Attacks are quickly becoming more automated through AI-assisted tools. They are also increasing exponentially—the number of password attacks Microsoft detects has more than tripled in the last 12 months, from 1,287 per second to more than 4,000 per second.¹ Plus, the annual cost of cyberattacks continues to grow. According to the FBI Internet Crime Complaint Center’s (IC3) latest research, reported total losses grew from USD6.9 billion in 2021 to more than USD10.2 billion in 2022.² Such losses are even greater on a global scale. If organizations continue to operate within a fractured security state and only utilize what’s worked in the past, they will leave gaps in their security posture.

Now there is a unique opportunity to harness the power of AI in combination with an end-to-end security solution to build a resilient security posture with defenses that rapidly adapt. There has never been a more important time for specialized cybersecurity expertise, and our partners are critical to preparing customers for the era of AI. According to a Forrester Total Economic Impact study, Microsoft Security partners are realizing a significant increase in their business with more than 14 percent year-over-year growth.³ In small and medium businesses (SMBs), partners are seeing even more dramatic demand with more than 37 percent market expansion just this last year.

Today at Microsoft Inspire 2023, we will discuss AI-powered security during the “Springboard customers into the era of AI with end-to-end security” session. Also, you’ll have an opportunity to ask your most pressing questions at the expert Q&A.

Register for Microsoft Inspire to hear more details on our latest exciting announcements listed in this blog.

Microsoft Inspire 2023

Elevate your business by joining us for Microsoft Inspire, July 18 and 19, 2023, and learn how to accelerate AI transformation in your security practice.

Register now

Coming soon: Microsoft Security Copilot Early Access Program

We are extremely encouraged by the excitement and positive feedback we have received from customers and partners since we announced Microsoft Security Copilot—one of the first generative AI products in the security industry—in March 2023. This fall, we will open our Early Access Program and invite more customers and partners to experience Security Copilot. To help us focus our learning, customers who use Microsoft Defender for Endpoint will be prioritized for early access. Those who also use Microsoft Sentinel will get even more benefit from the program. Security Copilot is designed to work with a broad range of Microsoft and third-party tools, and we will expand the program as we learn.

Our preview is well underway, and the feedback from our preview customers shows that there’s every reason to be excited about the massive potential of this technology to help protect at machine speed and scale:

“Microsoft is spearheading a transformative shift in security operations center (SOC) processes and operations at a truly remarkable speed. By fully integrating these cutting-edge AI technologies, they are pioneering a leap so momentous that by December 2024, SOC operations from 2021 may seem prehistoric in comparison. The surge in productivity could be unparalleled. At Bridgewater, we are thrilled to be helping Microsoft on this voyage, collaboratively propelling Security Copilot’s full potential to the forefront of the industry.”

—Igor Tsyganskiy, President, Bridgewater

New: Security Copilot design advisory council

Today, we are officially kicking off our partner engagement to help you build your own solutions and services powered by Security Copilot. If you are a Microsoft partner, you can start today by helping customers deploy Microsoft Defender for Endpoint and Microsoft Sentinel so that they are prepared to adopt Microsoft Security Copilot. We are excited to join forces with our partners, including members of the Microsoft Intelligent Security Association. Here’s what a couple of our partners have shared already:

“When it comes to cybersecurity, threat actors are increasingly using AI to carry out sophisticated attacks, so why aren’t defenders? We are operating in an era where fighting AI with AI is non-negotiable. By partnering with Microsoft Security Copilot, we can help level the playing field for defenders together. Much of the AI universe sits behind Cloudflare, and acting as the intermediary to allow businesses to harness the power of this technology in a safe way is critical.”

—Matthew Prince, Chief Executive Officer, Cloudflare

“We believe that generative AI will be truly revolutionary and will allow us to become more effective and efficient, by orders of magnitude, in protecting our customers. We expect to see productivity increases from our SOC analysts using Security Copilot when dealing with scenarios like incident response and threat hunting and believe there is potential for upskilling effects, allowing any analyst to complete more advanced tasks quicker than ever before. We are proud to be on this journey with Microsoft and remain excited as they continue to add more compelling capabilities to Security Copilot.”

—Brian Beyer, Chief Executive Officer, Red Canary

“Building on our recent investment to expand and scale our AI offerings, we’re excited to team with Microsoft on bringing Security Copilot to our joint customers, augmenting their ability to predict—prevent—and rapidly respond to security threats. This will help empower all of our customers and provide new opportunities leveraging the responsible use of generative AI.”

—Sean Joyce, Global Cybersecurity and Privacy Leader, PwC

If you are interested in learning how to engage with your customers now to take full advantage of these new AI technologies, we invite you to sign up to receive communications and to be considered for our new Security Copilot design advisory council.

Investments in the managed security service provider community

According to Gartner®, “by 2025, 60 percent of organizations will be actively using remote threat disruption and containment capabilities delivered directly by MDR providers, up from 30 percent today.”⁴ 

To help meet the anticipated demand for these services, we are actively working to recruit more Managed Extended Detection and Response (MXDR) partners alongside our first-party offering. Microsoft is deeply committed to our partner community, and partners will always be the primary path for customers to get the services they need. We are increasing our overall investments for security partners by nearly 50 percent this coming year. A great example of this continued investment is the Microsoft engineering verified MXDR solution status that we launched for partners last year.

Making it easier to better protect small and medium businesses

Small and medium businesses are seeing more cyberattacks, with 82 percent of ransomware attacks targeting small businesses.⁵ Due to a lack of internal security specialists, these businesses often look to IT partners to help secure their IT environments.

We are making it easier for partners to deliver security services to their customers:

• For partners who want to build their own SOC or managed detection and response (MDR) service, we are pleased to announce streaming APIs from Microsoft Defender for Business to enable advanced hunting and attack detection. Available in preview in Defender for Business standalone and as part of Microsoft 365 Business Premium.
• With a 3.4 million-person global shortage in the cyber workforce, partners face staffing challenges as much as their customers do.⁶ For those partners who want to resell security services but do not have the resources to invest in an in-house SOC, we are pleased to announce integrations with leading MDR providers. For example, Blackpoint Cyber now offers both a round-the-clock cloud response MDR service for Microsoft 365 environments, including Microsoft 365 Business Premium, and a managed endpoint detection and response (EDR) service for Defender for Business customers. 
• We’re extending mobile protection to SMB customers who may not have a mobile device management solution with Mobile threat defense for standalone Defender for Business customers—now generally available. The new Defender for Business monthly summary report will show threats prevented, current status from Microsoft Secure Score and recommendations, and will help partners to show value to customers.

For details on our SMB-focused announcements, read our Tech Community blog post.

Expanding comprehensive security with product innovations

We continue to offer one of the most comprehensive security solutions in the market and power it with world-class global threat intelligence. Today we announced the following innovations:

• Microsoft Sentinel: To simplify budgeting, billing, and cost management, the Microsoft Sentinel price now includes the Azure Monitor Log Analytics price. To learn more, read the announcement blog.
• Microsoft Defender Experts for XDR: A new managed service gives customers step-by-step guidance to respond to incidents, receive expertise when they need it, and stay ahead of emerging threats.
• Microsoft Purview Insider Risk Management: With the new bring-your-own-detections capabilities, partners can help their customers create custom indicators by bringing in detections from non-Microsoft sources, such as a customer relationship management system like Salesforce or a developer tool like GitHub.
• Microsoft Defender for Cloud Apps: The new open app connector platform makes it easier for partners to plug their solutions into our platform. New API connectors include the preview of Asana and Miro as well as the general availability of software as a service security posture management capabilities for DocuSign, Citrix, Okta and GitHub.
• Microsoft Defender for Endpoint: The settings management experience is now natively embedded into Microsoft Defender for Endpoint for Windows, Linux, and macOS, removing dependencies on Microsoft Intune and the need to switch between portals.
• Microsoft Defender Threat Intelligence: Graph APIs now enable simple exporting and ingestion of data to Microsoft Defender, Microsoft Sentinel, and third-party applications.
• Microsoft Purview eDiscovery: Now generally available, the Microsoft Graph eDiscovery Export API will enable external applications and partners to integrate the eDiscovery export function through scripting.
• Microsoft Purview Information Protection: With this update, confidential and highly sensitive Excel files that are labeled and protected by Microsoft Purview Information Protection can continue to be protected when imported into Microsoft Power BI datasets and reports throughout their lifecycle. Additionally, documents in SharePoint and OneDrive now support labeled and encrypted documents with user-defined permissions. Co-authoring for Word, Excel, and PowerPoint apps now enables document owners to define permissions for people who can have access to shared sensitive documents that are encrypted.
• Microsoft Purview Data Loss Prevention: Microsoft Purview Data Loss Prevention introduces a new capability to allow security teams to create policies that prevent their users from pasting sensitive data to specific websites or web applications.
• Microsoft Defender for External Attack Surface Management: With External Attack Surface Management, you can leverage new data connections to seamlessly integrate your attack surface data into other Microsoft solutions, including Azure Data Explorer and Log Analytics. These data connections will help you supplement workflows with new insights, which will enable you make informed security decisions based on more comprehensive information.

We have been innovating rapidly across the entire Microsoft Security portfolio. In case you missed them, here are a few of our most recent announcements.

• Two new Security Service Edge solutions: Microsoft Entra Internet Access helps protect access against malicious traffic and threats from the open internet. Microsoft Entra Private Access helps secure access to private apps and resources from any device and network.
• Microsoft Azure Active Directory is now Microsoft Entra ID: To unify our product family, we changed the name of Microsoft Azure Active Directory to Microsoft Entra ID.
• Microsoft Intune Suite: In March 2023, we launched the Intune Suite, which unifies mission-critical advanced endpoint management and security solutions into one simple bundle. The suite’s AI-powered automation empowers IT and security teams to move simply and quickly from reactive to proactive in addressing security challenges.
• Adaptive Protection in Microsoft Purview: In early 2023, we launched Adaptive Protection in Microsoft Purview. This new capability dynamically updates data loss prevention controls and policies, turning them to individual users and helping customers identify and mitigate the most critical risks. This saves security teams valuable time while ensuring better data security. Learn more about the features and benefits of Adaptive Protection.
• Microsoft Sentinel reduces investigation time by 88 percent: This year, we unveiled a new context-focused incident investigation experience for Microsoft Sentinel that enables security analysts to reduce their investigation time by up to 88 percent.⁷ We also delivered the ability to automatically disrupt in-progress attacks in Microsoft 365 Defender to help customers prevent devasting breaches. 

2023 Security Partner of the Year Awards

We are excited to announce our 2023 Security Partner of the Year Award winners.

Security Partner of the Year: BDO Digital

BDO Digital is a global company that offers detection, automation, and reduction of overall cybersecurity risks. Many of BDO’s clients’ legacy tools were not equipped to deal with modern infrastructure, and internal security teams did not have the bandwidth to monitor and triage security events. BDO helped improve its clients’ cybersecurity posture by reducing actionable alerts by over 50 percent.

Compliance Partner of the Year: Epiq

Epiq offers advanced data security technology solutions, such as a unique Chat Connector for Microsoft Teams that allows legal teams to effectively assess data for relevant and privileged content. 

Building securely together

As we all consider what we can accomplish with AI now and in the future, I cannot overstate the importance of end-to-end security. This is exactly where we recommend you start with your customers. Help them strengthen their security posture now so that when they deploy AI, they are not vulnerable to attacks. AI solutions will only ever be as strong as their underlying security.

As with any product design, we hold ourselves to high security standards when building, developing, and deploying AI-powered solutions from platforms to applications to processes. We maintain rigorous responsible AI practices, aimed at understanding and mitigating harms, measuring the quality of responses, and fostering a continuous learning environment from customer feedback. A cornerstone of these standards is our commitment to developing solutions that are “secure by design and secure by default.” However, it is important to note that the robustness of security is significantly enhanced when users actively manage and maintain it. Our focus extends to ensuring robust control over data, meaning it won’t be used to train AI models without explicit permission. We advocate for our partners to adhere to these benchmarks while crafting and implementing AI-based offerings for customers—whether the aim is to enhance productivity, automate a business process, or safeguard against threats.

Connect with us at Microsoft Inspire 2023

Microsoft Inspire 2023 is an incredible opportunity to share all the ways AI can support security efforts with our partner ecosystem. If you haven’t registered, there’s still time to reserve your complimentary spot. There, you’ll hear strategies to prepare your organization for AI with comprehensive security and security posture. Hope to see you in these sessions!

• “Springboard customers into the era of AI with end-to-end security” (FS106): This session will spotlight how AI will transform technology for our customers and their security practices. You can also join a live Q&A with the experts.
• “Investments Microsoft is making to accelerate your security business” (ODBRK117): Learn the latest opportunities to expand the offerings of existing customers over the next 12 months with Microsoft Security.
• “Take advantage of the expanding opportunity with end-to-end security” (OD130): Explore how Microsoft Security’s end-to-end solution helps you get ready and get your customers to fully leverage the massive opportunity in the security market.  
• “Securing the channel: protecting customers’ digital transformation” (OD131): Find out more about Microsoft’s vital role in addressing increasing cyberattacks in hybrid and remote work environments, while also hearing of the role of partners in proactively securing customers’ digital transformation.
• “Bridging the cybersecurity gap: security training for partners” (OD132): In this Level 400 session, you’ll experience a new gamified learning simulation that makes Microsoft Security solutions real for you and your teams through interactive scenarios. 
• “Build Your Security Practice” (OD142): Explore how partners can grow revenue and profitability with managed security services with Microsoft 365 Business Premium and Microsoft Defender for Business. We will discuss key SMB trends, new product innovations, and resources to help partners develop successful security service offerings.

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft internal data.

²Internet Crime Report, Federal Bureau of Investigation. 2022.

³The Partner Opportunity For Microsoft Security, Forrester. July 2023.

⁴Gartner® Market Guide for Managed Detection and Response Services, Pete Shoard, Al Price, Mitchell Schneider, Craig Lawson, Andrew Davies. February 14, 2023. 

⁵The Devastating Impact of Ransomware Attacks on Small Businesses, Quinn Cleary. April 4, 2023.

⁶2022 Cybersecurity Workforce Study, (ISC)². 2022.

⁷The Total Economic Impact™ Of Microsoft SIEM And XDR, Forrester. August 2022.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. 

The post Microsoft Inspire: Partner resources to prepare for the future of security with AI appeared first on Microsoft Security Blog.

The response from attendees, who joined from around the globe, was overwhelmingly positive. Attendees, with unique perspectives and diverse experiences, joined keynotes and breakout sessions and asked interesting questions during the Ask the Experts sessions.

We’re thrilled by that reaction. Let’s take a look at a few of the top announcements and insights from Microsoft Secure that got people talking.

Microsoft Security Copilot takes off

The sophistication of cyberattackers and the global shortage of skilled security professionals—an estimated 3.4 million openings—makes it a challenge to respond to threats. Security Copilot combines Microsoft’s leading security technologies with the latest advancements in AI to help your defenders to move at the speed and scale of AI. It augments an analyst’s work, continually learning from users and letting them provide feedback and inform future interactions.

“Microsoft Security Copilot is the first and only generative AI security product that builds upon the full power of GPT-4 AI to defend organizations at machine speed and scale,” said Vasu Jakkal, Corporate Vice President, Microsoft Security, Compliance, Identity, and Privacy, during the Microsoft Secure keynote. “It continuously learns from Microsoft’s unmatched global threat intelligence, security data, and skills to deliver tailored insights, hardened defenses, and faster response.”

Figure 1. From left to right, Charlie Bell and Vasu Jakkal speaking at Microsoft Secure event.

“This is really a ‘better together’ story. Security Copilot combines the most advanced GPT-4 model from OpenAI with a Microsoft-developed, security-specific model, powered by Microsoft Security’s unique expertise, global threat intelligence, and comprehensive security products,” said Charlie Bell, Executive Vice President, Microsoft Security.

Attendees were excited to hear the news, with one calling the keynote “mind-blowing” and another sharing, “Way to go Microsoft! A wonderful overview of an AI application developed for comprehensive guarding security.”

Watch “The future of comprehensive security” keynote for a demonstration of a Security Copilot investigation.

Major announcements drew rave reviews at these breakout sessions

Our keynotes continued after the AI announcement summarizing product news. Then, in breakouts, attendees got up-close and personal looks at what our new features empower them to do. Here are highlights from breakout sessions highly rated by attendees and available to watch now:

• “How identity security protects the bottom line”: During this session, Jarred Boone, Microsoft Product Marketing Manager, Identity Security; Inbar Cizer Kobrinsky, Microsoft Senior Product Manager; and Alex Weinert, Microsoft Vice President, Identity Security, offered insights on the most common identity attacks, and how Microsoft Entra can protect against them.
• “Cyber-safety and IT efficiency fueled by Microsoft Intune Suite”: Ramya Chitrakar, Microsoft Vice President of Engineering for Microsoft Intune, Configuration Manager, and Windows Commercial; and Steve Dispensa, Microsoft Vice President of Product for Microsoft Endpoint Manager, introduced the Microsoft Intune Suite, which unifies mission-critical advanced endpoint management and security solutions into one simple bundle. “Love the new capabilities,” wrote an attendee.
• “How XDR defends against ransomware across the entire kill chain”: Corina Feuerstein, Microsoft Principal Program Manager; Alex Klausner, Microsoft Senior Manager, Product Marketing; and Scott Woodgate, Microsoft Senior Director, Microsoft Security Business, discussed how Microsoft’s extended detection and response (XDR) solution brings together the power of our global threat intelligence, integrated platform security, and AI and automation.

Attendees interacted with Learn Live—and loved it  

A whopping 97 percent of attendees surveyed considered Learn Live valuable. Learn Live is a series of live interactive learning experiences in which experts guide participants through modules on specific security solutions and answer their questions. The first two episodes about Microsoft Sentinel and Microsoft Purview were offered during Microsoft Secure. “Threat hunting with Microsoft Sentinel” on March 28, 2023, instructed attendees on how to proactively identify threat behaviors by using Microsoft Sentinel queries.  

Figure 2. Microsoft employees presenting the “Threat Hunting With Microsoft Sentinel” session at Microsoft Secure.

“Manage insider risk in Microsoft Purview,” also on March 28, 2023, walked participants through insider risk management and how Microsoft technologies can help you detect, investigate, and take action on risky activities in your organization.

Figure 3. Microsoft Employees presenting during the “Manage insider risk in Microsoft Purview” session during Microsoft Secure.

“Just when you feel you have covered a security product or topic reasonably well, Microsoft comes out with new features, innovations, and improvements and then you dig further,” wrote one attendee in an event chat. “This cycle of constant learning and being up to date is so healthily addictive, challenging, and necessary, especially with the rapid pace of improvements. The best thing Microsoft did was bring out Learn! What a fantastic knowledge bank.”

The learning continues. Your last chance to join a Microsoft Secure Learn Live will be April 19, 2023, on “Create, configure, and manage identities” to help you ensure employees and vendors have just enough access to do their job.

Watch Microsoft Secure on-demand and connect with us

Missed an intriguing session, or want to refresh your memory and see a favorite session again? All Microsoft Secure sessions and keynotes are available to watch on demand. You can also read all of our Microsoft Secure announcements to see our top news all in one place.  

Keep engaging with us virtually and in person for more product news. Register for the Pre-Day with Microsoft, which starts at 4:00 PM PT on Sunday, April 23, 2023, before the RSA Conference, and visit the Microsoft Booth in Moscone North Expo. To dive deeper into Microsoft Security solutions, check out Microsoft Secure Technical Accelerator, available on-demand, which includes question and answer sessions, best practices, and technical guidance to help you and your organization implement our comprehensive security solutions.

Learn more

Learn more about Microsoft Security Copilot.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post See product news and on-demand sessions from Microsoft Secure appeared first on Microsoft Security Blog.

To address these challenges, we need new innovations that give busy security teams effective tools to keep data protected. This is why I’m so excited about our upcoming digital event, Go Beyond Data Protection with Microsoft Purview, on February 7, 2023.

I invite you to register now to be among the first to learn about exciting new product announcements, get best practices from Microsoft leaders, including Charlie Bell, and industry experts, and ask questions in a live question-and-answer chat.

Explore brand-new Microsoft Purview capabilities

To protect a fragmented data ecosystem, many organizations have been forced to stitch together several different products from various vendors to form a complete solution. In theory, this may give you the coverage you need, but managing multiple security systems is time-consuming, and if they aren’t well integrated, you expose yourself to risks and may miss something important.

Microsoft Purview works across clouds and platforms to simplify data protection, offering a range of solutions for unified data governance, information protection, risk management, and compliance. We’ve been working hard on exciting new capabilities that use AI and machine learning to help keep your data secure using fewer resources.

Vasu Jakkal, Corporate Vice President, Microsoft Security, and I will announce these innovations at the Microsoft Purview digital event, which will also include a product deep dive by Rudra Mitra, Corporate Vice President, Microsoft Data Protection, Risk, and Compliance, and members of his team. Join us by registering now and saving the event to your calendar.

Secure your data with a multilayered defense

A defense-in-depth approach to data security uses multiple layers of defense to increase visibility and reduce your risk of a breach. It starts with understanding what data you have, where it lives, and who has access to it. Next, it’s critical to protect that data and identify potential risks from external threats and insiders. Using this information will help you institute policies and solutions that can ultimately prevent data loss and unauthorized access.

I’ll walk through this approach in more detail at the event, but you’ll also get an opportunity to hear Usman Abubakar Ehimeakhe, Technical Lead, EY, discuss the importance of creating a data protection strategy. I always get new ideas when I discover how other security leaders implement an approach in their organizations, and I think you’ll get a lot out of this presentation.

Get data protection insights from leaders and analysts

When your daily workload is filled with pressing issues that need attention right now, it can be hard to find time to look ahead or even just gain perspective. Let this event be an opportunity for you to put your strategic hat on. We’ve gathered thought leaders in data protection from across the industry to discuss trends and best practices for securing information in the current climate.

Microsoft leaders like Charlie Bell, Executive Vice President, Microsoft Security, and Jessica Hawk, Corporate Vice President, Data and AI Product Marketing, will talk about what we’ve learned from conversations with our customers and how those insights are helping to shape the Microsoft Purview roadmap.

You’ll also discover what guest Frank Dickson, Group Vice President, Security and Trust at IDC, is seeing in the market and his recommendations for addressing the latest challenges.

Join us at the Microsoft Purview digital event

Explore how to secure your data with a multilayered defense at Go Beyond Data Protection with Microsoft Purview.

Register now to:                                                                                                                

• Learn about transformative new Microsoft Purview capabilities.
• Discover how industry experts are helping customers address data protection challenges.
• Get your questions answered in a live question-and-answer chat.

Learn more about Microsoft Purview.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Digital event highlights new features in Microsoft Purview appeared first on Microsoft Security Blog.

When organizations respond to subject rights requests, they are both meeting their regulatory requirements and providing people with control over their personal data. Although responding to requests can be quite complex, Microsoft Priva Subject Rights Requests can help ease the process—and with the preview arrival of Right to be Forgotten, Priva Subject Rights Requests can further support how organizations respect the privacy of their customers and employees.

Understanding how people think about privacy

As many businesses around the world adapt their privacy practices, having both the tools that help address privacy requirements and a good understanding of how consumers perceive and feel about privacy are key to enabling trust with customers. Microsoft Priva, the brand category for Microsoft Security, was announced at Microsoft Ignite in 2021 by Vasu Jakkal, Corporate Vice President of Microsoft Security, Compliance, and Identity.² Priva solidified our commitment to supporting organizations in their privacy journey with products that help safeguard personal data and manage subject rights requests at scale. For organizations, having processes that help manage their privacy is critical, but it is also valuable to have a deep understanding of how people really think about privacy to guide their practices. We recently commissioned privacy research that explores the emotional textures of privacy and what triggers privacy vulnerability. We learned that when businesses empathize with the privacy concerns people have and transparently address them, they foster trust and differentiate themselves from competitors.

It’s important for organizations to assess the varying causes that spark privacy vulnerability for both their consumers and their business. For example, a consumer may feel anxious or helpless because they don’t know how their personal data is being used. However, if they are provided with transparency of how their data is being used and given clear options that enable the control of their data, their insecurities could be eased and trust in the process earned. For a business, privacy vulnerability could present itself through limited transparency or basic compliance—leaving room for privacy risk to potentially unfold. For instance, a business that might fulfill a data subject request unconvincingly, or with basic effort, could be managing its privacy at a vulnerable level. If that business were to practice a “beyond-compliance,” human-centered privacy approach, they could yield practices that help them build privacy resilience—helping them stand apart from their competitors while they earn trust from their customers.

Figure 1. The differing perspectives of consumers and businesses regarding privacy vulnerability versus privacy resilience.

The above figure demonstrates a privacy scale ranging from vulnerable to resilient and includes both consumer and business perspectives. On the consumer side, it ranges from feeling anxious, helpless, and lacking knowledge or motivation in protective coverage to secure, being in control, trusting the process, and being skilled in protective coverage. On the business side, it ranges from basic compliance, limited transparency, minimal control, and reactive approaches to beyond compliance, authentic privacy care, reciprocating data for value, and a proactive approach to consumer protection.

Microsoft Priva Subject Rights Requests can help

Many times, even though an organization may be focused on a proactive privacy approach, managing and responding to subject rights requests can be a tedious and cumbersome process. It can be extremely time-consuming and taxing as they are also time-bound, bringing extra complexity to the organization. Responding to these requests often requires a tremendous amount of collaboration and manual review, and producing just a single request can be quite expensive. Nonetheless, completing these requests is not just an obligatory requirement, but also a tangible way that expresses respect for customer and employee privacy.

Priva helps organizations more efficiently manage requests at scale—Priva Subject Rights Requests automates the search and collection of content relevant to the data subject and facilitates tasks such as in-line review, redaction, and collaboration, all from an easy-to-use dashboard. Admins can easily get started by leveraging request templates that help them create requests with recommended default configurations and use Microsoft Power Automate integration, as well as API support to better fit into their existing processes.

Figure 2. Priva Subject Rights Requests overview dashboard showing insights.

Priva Subject Rights Requests help admins meet the strict deadlines associated with regulations like GDPR and ease the administrative burden of tedious tasks related to collection, review, and redaction. Completing a request also often requires teamwork from various departments within the organization. Priva provides secure collaboration through Microsoft Teams and keeps a history tab, highlighting actions taken from all collaborators for easy auditing—streamlining the complexity of requests from beginning to post-completion.

Microsoft Priva Subject Rights Requests highlights:

• Automates discovery: Gathers the requestor’s personal information and detects data conflicts such as sensitive information or data pertaining to other users.
• In-place review and secure collaboration: Review files in place in their native views, perform redactions in-line with built-in tools, and consolidate collaboration within a protected platform.
• Ecosystem integration: Plugs into an organization’s existing process to manage requests in a unified way across the digital estate. Microsoft Graph subject rights requests API integrates Priva Subject Rights Requests with in-house or partner-built privacy solutions.

The newest Priva Subject Rights Requests update, Right to be Forgotten, is here

Video 1. Microsoft Priva Subject Rights Requests (SRRs) new feature Right to be Forgotten is now in preview. See how we demonstrate going through a delete request using Microsoft Priva.

Both GDPR and CCPA include the Right to be Forgotten, giving people the ability to request the deletion of all the information an organization has collected about them, with a few outlined exceptions that allow data retention. For example, a former employee in an EU-based company believes she left documents containing her personal data in SharePoint. The employee can exercise her right to her personal data and make a subject rights request for deletion with that organization. As Priva Subject Rights Requests continues to evolve, we are excited to share the preview release of Right to be Forgotten, helping organizations meet requests such as the employee’s request for deletion.

This marks a significant update for Priva Subject Rights Requests as with this new feature, admins can now select delete as a request type, or get started with the delete template and get purpose-built flows that help surface conflicts and streamline deletion—leveraging the Microsoft retention and deletion platform and working better together with teams already using data lifecycle management and records management. This feature will also enable admins to have the flexibility to select different approvers for any given request and, once the workflow is complete, access to the reports tab where they can view their summary report and review results.

Figure 4. Delete request in the approval stage, showcasing approver details and the complete approval button.

Learn more

Although completing subject rights requests can be complex, Microsoft Priva Subject Rights Requests can help ease the process. As organizations continue to adapt to the privacy changes that impact their customers and their business, we are reminded that although changes to the privacy landscape are inevitable, there are resources to support these shifts. We invite you to learn more about Priva Subject Rights Requests by downloading our free eBook and encourage you to try Microsoft Priva Subject Rights Requests free trial today.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

¹State of Privacy: The Privacy Tech Driving a New Age of Data Wealth, Gartner®. August 2022.

²Protect your business with Microsoft Security’s comprehensive protection, Vasu Jakkal, Microsoft Security. November 2, 2021.

The post Simplify privacy protection with Microsoft Priva Subject Rights Requests appeared first on Microsoft Security Blog.

It’s easy to become so preoccupied with protecting against the next ransomware attack that you overlook risks within your own organization. Insider leaks of sensitive data, intellectual property (IP) theft, fraud, regulatory violations—any of these can crash a company (and your career) as quickly as a headline-grabbing breach. Given the breadth of today’s digital estate—on-premises, in the cloud, and at the edge—Microsoft Purview provides the inside-out, integrated approach that an effective CISO needs to reduce the risk of internal and external data breaches before they occur. Here are some things to consider, both when prioritizing for yourself and talking to your board of directors.

Mind your own house—insider threats

As the “Great Resignation” or “Great Reshuffle” rolls on, organizations worldwide are dealing with large numbers of people heading for the exits—and climbing aboard. Results from Microsoft’s most recent Work Trend Index indicate that 43 percent of employees are likely to consider changing jobs in the year ahead. This massive shift in employment status has been accompanied by the “Great Exfiltration.” Many of those transitioning employees will, intentionally or not, be leaving with sensitive data stored on personal devices or accessed through a third-party cloud. During 2021, 15 percent of workers uploaded more corporate data to personal cloud apps as compared to 2020. What’s more alarming, 2021 also saw 8 percent of exiting employees upload more than 100 times their usual data volume.²

As a CISO, you’re responsible for data spread across multiple platforms, devices, and workloads. You’ll need to consider how that technology interacts with your organization’s business processes. That includes having policies in place to prevent data exfiltration; especially if you work in a regulated industry, such as finance or healthcare. It starts with asking: Who can access the data? Where should the data reside (or not reside)? How can the data be used? How do we prevent oversharing? A modern data loss prevention (DLP) solution—cloud-native and comprehensive—enables you to centrally manage all your DLP policies across cloud services, devices, and on-premises file shares. Even better, this type of unified DLP solution requires no additional infrastructure or agents, helping to keep costs down. Even in a time of great change, today’s workplace requires that people remain free to create, manage, and share data across platforms and services. However, the organizations they work for are often constrained by limited resources and strict privacy standards when seeking to mitigate user risks. For that reason, you’ll need tools that can analyze insider threats and provide integrated detection and investigation capabilities. The best solution for insider threats will be:

• Transparent—balancing user privacy with organizational risk by using privacy-by-design architecture.
• Configurable—enabling policies based on your industry, geographical location, and business groups.
• Integrated—maintaining a workflow that’s integrated across all your data, wherever it resides.
• Actionable—providing insights to enable reviewer notifications, data investigations, and user investigations.

Protecting against insider threats should include templates and policy conditions that define which triggering events and risk indicators require examination. For that reason, your insider-risk solution should be able to look at potential risk patterns across the organization, as well as investigate risky activity with end-to-end workflows. Furthermore, a solution that helps detect code of conduct violations (harassing or threatening language, adult content, and sharing sensitive information) can be a reliable indicator for possible insider threats. Machine learning will help provide greater context around certain words or key phrases, so investigators can speed up remediation.

Automate and integrate your data strategy

Because many organizations resist going all-in on one vendor, most CISOs have to deal with data spread across a patchwork of on-premises and cloud storage. Though clunky, legacy data silos are a fact of life. If large volumes of “dark data” aren’t correctly classified as sensitive, then it becomes difficult to protect personally identifiable information (PII) or sensitive corporate IP and implement data loss prevention policies. A thrifty CISO needs to simplify wherever possible, using a comprehensive solution to help protect the entire digital estate. A good data management solution should provide both the flexibility for users to manually classify their documents, as well as system administrators applying auto-labeling and machine learning-trainable classifiers.

• Data discovery: It’s not unheard of to discover that an employee unknowingly stored a customer’s Social Security Number (SSN) on an unprotected site or a third-party cloud. That’s why you’ll want a data management solution like PII that automatically identifies sensitive data using built-in sensitive information types and regulatory policy templates, such as General Data Protection Regulation (GDPR) and Health Insurance Portability and Accountability Act of 1996 (HIPAA). And since sensitive data can land anywhere, the right solution needs to use automation to cast a wide net across on-premises, multicloud, operational, and software as a service (SaaS) data.

• Data classification: Look for unified built-in labeling that’s already integrated with broadly used applications and services, allowing users to further customize sensitivity levels for their specific needs. The right solution should also allow automatic labeling and policy enforcement across an organization for faster classification and data loss prevention deployment at enterprise scale. In addition, look for unified data management solutions that identify and classify sensitive data found on-premises, multicloud, and SaaS to create a holistic map of your entire data estate.

• Data governance: You want your organization’s data to be discoverable, trusted, and stored in a location where it can be readily protected. Storing data longer than necessary increases your risk of exposure in a breach. On the other hand, deleting data too quickly can put your organization at risk of regulatory violations. Data retention, records management, and machine learning capabilities solve this problem by classifying data and automatically applying lifecycle policies, helping you manage risk and liability by keeping only the data you need and deleting what you don’t.

Make data protection a team effort

A primary responsibility for any CISO is to protect the organization’s IP, such as software source code, patented designs, creative works—pretty much anything that gives the business a competitive edge. But with the growth of big data and changing regulatory standards, CISOs are also expected to protect user data, such as PII, personal health information (PHI), and payment card industry (PCI) data. Privacy laws are also increasing restrictions on the use, retention, and location of user data, both internally and with third-party vendors.

In addition, hybrid and multicloud services create new challenges by distributing data’s geographic origins, storage location, and user access points. Today’s CISO needs to work with colleagues in data protection, privacy, IT, HR, legal, and compliance, meaning, you may be sharing duties with a Chief Data Officer (CDO), Chief Risk Officer (CRO), Chief Compliance Officer (CCO), and Chief Information Officer (CIO). That’s a lot of acronyms at one table. So, rather than duplicate efforts or compete for territory, an effective CISO should adopt a unified solution for data protection that helps eliminate potential redundancies and keeps your entire security team working off the same script.

Bonus tip—simplify

We all know the days of firewalls and perimeter-based security aren’t coming back. Enabling an effective Zero Trust approach requires the ability to protect data across a multicloud, multiplatform environment. Microsoft’s decision to unify data protection, governance, and compliance capabilities as Microsoft Purview—bringing together the former Microsoft Azure Purview and Microsoft 365 Compliance portfolio under one brand—reflects our belief that organizations need a simpler approach to data protection.

If you’re already a Microsoft 365 E5 or Microsoft 365 E5 Compliance customer, head over to the revamped Microsoft Purview compliance portal to check out some of these changes. If you’re an existing Azure Purview customer, visit the new Microsoft Purview governance portal. To learn more and get started, visit the Microsoft Purview website or start a free trial today.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

¹ Cost of a Data Breach Report 2021, Ponemon Institute, IBM. 2021.

² With the ‘Great Resignation’ comes the ‘Great Exfiltration’, Kevin Townsend. January 11, 2022.

The post So you want to be a CISO: What you should know about data protection appeared first on Microsoft Security Blog.

But constant connectivity brings evolving, inherent risks. Over the past two years, organizations have seen a massive increase in their digital footprint, leading to data fragmentation and growth across a multitude of applications, devices, and locations. The Great Reshuffle left blind spots within ever-enlarging data estates.¹ Dark data, which organizations pay to store, but goes underutilized in decision making, is now growing at a rate of 62 percent per year.²  Even the virtual office has created the risk of new collaboration mediums opening doors to harassment, sensitive data leaks, and other workplace policy infractions. It’s a big digital world for any organization to try to manage. 

The lines between risk roles are blurring 

Just as today’s big-data, multiplatform, hyper-connected workplace brings new vulnerabilities, the responsibility for protecting it is also in flux. For example, an organization with a Chief Data Officer (CDO), Chief Risk Officer (CRO)/Chief Compliance Officer (CCO), Chief Information Security Officer (CISO), and Chief Information Officer (CIO) has to choose whether they will duplicate, compete, or collaborate. Conditions that are driving the need for integrated risk management include:

• The pandemic: Ongoing decentralized work has reinforced the need for strategic, operational, and business continuity management. All of this requires cross-functional data sharing and coordination. 
• Nation-state attacks: Increasing sophistication and frequency of nation-state attacks is driving collaboration between compliance, data, and security functions. 
• Remote work: Virtual communication spaces require coordination between compliance, IT, and HR. 
• Evolving regulations: New requirements, like those from the Office of Foreign Assets Control (OFAC), Department of Justice (DOJ), and the European Union Whistleblower Directive require collaboration among all risk-management leaders.
• Data sharing: Requirements for continuous access to operational data across functions (read the DOJ’s requirements for compliance programs).  
• Growing CDO responsibilities: The CDO’s role may go beyond data management and protection to include business intelligence, AI, and machine learning. Because this role can overlap with a Chief Analytics Officer (CAO) and CISO, a unified solution for risk management is vital to eliminating redundancies.
• Governance and compliance: Overlap between information governance, records management, and data collection is driving the need for a comprehensive solution for managing data risk.

The market has responded with dozens of products that force security, data governance, compliance, and legal teams to stitch together a patchwork of solutions. This approach not only strains resources, but it’s also ineffective. Security outcomes are worse—audits are failed and brand reputations are damaged.

Introducing Microsoft Purview 

To meet the challenges of today’s decentralized, data-rich workplace, we’re introducing Microsoft Purview—a comprehensive set of solutions that help you govern, protect, and manage your entire data estate. This new brand family combines the capabilities of the former Azure Purview and the Microsoft 365 Compliance portfolio that customers already rely on, providing unified data governance and risk management for your organization.

The new Microsoft Purview:

• Helps you gain visibility into assets across your entire data estate.
• Enables easy access to all your data, security, and risk solutions. 
• Helps safeguard and manage sensitive data across clouds, apps, and endpoints.
• Manages end-to-end data risks and regulatory compliance.
• Empowers your organization to govern, protect, and manage data in new, comprehensive ways. 

Microsoft Purview brings together data governance from Microsoft Data and AI, along with compliance and risk management from Microsoft Security. Microsoft Purview is also complemented by identity and access management, threat protection, cloud security, endpoint management, and privacy management capabilities—creating a truly comprehensive approach to security.

Microsoft Purview at a glance

Securing multicloud and multiplatform environments

Because organizations now operate across multiple clouds and on-premises platforms, we’ve expanded Microsoft Purview’s capabilities to include data protection for macOS users, as well as offering new data classifiers, protection for mobile devices, and data lifecycle management.

• To extend Microsoft Purview’s capabilities for macOS users, we’re excited to announce the general availability (GA) of Microsoft Purview Data Loss Prevention (DLP) for macOS endpoints. Now organizations can extend their endpoint DLP insights and controls to devices running macOS (Catalina or higher). In addition, the preview of restricted app groups for Windows endpoints allows organizations to scope different access restrictions to sensitive files between a set of sanctioned or unsanctioned applications. Learn about Microsoft Purview DLP for macOS endpoint.
• Before sensitive data can be safely shared, it first needs to be identified. To that end, we’re extending our sensitive information type catalog with more than 50 new classifiers. The new classifiers are available for DLP, Information Protection (auto-labeling), Data Lifecycle Management, Insider Risk Management, Records Management, eDiscovery, and Microsoft Priva. Explore the new data classifiers in Microsoft Purview.
• With remote users now regularly accessing files from multiple locations, devices, and apps, organizations shouldn’t have to compromise on security for productivity. To help address this, the preview of co-authoring of encrypted documents for mobile devices (iOS and Android) enables multiple users to work simultaneously on Microsoft 365 apps and documents with autosave, allowing for enhanced real-time collaboration and productivity. Learn about co-authoring of encrypted documents.
• Within any document file’s lifecycle, organizations need to be able to configure retention and deletion settings. To help simplify that process, we’re announcing the preview of multi-stage retention in Microsoft Purview Data Lifecycle Management (formerly Microsoft Information Governance), which automatically applies a new label when an item reaches the end of its retention period. Learn more about multi-stage retention from Microsoft Purview Data Lifecycle Management.

Protecting your business and employees in a hybrid work environment

Employees don’t gather around the water cooler anymore. They’re communicating across digital channels and personal and corporate devices. Microsoft Purview helps protect your organization’s data with Insider Risk Management, eDiscovery, Communication Compliance, and more.

• Many organizations have had to adapt to a changing workforce during the Great Reshuffle. Recent enhancements to the detection and investigation capabilities of Microsoft Purview Insider Risk Management help provide security teams with additional context and actionable insights to keep data secure, including expanded coverage with Microsoft Defender for Cloud Apps. Learn about Microsoft Purview Insider Risk Management.
• Sensitive data isn’t confined to business transactions. According to the 2022 Work Trend Index annual report from Microsoft, employees are communicating over a greater variety of digital channels. With so much internal chatter, robust data and document discovery are essential for organizations responding to both internal investigations and external inquiries. To help meet that need, we’re excited to announce additional capabilities for Microsoft Purview eDiscovery (Premium), which improve the identification of relevant data in Microsoft Teams and help manage legal holds with new reporting functionality. Learn about Microsoft Purview eDiscovery.
• To help organizations maintain a positive work culture and a strong commitment to user privacy, Microsoft Purview Communication Compliance helps detect code of conduct violations (including harassing or threatening language, adult content, and sharing sensitive information). We’re excited to announce new features, including expanded optical character recognition, machine learning model highlighting, reduced detection-to-investigation time, and step-by-step onboarding guidance. Protect your employees and business with Microsoft Purview Communications Compliance.
• To help organizations save time and manual efforts, we’re excited to announce the general availability of continuous compliance assessments in Microsoft Purview Compliance Manager. This feature allows customers to understand and act on over 150 recommendations across our suite of solutions—increasing customers’ ability to measure and manage their data handling from a single location. Learn more about continuous assessments in Microsoft Purview Compliance Manager.

Enhancing data governance across compliance and privacy imperatives

Microsoft Priva complements Microsoft Purview’s data governance and compliance portfolio. Acting as a separately available privacy management solution that proactively identifies and helps protect against privacy risks, Priva provides visibility into organizations’ privacy postures. This includes associated privacy risks arising from personal data transfers, overexposure, and hoarding. Priva’s policy-driven templates also help customers adhere to common privacy regulations and requirements.

At the same time, Priva provides the flexibility to customize policies for user groups, data locations, conditions, and notifications. As the foundation of enterprise privacy management, Priva automatically recommends risk-remediation actions and subject rights requests at scale—offering built-in review and redact capabilities and integration with business processes and APIs.

We protect data to protect people 

Regulations regarding data governance don’t exist in a vacuum. Their purpose is to help create a more ethical digital world. A strong solution is built around strong principles. It’s designed to protect customers’ data, keep employees’ workplaces safe, and protect the business. At Microsoft, we don’t do these things just because they’re required, we do them because they’re right.   

There’s no going back to the days of perimeter-based security. Enabling an effective Zero Trust approach requires the ability to govern, protect, and understand data coming from an ever-widening array of endpoints. Similarly, the number of tools we use for work will also grow. And with it, the challenge of having to protect data and manage risk across a multicloud and multiplatform environment. 

The unification of Microsoft’s data governance and compliance capabilities to Microsoft Purview reflects our belief that the world needs a simpler and more unified approach to data. We want to help you get the most out of your data while simultaneously managing risk and compliance. If you’re already a Microsoft 365 E5 or Microsoft 365 E5 Compliance customer, head over to the revamped Microsoft Purview compliance portal to check out some of these changes. If you’re an existing Azure Purview customer, visit the new Microsoft Purview governance portal. To learn more and get started, visit the Microsoft Purview website or start a free trial today.

Join other cybersecurity professionals at the Microsoft Security Summit digital event on May 12, 2022. Hear exciting product announcements and discover solutions you can use to lay the foundation for a safer and more innovative future. Register now.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

¹How Microsoft can help reduce insider risk during the Great Reshuffle, Alym Rayani, Microsoft Security. February 28, 2022.

²Shed light on your dark data before GDPR comes into force, CIO, April 2018.

³September 2021 survey of 512 US compliance decision-makers commissioned by Microsoft from Vital Findings.

⁴February 2022 survey of 200 US compliance decision-makers (n=100 599-999 employees, n=100 1000+ employees) commissioned by Microsoft with MDC Research.

The post The future of compliance and data governance is here: Introducing Microsoft Purview appeared first on Microsoft Security Blog.

These workplace shifts test and break an organization’s compliance postures as executive, IT, and risk professionals take stock of resulting gaps and blind spots. Research from Carnegie Mellon University’s CyLab, with support from Microsoft, found that a majority of surveyed organizations had experienced over five malicious insider threat incidents in the last year (69 percent of respondents), and over 10 inadvertent or data misuse incidents (58 percent of respondents).¹

Underscoring the stakes of the moment is the business sector’s high-profile challenge: the Great Reshuffle of employee roles and talent. Microsoft’s 2021 Work Trend Index found that 41 percent of the global workforce was considering leaving their employer due to burnout and a lack of workplace flexibility.² The cyber risk ramifications of reshuffles like this are clear when you consider the data exposure that can occur with a mix of departing employees and new staff unfamiliar with the organization’s security and compliance policies.

The best course of action for navigating the changing data landscape isn’t overly restricting employee access or aggressively punishing small errors. Organizations need a solution that lends employees the access they need while providing IT teams tools to quickly identify risky insider activity. This balance of trust is critical when implementing an insider risk program and can create a culture of empathy that empowers employees to work safely and independently.

We’re excited to announce a few new features that can help organizations better manage their insider risks, while also facilitating a corporate culture of safety and respect.

Improving insider risk management visibility, context, and integrations

Identifying and managing security and data risks inside your organization can be challenging. Insider risk management in Microsoft 365 helps minimize internal risks by empowering security teams to detect and act on malicious and inadvertent activities in your organization. Where traditional tools and strategies may focus on preventing sensitive data from leaving your organization, insider risk management leverages machine learning to correlate signals around risky user behavior and identify which activities may result in data theft or data leakage. These insights help security teams to identify potential concerns and can help accelerate time to action.

Communication compliance in Microsoft 365 helps organizations foster safe and compliant communications across corporate communications. In the world of hybrid work, organizations seek out communication and collaboration tools to empower employees to do their best work. At the same time, they need to manage risk in communications to protect company assets, fulfill regulatory compliance obligations, and detect code of conduct violations, like harassing or threatening language, sharing of adult content, and inappropriate sharing of sensitive information. We are honored that  Gartner® has listed Microsoft as a Leader in its 2022 Magic Quadrant™ for Enterprise Information Archiving, a market “designed for archiving data sources to a centralized platform to satisfy information governance requirements.”³

Built with privacy by design, the solutions ensure that user names are pseudonymized by default, role-based access controls are built-in, and investigators must be explicitly added by an administrator.

Today, Microsoft is excited to announce new functionalities in insider risk management and communication compliance for Microsoft 365:

• Enhancements to sequence detections.
• Enhancements and additions to insider risk investigation capabilities.
• Enhanced cumulative exfiltration anomaly detection capabilities.
• Enhanced audit trail of investigator and analyst activity.
• New classifier to detect customer complaints made about your organization’s products or services in communication compliance.

Microsoft 365 E3 customers are welcome to sign up for an Insider Risk Management Trial or the Microsoft E5 Compliance Trial through the Microsoft compliance center.

Enhancements to sequence detections

To help security and risk management teams accelerate time to action when it comes to insider risk management, it’s important to provide a rich context of risky user activity that goes beyond a transactional view.

In 2021, we introduced sequence detection to help analysts and investigators identify a series of connected activities and get a better understanding of intent. Today, we’re excited to announce enhancements to our sequence detections, including the ability to identify changes in document sensitivities, such as a document label being downgraded from Confidential to Public in an effort to evade detections. Insider risk can also detect sequences that may start on an endpoint device, providing greater visibility into the risky activity that may start on a workstation or device. We’ve also included additional exfiltration signals to broaden the coverage of sequences, including visibility for when a user uploads data to a cloud as a potential exfiltration step.

Enhancement and additions to insider risk investigation capabilities

With insider risk management, your security, data protection, or investigative teams have new tools and capabilities to better understand and investigate the risky activities happening in your environment.

This update includes an improved user experience for drilling down into sequences within the activity explorer. With these latest updates, security teams can get better insights into user activity types, including the ability to filter by activity category in the user activity view.

The improved alert triage experience in insider risk management includes a new summary user alert history timeline to provide better context, as well as an enhanced alert overview page.

Furthermore, insider risk management administrators can now set up email notifications for high severity alerts or for policy health recommendations.

Enhanced cumulative exfiltration anomaly detection capabilities

With cumulative exfiltration anomaly detection (CEAD) in insider risk management, organizations can leverage machine learning models to detect when a user’s exfiltration activities exceed the organizational averages. This can help to detect exfiltration activities that security teams might traditionally miss through data loss prevention (DLP) or structured policies alone. Learn more about CEAD.

With these latest updates, there are new visuals to represent potentially risky activity, making it easier for investigative or analyst teams to review and triage user activity against the organizational normal. CEAD will also prioritize cumulative exfiltration of sensitive documents based on prioritized SharePoint sites and built-in sensitive information types, as well as Microsoft Information Protection (MIP) label prioritization.  

Enhanced audit trail of investigator and analyst activity

When security or investigative teams are looking into organizational activity, it is crucial that investigations align with regulatory requirements and your organization’s compliance and security policies. It is also key to ensuring objectivity on the part of the investigators and analysts who are reviewing user activities.

Microsoft is announcing new audit events for insider risk management, including audit events of activities within the content explorer, activity explorer, and user timeline. These additional audit log events mean that anyone reviewing audit logs will have a better understanding of what investigators or analysts did within the insider risk management interface.

New customer complaints model in communication compliance

In highly regulated industries, such as financial services, pharmaceuticals, and food, organizations are mandated by law to track and address customer complaints made on their products or services. We are excited to announce the preview of a new customer complaint classifier that detects possible complaints filed by customers and surfaces matches for customer complaint management.

This new feature can help organizations meet regulations that mandate detection and triage of complaints, such as the Consumer Financial Protection Bureau and the Food and Drug Administrator requirements. Additionally, this feature can help organizations gain insight into how to improve their products and services.

Microsoft partners with other security leaders to address insider risk

In addition to our work in growing the capabilities of our insider risk management and communication compliance solutions, Microsoft is focused on reducing insider risks through partnerships and knowledge sharing. Microsoft is a Founding Research Sponsor of MITRE Engenuity’s Center for Threat-Informed Defense (Center), which launched a knowledge base to identify insider threats. See the Center’s release announcement here.

This latest resource from the Center is designed to help insider threat programs and security operation centers (SOCs) “detect, mitigate, and emulate insider actions on IT systems” and to stop those behaviors deemed risky or damaging. These resources include a Knowledge Base of Tactics, Techniques, and Procedures (TTPs) and the Design Principles and Methodology report.

As a Founding Research Sponsor, Microsoft researchers and security practitioners collaborated with other security industry partners to share TTPs and insights for what we are seeing in the insider risk space. “Microsoft’s work with the Center team and other security leaders confirms that insider risks pose a huge threat and that detection requires context beyond standard TTPs. Through this program, Microsoft’s Digital Security and Resilience and engineering teams partnered with and learned from others, and we are excited to see the collaboration in this space grow,” shared Rob McCann, Principal Data Scientist in Microsoft’s Security Research division. “This initial Knowledge Base sets the stage for industry-wide expansion and increased awareness of insider risk across the security community, and helps lay a foundation for further development and understanding of the insider risk landscape. This is an exciting step forward, and we’re grateful to have been a part of it.”

The insights and learnings from Microsoft’s participation in the Center have reaffirmed the priorities that have shaped Microsoft’s investments, both internally and in solutions available to our customers, including insider risk management.

Building an effective insider risk program

Over the past 18 months, we have seen high-profile insider risk incidents across a number of industries, ranging from data theft to corporate code of conduct violations. Recent high-profile examples have included the theft of confidential documents related to COVID-19 vaccines in the pharmaceutical industry to workplace harassment.

PwC and Microsoft advocate for an enterprise-wide approach to insider risk by leveraging key stakeholders to identify potential insider risks and tailor technical controls to address them. See how your organization can benefit from this approach by downloading the PwC and Microsoft whitepaper Building an effective insider risk management program.

Get started

These new features in insider risk management and communication compliance for Microsoft 365 have already rolled out or will start rolling out to customer tenants in the coming weeks. These solutions are also generally available across government clouds, supported in Government Community Cloud (GCC), GCC-High, and US Department of Defense (DoD) tenants.

We are happy to share that there is now an easier way for you to try Microsoft compliance solutions directly in the Microsoft 365 compliance center. By enabling the trial in the compliance center, you can quickly start using all capabilities of Microsoft Compliance, including insider risk management, communication compliance, records management, Advanced Audit, Advanced eDiscovery, MIP, DLP, and Compliance Manager.

If you are a current Microsoft 365 E3 user and interested in experiencing insider risk management, check out the Insider Risk Management Trial or the Microsoft E5 Compliance Trial to see how insider risk solutions and analytics can give you actionable insights.

Learn more about how to get started and configure policies in your tenant in the supporting documentation for insider risk management and communication compliance. Keep a lookout for updates to the documentation with information on the new features over the coming weeks.

Explore more about the importance of managing insider threats.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

¹Insider Risk Management Program Building: Summary of Insights from Practitioners, CyLab, Carnegie Mellon University. May 2021.

²The Great Reshuffle and how Microsoft Viva is helping reimagine the employee experience, Seth Patton, Microsoft 365. September 28, 2021.

³Gartner, Magic Quadrant for Enterprise Information Archiving, Michael Hoeck, Jeff Vogel, Chandra Mukhyala, Gartner. January 24, 2022.

Gartner and Magic Quadrant are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

The post How Microsoft can help reduce insider risk during the Great Reshuffle appeared first on Microsoft Security Blog.

However, annual reminders are insufficient to drive material change, which can be seen in the effectiveness rates of one-off trainings. According to the forgetting curve theory, employees forget about 75 percent of training after just six days.¹ Imagine the lack of knowledge retention for employees of organizations that only do annual privacy training.

To help you with this challenge, we are excited to re-emphasize our commitment to helping organizations build a privacy-resilient workplace with Microsoft Priva, which was announced by Vasu Jakkal, Corporate Vice President of Microsoft Security, Compliance, and Identity, last year at Ignite. Microsoft Priva is the new brand of privacy solutions provided by Microsoft moving forward. Currently, the Microsoft Priva solution offers two products:

1. Priva Privacy Risk Management: Proactively identify and remediate privacy risks arising from data transfers, overexposure, and hoarding, and empower information workers to make smart data handling decisions.

2. Priva Subject Rights Requests: Manage subject rights requests at scale with automated data discovery and privacy issues detection, built-in review and redact capabilities, and secure collaboration workflows.

Managing privacy data requires understanding the context around the data, including why information workers collect the data and the intent of use. The integration of Microsoft Priva with your day-to-day productivity tools and business applications gives organizations the power to effectively influence employees to make positive decisions on personal data handling. The in-the-moment nudges drive fundamental behavioral changes, helping people make good data handling decisions in the context of their daily activities.

For example, when a user collects personal data but hasn’t used it for more than 180 days, it may no longer have business value but can increase the risk surface area. To adhere to a principle of data minimization, Microsoft Priva can send a system-generated reminder to the data owner to review the file and make a decision to delete or provide a business justification to keep it. Users can easily take action within the Outlook interface, safeguarding personal data without impeding productivity.

Figure 1. Help identify unused personal data and empower users to make smart data handling decisions.

Privacy administrators can also set up policies to detect personal data overexposure and notify data owners to review access to the file, with similar experience in the abovementioned example. This feature can help companies who audit file or site access manually, which could be time-consuming and overlook risks between audits.

Microsoft Priva can also help govern communication to support organizations meeting data transfer requirements. In Microsoft Teams, the most commonly used communication platform, users can receive near-real-time notifications and guidance when sending personal data across regions or departments. Privacy administrators can customize the transfer boundaries to adhere to the company’s privacy policies.

Figure 2. Detect cross-border or cross-department data transfer in Teams and provide just-in-time guidance.

In addition to the user experience, Microsoft Priva also provides an aggregated view of privacy posture showing key insights of detected privacy risks. Admins can easily spot privacy issues and fine-tune policies to engage with users. Microsoft Priva solutions are designed with the concept of privacy by default. User information is pseudonymized by default in the admin interface.

Figure 3. Provide an aggregated view to admins to gain visibility into privacy issues.

Since launching Microsoft Priva, we heard great feedback from customers, including Novartis, the world’s leading pharmaceutical company, which is currently in a trial with Microsoft Priva solutions.

“Microsoft Priva will help us identify and prevent critical privacy risks that arise from transferring private data across borders and oversharing. We’ll empower our employees to mitigate risks themselves, freeing our IT resources to focus on more urgent high-severity risks.”—Beni Gelzer, Head of Data Privacy (Switzerland), Novartis

Read more about how Novartis uses Microsoft Priva to enable its employees with a solution that works with them.

Learn more

Microsoft Priva solutions are generally available for customers as an add-on to all Microsoft 365 or Office 365 enterprise subscriptions. If you are interested in learning more about Microsoft Priva solutions, we encourage you to start the 90-day free trial today to experience the product directly. If you can’t see the “start trial” button on the page, contact your Global Admin to gain permission for the solution. Learn more about the trial program in this trial playbook.

We hope that Microsoft Priva can help increase your employees’ awareness of data privacy continuously throughout the year so that you can build a privacy resilient workplace. Happy international Data Privacy Day!

To learn more about Microsoft Security solutions visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity. 

¹The Forgetting Curve, Data & Visuals, Harvard Business Review. October 2019.

The post Build a privacy-resilient workplace with Microsoft Priva appeared first on Microsoft Security Blog.

This means extending data protection across all aspects of a business: people, places, processes, and products. Risk and security practitioners will benefit from an end-to-end data governance solution to help protect data, manage risks, and satisfy regulatory requirements. Let’s explore how to introduce a comprehensive approach to data protection within your organization.

1. Identifying and protecting sensitive data

Information protection starts with data discovery, understanding your data landscape, and identifying important data across your hybrid environment. The next priority is protection, working to strike a balance between security and productivity. The third is data loss prevention (DLP). One of the biggest DLP challenges is responding to data exfiltration from within an organization. A holistic approach can detect such threats sooner, especially when coupled with an effective insider risk solution and program.

2. Identifying and managing insider risks

Investigating and remediating both malicious and inadvertent activities within your organization is critically important. In conjunction with DLP, insider risk management can offer the context necessary to better employ policies to help enforce the rules and identify risks.

3. Managing compliance

When prioritizing which data to protect, enterprises must also consider internal and external requirements that dictate how their data is handled. Not abiding by regulations could mean costly fines and increased risk. A compliance manager solution can help with everything from taking inventory of data protection risks and staying current on regulations to reporting for auditors. It should be included in a holistic solution.

Expertise from the new season of Uncovering Hidden Risks

Interested in exploring this data protection approach but not sure how to get started? Future episodes of the Uncovering Hidden Risks podcast will give risk, security practitioners, and C-suite leaders an expert resource as they tackle important questions and reduce their overall risk.

Launching in March 2022, the third season of the podcast will offer monthly episodes featuring an expert panel of Microsoft leaders and community influencers. Podcast episodes will explore: 

• Risk management and data protection.  
• Data governance.
• Industry trends.
• Customer challenges.

This series joins security-focused Microsoft podcasts Security Unlocked, Security Unlocked: CISO Series with Bret Arsenault, and Afternoon Cyber Tea with Ann Johnson on the CyberWire platform. Uncovering Hidden Risk episodes will also be syndicated across your favorite podcast platforms including iTunes, Spotify, Google Podcasts, and Stitcher. Look forward to more details in a future blog post. 

Explore holistic data protection

A holistic approach to data protection can help your organization adapt to changes in your risk landscape. That approach involves discovering and protecting your organization’s sensitive data, managing insider risk, and managing compliance across departments. Our intelligent suite of products and features can make this process easier. Microsoft’s security solutions are positioned to help your organization protect data, mitigate insider risks, and address regulations and standards.

Learn more

• Explore Microsoft Security’s information protection and governance solution.
• Leverage our risk management products to protect your business.
• Get started with compliance management today.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Discover 3 ways to take a holistic approach to data protection appeared first on Microsoft Security Blog.

Organizations must understand what data they have and where it lives, how it is used, and critically, how it’s all governed. How an organization stores its data and how long it is kept is not just a regulatory compliance issue, but also a security issue.

Today, I’m excited to share the general availability of Microsoft Azure Purview, giving organizations that holistic understanding of their data that is so critically important. Azure Purview addresses the need for full visibility across all the places where your data lives, making it easier to manage, glean insights, and govern.

Whether your data is housed on-premises in services like Microsoft SQL Server and Oracle,  different clouds like Amazon Web Services (AWS) S3, or software as a service (SaaS) applications like Salesforce, with Azure Purview you can easily create a unified map of your data assets and their relationships with automated data discovery and sensitive data classification, get insight into the location and movement of data across your hybrid landscape, and empower data consumers to find valuable data through a data catalog.

For more details about Azure Purview, check out the Azure Purview blog today.

Simplifying data protection and governance management

Managing an organization’s data from a protection and governance perspective can be simplified with Azure Purview and Microsoft Information Protection (MIP). MIP is a built-in, intelligent, unified, and extensible solution to protect sensitive data in documents and emails across your organization. MIP provides a unified set of capabilities to know and protect your data and prevent data loss across Microsoft 365 apps (like Word, PowerPoint, Excel, and Outlook), services (like Microsoft Teams, SharePoint, Exchange, and Microsoft Power BI), on-premises locations (like SharePoint Server and on-premises files shares), devices, and third-party apps and services (like Box and Dropbox).

Azure Purview integrates with MIP so that you can apply the same sensitivity labels defined in the Microsoft 365 Compliance Center to data assets in Azure Purview. This helps you have a comprehensive view of your data across your entire estate so you know where your sensitive data lies and can govern it accordingly.

This integration also lets you write your policies once in MIP and apply them to Azure Purview. It lets you streamline and integrate governance and protection. Azure Purview and MIP share this capability. So, if you are already using MIP to apply sensitivity labels to data related to General Data Protection Regulation (GDPR), that label now applies to data governed in Azure Purview. From emails to databases, MIP and Azure Purview give you a simplified, integrated approach to governance.

The journey to simplifying the complexity of data governance

For organizations to overcome the uncertainty of the safety of their data today—not to mention the complexity of data regulations—organizations must have a birds-eye view of all their data. Taking an integrated and more simplified approach to data governance will not only help you to better understand and analyze your data but also reduce your attack surface. In our environment today, this is a must.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post A simpler, more integrated approach to data governance appeared first on Microsoft Security Blog.