Iran and Microsoft exchange active sync

02:25

so our users of exchange kind of sync devices serve you,

02:30

reply to Ford and create Iran protective messages

02:34

and our environment. That's what I did. We actually have the Iran available so users can do mobile

02:42

web as well as out what client

02:45

automatically.

02:47

You can set up our protection rules automatically. Iran protect messages and I work

02:53

protection rules or deployed automatically to out what clients

02:57

and the protection is applying. Buying a look When the user composes a message

03:01

automatically on mail servers or

03:05

exchange transport rules,

03:07

you create transport protection rules automatically protect messages.

03:12

So in our environment we have some automatic triggers

03:15

based on content of the email. If it reaches a certain threshold and confidence level of Social Security information, credit card information or other sensitive information automatically encrypts.

03:27

We also have a manual rules. Where

03:30

if the user types were confidential in the subject line, it automatically implies that encryption level as a transport, world

03:38

rights management in exchange

03:39

organization and users can control the permission that recipients have.

03:45

Iran can allow or restrict recipient actions

03:50

different office applications like Word, Excel, Power Point or RMS enabled.

03:54

Here's a couple of examples off how it looks in the Outlook client,

04:00

where the permission button

04:01

unrestricted access but an organization we have a few different options. We have encrypted only

04:08

do not Ford Confidential that it goes to

04:12

all employees within organization,

04:14

highly confidential. All employees within organization.

04:16

So again, this

04:17

coincides with our label me strategy,

04:21

and once one of those are applied, actually gives a tool tip at the top of the message.

04:28

For instance, the do not Ford

04:30

recipients can read this message that cannot four prints

04:33

or copy content,

04:35

full disclosure for information rice management.

04:39

And this is for

04:41

all of third party tools as well.

04:45

It cannot prevent information from and copy using third party screen capture

04:50

imaging devices or photography. I RM contact

04:56

users remembering or manually transcribing the information

05:00

I've seen users take a mobile phone and take a picture of their computer.

05:05

Iran is not gonna do anything about that. You can't do anything about that.

05:10

I've seen people look at security cameras,

05:14

fire and contents when the screenshot of the camera

05:17

irons like do anything, that is, the actions on the machine itself that are in focus is one.

05:24

So just full disclosure. If somebody wants to get something, they're going to get something. However we talked about earlier,

05:30

you want to make it as difficult as me barriers as possible

05:34

for the bag castigate your information so they moved on to an easier target. Their return when their attack

05:41

is greatly hampered because of the security measures you have in place and utilize. And I RN is one of those

05:47

within a SharePoint online iron protection is applied to the fouls at the You list in library level.

05:55

Very important at the list and library level

05:58

I Room relies on as your rights management, which is a service front as your information per section.

06:03

And SharePoint

06:04

I. Aaron enables administrators and constant craters to limit the action that users can take

06:11

when those thousands stored in those waters in list.

06:15

The Iran can also be used to prevent these individuals from sharing the content with other employees and the company.

06:21

So it goes specifically for how the list is permission

06:27

to set up information protection.

06:30

We can go into our 3 65 admin center,

06:33

your settings

06:34

services,

06:36

Microsoft Azure information protection and right there is where we can manage and enable the settings on it.

06:43

Within these settings, we had the option for rice management to activate or deactivate it and then have advanced features within rice management.

06:53

Activate

06:54

Iran and SharePoint Alon. We go into the 3 65 admin center as either a global admin or SharePoint out Now.

07:01

Then we go into the SharePoint online and then center

07:04

settings classic settings because as of this moment, it is not in the new modern SharePoint admin center

07:13

in the iron section. As shown below,

07:15

you can be the toggle to do not use Iran or use it.

07:19

One thing of note within SharePoint. When you create a new Iran policy, I do template.

07:27

You have to go back into your SharePoint admin center

07:30

and refresh. It is not automatically refreshed.

07:33

Within exchange,

07:35

he goes through a period of refresh

07:39

with Web mail. It refreshes almost instantly.

07:43

General rule with, um, is a couple hours

07:46

within out What client

07:47

refreshes, I believe once every 5 to 7 days, or you can manually refresh its in place from the client.

07:56

Except for SharePoint online, remember to do template. You're not gonna be able to apply in any

08:01

library or loose on your tenant until you go into the SPL Admin Center and refresh those settings

08:07

to apply information. Rice management to SharePoint

08:11

remember, is either on the list or library level.

08:15

It's not at the file level. It is at the list or library loans to think of it like a folder that contains all of the items in your plying. Protection to that folder is the gatekeeper, if you will.

08:28

So when people download files on a Iran, enable us rely very the 1000 encrypted

08:33

with

08:35

the template of

08:37

the containing was for library.

08:39

So some of the

08:41

abilities that you can do as far as users actions

08:46

you should have full control.

08:48

You can specify edit whether in edit copy, say functions view you can do read only, you know, cannot copy. Cannot modify. I cannot print

08:58

you can either do other permissions that don't really, really dire end that our SharePoint specific chef going. It's very grain, your and permissions.

09:07

In this example. We're actually creating a document library.

09:11

We create it. We go into auberry settings

09:13

and information rice management. So click on that it brings up the i. R. N panels,

09:18

and this is where we can actually restrict permissions

09:22

or in downloads.

09:24

So we go here and we

09:26

Tongal it, so we enable it,

09:28

and we had those additional protections. We can do like this one. Do not allow users to upload documents of them, support Iran

09:35

and opening documents in the browser.

09:39

This one allows users to print.

09:41

If you don't want viewers the permanent toggle it off.

09:43

You have a lot of grain, your control.

09:46

So this really goes into high sensitivity, high compliance settings. Toe where you're utilizing SharePoint Document libraries analyst.

09:56

There's Iran in action.

09:58

You can go to the

10:01

list.

10:03

We created a document.

10:05

Open it up, and that's stop word. And it says restricted access permission is currently restricted.

10:13

If you or the owner

10:16

of the list library SharePoint side admin and you have ultimate control to enable or disable, Iran can actually going to change permissions from

10:26

the office client instead of having to go into share for Milan. That way,

10:33

either way works.

10:35

Here's a few differences between Iran and Chef Will Nolan and a happy.

10:39

So I are in an SPF is default or custom protections in place.

10:43

So within I room in Spoto Default or custom protection 10 place cannot be used

10:50

detected. PDF files with P. PDF extensions or not supported

10:56

Co authoring is not supported. It's going to give you this violence, currently lock and open by another user

11:03

with a happy uses. Iron mechanisms does remember IR in is built upon a happy which contains the rice management service,

11:13

so it uses some of the mechanisms. But primary little works on the client side,

11:16

whereas Iran and SharePoint works on the SharePoint was some other is up.

11:22

The F B client does not require any SharePoint percenters

11:26

and the independently functions

11:28

Quist on which is the phone is not true. In regards to information rights management in SharePoint Online,

11:35

co authoring is not supported.

11:37

Iran is applying individual found level

11:41

iron relies on azure rice management service from Azra Information per section.

11:46

You do not need to be a global admin or SharePoint. I meant to activate I RN in Spoto

11:52

again, which of the phone is not true?

11:58

Survey says B

12:01

Iran is applied to the individual follow. Remember, Iran is Lister lottery level

12:07

to recap.

12:09

Today's lesson

12:09

in this for 65 uses a variety of layered encryption options to keep data safe.

12:15

These include TLS Bit locker, DK Em

12:18

O M E and s Mind

12:20

with Iran. Feature in Exchange organization and users can control the permission recipients have for email

12:28

within a sharp warning on Iran. Protection can also be applied however, it supplied 2000, but at the list and library level.