Time
6 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
7

Video Transcription

00:00
All right. Welcome back. Submarines to the S 3 65. Security Administration. Course I'm your structure. Jim Daniels.
00:07
We're on module four in this 3 65 infant protection.
00:11
Listen to rights management and encryption,
00:15
and we're gonna kick things off with information rights management.
00:19
In this lesson, we're going to go over how different M s for 65 encryption works and what the options are.
00:25
How information rice management can be used in exchange as well as in SharePoint.
00:30
M s 3 65 offers a variety of different encryption services. Um, features.
00:36
There's a basic differentiation between data at rest and Dad in transit.
00:40
Four fouls on a device with built locker
00:44
that goes in the M s. That a center and the clients as well
00:48
distributed key manager
00:50
in the end, a stata center and customer key.
00:53
So we told earlier about some of the customer key options. Bring your own key. Always your own key. It also is important to know that the M s data centers
01:02
you the last bit. Walker
01:03
1000 Transit. Too infirm and travel.
01:07
No, You lost to us
01:10
e mail in transit
01:11
utilises either of any
01:14
3 65 message encryption.
01:15
It's mine
01:18
or TLS.
01:19
There are a few different ways that information rights management can be applied to an email.
01:25
The first,
01:26
manually,
01:26
your users can protect the our messages with the 10 places available to them.
01:34
This process uses the Iran functionality and outlook Rather than exchange
01:38
a leader,
01:40
you can use exchange access to messages, and you can take action, such as applying transport rules to enforce your messaging policy.
01:49
You can also do it manually by outlook on the Web.
01:53
When you enable information rights management on outlook on the Web
01:57
users, can I RN protect messages They send and also view those Iran protected messages that they receive from others,
02:07
mainly by mobile outlooks.
02:09
Level devices
02:10
can view and create Iram protected messages with the outlook Mobile app.
02:15
This requires users to connect their devices to a computer, and I innovate them for Iran. You can enable Iran and Microsoft exchange active sync
02:25
so our users of exchange kind of sync devices serve you,
02:30
reply to Ford and create Iran protective messages
02:34
and our environment. That's what I did. We actually have the Iran available so users can do mobile
02:42
web as well as out what client
02:45
automatically.
02:47
You can set up our protection rules automatically. Iran protect messages and I work
02:53
protection rules or deployed automatically to out what clients
02:57
and the protection is applying. Buying a look When the user composes a message
03:01
automatically on mail servers or
03:05
exchange transport rules,
03:07
you create transport protection rules automatically protect messages.
03:12
So in our environment we have some automatic triggers
03:15
based on content of the email. If it reaches a certain threshold and confidence level of Social Security information, credit card information or other sensitive information automatically encrypts.
03:27
We also have a manual rules. Where
03:30
if the user types were confidential in the subject line, it automatically implies that encryption level as a transport, world
03:38
rights management in exchange
03:39
organization and users can control the permission that recipients have.
03:45
Iran can allow or restrict recipient actions
03:50
different office applications like Word, Excel, Power Point or RMS enabled.
03:54
Here's a couple of examples off how it looks in the Outlook client,
04:00
where the permission button
04:01
unrestricted access but an organization we have a few different options. We have encrypted only
04:08
do not Ford Confidential that it goes to
04:12
all employees within organization,
04:14
highly confidential. All employees within organization.
04:16
So again, this
04:17
coincides with our label me strategy,
04:21
and once one of those are applied, actually gives a tool tip at the top of the message.
04:28
For instance, the do not Ford
04:30
recipients can read this message that cannot four prints
04:33
or copy content,
04:35
full disclosure for information rice management.
04:39
And this is for
04:41
all of third party tools as well.
04:45
It cannot prevent information from and copy using third party screen capture
04:50
imaging devices or photography. I RM contact
04:56
users remembering or manually transcribing the information
05:00
I've seen users take a mobile phone and take a picture of their computer.
05:05
Iran is not gonna do anything about that. You can't do anything about that.
05:10
I've seen people look at security cameras,
05:14
fire and contents when the screenshot of the camera
05:17
irons like do anything, that is, the actions on the machine itself that are in focus is one.
05:24
So just full disclosure. If somebody wants to get something, they're going to get something. However we talked about earlier,
05:30
you want to make it as difficult as me barriers as possible
05:34
for the bag castigate your information so they moved on to an easier target. Their return when their attack
05:41
is greatly hampered because of the security measures you have in place and utilize. And I RN is one of those
05:47
within a SharePoint online iron protection is applied to the fouls at the You list in library level.
05:55
Very important at the list and library level
05:58
I Room relies on as your rights management, which is a service front as your information per section.
06:03
And SharePoint
06:04
I. Aaron enables administrators and constant craters to limit the action that users can take
06:11
when those thousands stored in those waters in list.
06:15
The Iran can also be used to prevent these individuals from sharing the content with other employees and the company.
06:21
So it goes specifically for how the list is permission
06:27
to set up information protection.
06:30
We can go into our 3 65 admin center,
06:33
your settings
06:34
services,
06:36
Microsoft Azure information protection and right there is where we can manage and enable the settings on it.
06:43
Within these settings, we had the option for rice management to activate or deactivate it and then have advanced features within rice management.
06:53
Activate
06:54
Iran and SharePoint Alon. We go into the 3 65 admin center as either a global admin or SharePoint out Now.
07:01
Then we go into the SharePoint online and then center
07:04
settings classic settings because as of this moment, it is not in the new modern SharePoint admin center
07:13
in the iron section. As shown below,
07:15
you can be the toggle to do not use Iran or use it.
07:19
One thing of note within SharePoint. When you create a new Iran policy, I do template.
07:27
You have to go back into your SharePoint admin center
07:30
and refresh. It is not automatically refreshed.
07:33
Within exchange,
07:35
he goes through a period of refresh
07:39
with Web mail. It refreshes almost instantly.
07:43
General rule with, um, is a couple hours
07:46
within out What client
07:47
refreshes, I believe once every 5 to 7 days, or you can manually refresh its in place from the client.
07:56
Except for SharePoint online, remember to do template. You're not gonna be able to apply in any
08:01
library or loose on your tenant until you go into the SPL Admin Center and refresh those settings
08:07
to apply information. Rice management to SharePoint
08:11
remember, is either on the list or library level.
08:15
It's not at the file level. It is at the list or library loans to think of it like a folder that contains all of the items in your plying. Protection to that folder is the gatekeeper, if you will.
08:28
So when people download files on a Iran, enable us rely very the 1000 encrypted
08:33
with
08:35
the template of
08:37
the containing was for library.
08:39
So some of the
08:41
abilities that you can do as far as users actions
08:46
you should have full control.
08:48
You can specify edit whether in edit copy, say functions view you can do read only, you know, cannot copy. Cannot modify. I cannot print
08:58
you can either do other permissions that don't really, really dire end that our SharePoint specific chef going. It's very grain, your and permissions.
09:07
In this example. We're actually creating a document library.
09:11
We create it. We go into auberry settings
09:13
and information rice management. So click on that it brings up the i. R. N panels,
09:18
and this is where we can actually restrict permissions
09:22
or in downloads.
09:24
So we go here and we
09:26
Tongal it, so we enable it,
09:28
and we had those additional protections. We can do like this one. Do not allow users to upload documents of them, support Iran
09:35
and opening documents in the browser.
09:39
This one allows users to print.
09:41
If you don't want viewers the permanent toggle it off.
09:43
You have a lot of grain, your control.
09:46
So this really goes into high sensitivity, high compliance settings. Toe where you're utilizing SharePoint Document libraries analyst.
09:56
There's Iran in action.
09:58
You can go to the
10:01
list.
10:03
We created a document.
10:05
Open it up, and that's stop word. And it says restricted access permission is currently restricted.
10:13
If you or the owner
10:16
of the list library SharePoint side admin and you have ultimate control to enable or disable, Iran can actually going to change permissions from
10:26
the office client instead of having to go into share for Milan. That way,
10:33
either way works.
10:35
Here's a few differences between Iran and Chef Will Nolan and a happy.
10:39
So I are in an SPF is default or custom protections in place.
10:43
So within I room in Spoto Default or custom protection 10 place cannot be used
10:50
detected. PDF files with P. PDF extensions or not supported
10:56
Co authoring is not supported. It's going to give you this violence, currently lock and open by another user
11:03
with a happy uses. Iron mechanisms does remember IR in is built upon a happy which contains the rice management service,
11:13
so it uses some of the mechanisms. But primary little works on the client side,
11:16
whereas Iran and SharePoint works on the SharePoint was some other is up.
11:22
The F B client does not require any SharePoint percenters
11:26
and the independently functions
11:28
Quist on which is the phone is not true. In regards to information rights management in SharePoint Online,
11:35
co authoring is not supported.
11:37
Iran is applying individual found level
11:41
iron relies on azure rice management service from Azra Information per section.
11:46
You do not need to be a global admin or SharePoint. I meant to activate I RN in Spoto
11:52
again, which of the phone is not true?
11:58
Survey says B
12:01
Iran is applied to the individual follow. Remember, Iran is Lister lottery level
12:07
to recap.
12:09
Today's lesson
12:09
in this for 65 uses a variety of layered encryption options to keep data safe.
12:15
These include TLS Bit locker, DK Em
12:18
O M E and s Mind
12:20
with Iran. Feature in Exchange organization and users can control the permission recipients have for email
12:28
within a sharp warning on Iran. Protection can also be applied however, it supplied 2000, but at the list and library level.
12:37
Thank you for joining me for this last night. Who? Just see for the next one take care.

Up Next

MS-500: Microsoft 365 Security Administration

The Microsoft 365 Security Administration course is designed to prepare students to take and pass the MS-500 certification exam. The course covers the four domains of the exam, providing students with the knowledge and skills they need to earn their credential.

Instructed By

Instructor Profile Image
Jim Daniels
IT Architect
Instructor