{"id":89247,"date":"2019-04-09T09:00:24","date_gmt":"2019-04-09T16:00:24","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/?p=89247"},"modified":"2023-05-15T23:10:06","modified_gmt":"2023-05-16T06:10:06","slug":"step-8-protect-documents-email-top-10-actions-secure-environment","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/04\/09\/step-8-protect-documents-email-top-10-actions-secure-environment\/","title":{"rendered":"Step 8. Protect your documents and email: top 10 actions to secure your environment"},"content":{"rendered":"<p><em>The \u201cTop 10 actions to secure your environment\u201d series outlines fundamental steps you can take with your investment in Microsoft 365 security solutions<\/em><em>. In \u201cStep 8. Protect your documents and email,\u201d you\u2019ll learn how to deploy Azure Information Protection <\/em><em>and use Office 365 Advanced Threat Protection (ATP) and Exchange Online Protection to help secure your documents and emails.<\/em><\/p>\n<p>There are two types of risks to plan for when it comes to documents and emails. The first risk is that sensitive information will be distributed, often unintentionally, to others that should not have access to it inside or outside of your company. The second is that users in your organization will click links in phishing emails that trick them into giving up their credentials or open attachments that unleash malware. This blog will address ways to protect your company against both.<\/p>\n<p><a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/information-protection\/\" target=\"_blank\" rel=\"noopener noreferrer\">Azure Information Protection<\/a>, which is part of <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/information-protection\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft Information Protection<\/a>, helps protect your sensitive information wherever it lives or travels. To set up Azure Information Protection, you need to discover where your sensitive information resides, classify and label the information based on its sensitivity, apply policy-based protection settings to control information access and sharing, and continuously monitor your sensitive data landscape. Then <a href=\"https:\/\/products.office.com\/en-us\/exchange\/advance-threat-protection\" target=\"_blank\" rel=\"noopener noreferrer\">Office 365 Advanced Threat Protection (ATP)<\/a> and <a href=\"https:\/\/products.office.com\/en-us\/exchange\/exchange-email-security-spam-protection\" target=\"_blank\" rel=\"noopener noreferrer\">Exchange Online Protection<\/a> can help you protect your mailboxes, files, online storage, and applications against sophisticated attacks in real-time by setting up anti-phishing policies, enabling Safe Links, and setting up Safe Attachments.<\/p>\n<h3>Deploy Azure Information Protection to protect your sensitive documents and emails<\/h3>\n<p>You may have hundreds or thousands of users creating and sharing documents and sending emails every day. Many files may not contain sensitive information, but the ones that have personal identifiable information, financial data, health-related information, or confidential company information could cause you serious reputational, financial, or legal harm if it gets into the wrong hands.<\/p>\n<p>You can protect your critical documents and emails by implementing the right policies and controls across the information protection lifecycle:<\/p>\n<ul>\n<li><strong>Discover: <\/strong>Identify sensitive data in apps and repositories.<\/li>\n<li><strong>Classify and label: <\/strong>Classify data and apply labels based on sensitivity level.<\/li>\n<li><strong>Protect: <\/strong>Apply policy-based protection actions including encryption and access restrictions.<\/li>\n<li><strong>Monitor and remediate: <\/strong>Receive alerts flagging potential issues or risky behavior and take action.<\/li>\n<\/ul>\n<p>You can download the <a href=\"https:\/\/aka.ms\/AIPDAG\" target=\"_blank\" rel=\"noopener noreferrer\">Azure Information Protection\u2014Deployment Acceleration Guide<\/a> for a deeper overview of these phases and learnings from our engineering team. Read on for a high-level overview of the core concepts and resources.<\/p>\n<p><strong>Discover<\/strong><\/p>\n<p>The first phase in the approach is the discovery phase. In the discovery process, you gain visibility into the data that currently exists across your environment. To discover data in your on-premises file servers, run the <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Azure-Information-Protection\/Cataloging-your-Sensitive-Data-with-AIP-Even-Before-Configuring\/ba-p\/267241\" target=\"_blank\" rel=\"noopener noreferrer\">Azure Information Protection scanner<\/a> in discover mode. It will generate a report that catalogs data that has already been labeled, and the sensitive information types that Azure Information Protection has detected (Figure 1).<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/04\/Step-8-of-top-to-1.png\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-89248 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/04\/Step-8-of-top-to-1.png\" alt=\"Azure Information Protection scanner report allows you to view overall volume and distribution of labeled files, and the types of sensitive data detected.\" width=\"1400\" height=\"704\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/04\/Step-8-of-top-to-1.png 1400w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/04\/Step-8-of-top-to-1-300x151.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/04\/Step-8-of-top-to-1-768x386.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/04\/Step-8-of-top-to-1-1024x515.png 1024w\" sizes=\"(max-width: 1400px) 100vw, 1400px\" \/><\/a><\/p>\n<p><em>Figure 1. Azure Information Protection scanner report allows you to view overall volume and distribution of labeled files, and the types of sensitive data detected.<\/em><\/p>\n<p>As discussed in <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/03\/26\/step-7-discover-shadow-it-and-take-control-of-your-cloud-apps-top-10-actions-to-secure-your-environment\/\" target=\"_blank\" rel=\"noopener noreferrer\">Step 7. Discover shadow IT and take control of your cloud apps<\/a>, you can use <a href=\"https:\/\/docs.microsoft.com\/en-us\/cloud-app-security\/what-is-cloud-app-security\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft Cloud App Security<\/a> to scan files in cloud repositories to discover sensitive information. Once you\u2019ve inspected data across your cloud repositories and on-premises repositories, you will move on to the classify and label phase.<\/p>\n<p><strong>Classify and label<\/strong><\/p>\n<p>Classification is determining the sensitivity of a document or email based on its content, and labeling is the application (either automatically or manually) of a sensitivity label, such as \u201cHighly Confidential.\u201d Azure Information Protection provides a recommended <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/information-protection\/configure-policy-default\" target=\"_blank\" rel=\"noopener noreferrer\">default label taxonomy<\/a> in new tenants that can be modified for use by your organization. We also provide an online example of our <a href=\"https:\/\/aka.ms\/ContosoTaxonomy\" target=\"_blank\" rel=\"noopener noreferrer\">current taxonomy<\/a> that was developed by Microsoft over years of testing. We recommend using this taxonomy if your organization does not already have one established. If your organization has its own taxonomy or you plan to create one, the default label names in Azure Information Protection are <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/information-protection\/configure-policy-new-label\" target=\"_blank\" rel=\"noopener noreferrer\">easy to change or modify<\/a>. It\u2019s important not to overcomplicate your taxonomy, so review the <a href=\"https:\/\/aka.ms\/AIPDAG\" target=\"_blank\" rel=\"noopener noreferrer\">Azure Information Protection\u2014Deployment Acceleration Guide<\/a> for guidance on how to develop your taxonomy.<\/p>\n<p>Labels persist with files even when the files are shared or moved, ensuring that protection travels with the document. There are four options for applying labels:<\/p>\n<ul>\n<li>Apply manually by users.<\/li>\n<li>Apply a default label automatically to all new documents.<\/li>\n<li>Recommend labels based on the data detected.<\/li>\n<li>Apply labels automatically based on pre-defined classification and policies.<\/li>\n<\/ul>\n<p>If you want users to apply labels manually, you can make it easy for them by <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/information-protection\/configure-policy-settings\" target=\"_blank\" rel=\"noopener noreferrer\">automatically applying a default label<\/a> to all new documents. In our default taxonomy, this would be the \u201cGeneral\u201d label. A default label of \u201cGeneral,\u201d which doesn\u2019t apply encryption, allows anyone to view and edit the document, which may be a reasonable baseline for many documents in your organization. Users will need to think about applying a higher sensitivity label, such as \u201cConfidential,\u201d when they\u2019re dealing with more sensitive data. We recommend that you enable the <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/information-protection\/configure-policy-settings\" target=\"_blank\" rel=\"noopener noreferrer\">Azure Information Protection policy setting<\/a>, which requires users to justify and explain why they lowered a classification level or removed a label (Figure 2).<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/04\/Step-8-of-top-to-2.png\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-89249 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/04\/Step-8-of-top-to-2.png\" alt=\"You can require that users supply a justification if they lower the classification label.\" width=\"476\" height=\"232\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/04\/Step-8-of-top-to-2.png 476w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/04\/Step-8-of-top-to-2-300x146.png 300w\" sizes=\"(max-width: 476px) 100vw, 476px\" \/><\/a><\/p>\n<p><em>Figure 2. You can require that users supply a justification if they lower the classification label.<\/em><\/p>\n<p>Enable <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/information-protection\/configure-policy-classification\" target=\"_blank\" rel=\"noopener noreferrer\">recommended labels<\/a> in Azure Information Protection to provide guidance for users on how to label a document based on its content (Figure 3). This recommendation is based on the conditions that you define. For example, if Azure Information Protection detects credit card numbers in a document, you could define policies that recommend that the user label it as \u201cConfidential.\u201d<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/04\/Step-8-of-top-to-3.png\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-89250 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/04\/Step-8-of-top-to-3.png\" alt=\"\" width=\"824\" height=\"240\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/04\/Step-8-of-top-to-3.png 824w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/04\/Step-8-of-top-to-3-300x87.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/04\/Step-8-of-top-to-3-768x224.png 768w\" sizes=\"(max-width: 824px) 100vw, 824px\" \/><\/a><\/p>\n<p><em>Figure 3. Azure Information Protection can be configured to recommend labels based on the information detected in the document.<\/em><\/p>\n<p>You can also define conditions that, if matched, will <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/information-protection\/configure-policy-classification\" target=\"_blank\" rel=\"noopener noreferrer\">apply the corresponding label automatically<\/a> with no user involvement, and you can configure the Azure Information Protection scanner and Microsoft Cloud App Security to scan, classify, and label documents already saved on-premises and in cloud repositories, respectively.<\/p>\n<p><strong>Protect<\/strong><\/p>\n<p>Several protection actions can be applied to documents and emails based on sensitivity label, including applying encryption, rights restrictions, or visual markings (such as headers or footers). To encrypt files based on classification label, you will need to set up usage rights based on role. Azure Information Protection includes the following predefined roles:<\/p>\n<ul>\n<li><strong>Viewer: <\/strong>Allows users to view the data and nothing else.<\/li>\n<li><strong>Reviewer: <\/strong>Allows users to edit the data but NOT copy information out or change the protection applied.<\/li>\n<li><strong>Co-Author: <\/strong>Allows users to edit the data AND copy information out but NOT change the protection applied.<\/li>\n<li><strong>Co-Owner: <\/strong>Allows users to have Full Control that also allows users to copy and change\/remove protection and change the Azure Information Protection label.<\/li>\n<\/ul>\n<p>You\u2019ll need to determine the type of protection that will be applied and the users that can access specific types of content. We recommend using sub-labels to define the audience of the content and the usage rights available to that audience. The <a href=\"https:\/\/aka.ms\/AIPDAG\" target=\"_blank\" rel=\"noopener noreferrer\">Azure Information Protection\u2014Deployment Acceleration Guide<\/a> describes this concept in more detail with tips on how to apply it to your organization.<\/p>\n<p><strong>Monitor and remediate<\/strong><\/p>\n<p>Azure Information Protection Analytics gives you tools to view the state of your sensitive information, including the volume of labeled and protected files and emails, the application used to apply the label, the location of sensitive files, and the type of data that was detected (Figure 4). We recommend using the Azure Information Protection Analytics dashboards to see detailed information on information protection activities. This provides rich usage and activity data but requires consumption on an Azure subscription that incurs an additional cost based on usage.<\/p>\n<p>Reporting data can help you refine the policies that you\u2019ve established for labeling and protecting documents and identify potential risky behavior or over-sharing. Plan to regularly revisit your Azure Information Protection policies to optimize for your users and data needs.<\/p>\n<h3>Deploying Office 365 ATP<\/h3>\n<p>Bad actors continue to use email as a primary method for gaining initial access to your organization. Phishing and malware campaigns have increased in sophistication, increasing the chances that one or more of your users will accidentally provide their credentials or open an attachment that gives hackers access. Set up Office 365 ATP to protect against advanced attacks such as phishing and zero-day malware.<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/04\/Step-8-of-top-to-4.png\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-89251 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/04\/Step-8-of-top-to-4.png\" alt=\"The Data discovery dashboard provides information on the location of sensitive data within your organization.\" width=\"1400\" height=\"717\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/04\/Step-8-of-top-to-4.png 1400w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/04\/Step-8-of-top-to-4-300x154.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/04\/Step-8-of-top-to-4-768x393.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/04\/Step-8-of-top-to-4-1024x524.png 1024w\" sizes=\"(max-width: 1400px) 100vw, 1400px\" \/><\/a><\/p>\n<p><em>Figure 4: The Data discovery dashboard provides information on the location of sensitive data within your organization.<\/em><\/p>\n<p>To get started, you\u2019ll need to set up policies for the following:<\/p>\n<ul>\n<li>Anti-phishing<\/li>\n<li>Safe Links<\/li>\n<li>Safe Attachments<\/li>\n<\/ul>\n<p><strong>Anti-phishing policies<\/strong><\/p>\n<p>When you enable <a href=\"https:\/\/docs.microsoft.com\/en-us\/office365\/securitycompliance\/atp-anti-phishing\" target=\"_blank\" rel=\"noopener noreferrer\">anti-phishing in Office 365 ATP<\/a>, machine learning models trained to detect phishing messages are applied to every incoming message. Anti-phishing polices are designed to protect against email spoofing, impersonation, and compromised email accounts. Additionally, Office 365 ATP learns how each individual user communicates with other users inside and outside the organization and builds a map of these relationships. This map allows Office 365 ATP to understand more details about how to ensure the right messages are identified as impersonation. Anti-phishing policies can be added, edited, and deleted in the <a href=\"https:\/\/sip.protection.office.com\/homepage\" target=\"_blank\" rel=\"noopener noreferrer\">Office 365 Security &amp; Compliance Center<\/a>. Each organization in Office 365 has a default anti-phishing policy that applies to all users. You can <a href=\"https:\/\/docs.microsoft.com\/en-us\/office365\/securitycompliance\/set-up-anti-phishing-policies\" target=\"_blank\" rel=\"noopener noreferrer\">create custom anti-phishing policies<\/a> that you can scope to specific users, groups, or domains within your organization.<\/p>\n<p><strong>Safe Links policies<\/strong><\/p>\n<p>When a user clicks a link in an email or document, <a href=\"https:\/\/docs.microsoft.com\/en-us\/office365\/securitycompliance\/atp-safe-links\" target=\"_blank\" rel=\"noopener noreferrer\">Office 365 ATP Safe Links<\/a> scans the website or the reputation of the link and determines if it is safe or malicious. Based on the <a href=\"https:\/\/docs.microsoft.com\/en-us\/office365\/securitycompliance\/set-up-atp-safe-links-policies\" target=\"_blank\" rel=\"noopener noreferrer\">ATP Safe Links policies<\/a> configured, users will either be able to open the link, receive a warning, or be blocked from accessing it.<\/p>\n<p><strong>Safe Attachments policies<\/strong><\/p>\n<p>The <a href=\"https:\/\/docs.microsoft.com\/en-us\/office365\/securitycompliance\/atp-safe-attachments\" target=\"_blank\" rel=\"noopener noreferrer\">Office 365 ATP Safe Attachments<\/a> scans email attachments and files in SharePoint Online, OneDrive for Business, and Microsoft Teams to determine if they are malicious. Once identified as malicious, the file is blocked, replaced, or delivered based on the ATP Safe Attachments policies configured.<\/p>\n<p>ATP Safe Attachments policies can be configured to:<\/p>\n<ul>\n<li>Block emails with malicious attachments from proceeding.<\/li>\n<li>Deliver messages immediately while the attachment is scanned in the background.<\/li>\n<li>Remove detected malware from emails and notify the user.<\/li>\n<\/ul>\n<p>Take a look at our <a href=\"https:\/\/docs.microsoft.com\/en-us\/office365\/SecurityCompliance\/eop\/best-practices-for-configuring-eop\" target=\"_blank\" rel=\"noopener noreferrer\">best practices for configuring Exchange Online Protection<\/a> for more tips on blocking unwanted emails from reaching your users.<\/p>\n<p><strong>Learn more<\/strong><\/p>\n<p>Check back in a few weeks for our next blog post, \u201cStep 9: Protect your OS,\u201d which will give you tips for configuring Windows Defender Advanced Threat Protection to block new and emerging threats on Windows 10.<\/p>\n<p><strong>Get deployment help now<\/strong><\/p>\n<p>FastTrack for Microsoft 365 provides end-to-end guidance to set up your security products. FastTrack is a deployment and adoption service that comes at no charge with your subscription. <a href=\"https:\/\/www.microsoft.com\/en-us\/fasttrack\/microsoft-365\/security\" target=\"_blank\" rel=\"noopener noreferrer\">Get started at FastTrack for Microsoft 365<\/a>.<\/p>\n<p><strong>Resources<\/strong><\/p>\n<ul>\n<li><a href=\"https:\/\/query.prod.cms.rt.microsoft.com\/cms\/api\/am\/binary\/RE2wYd3\" target=\"_blank\" rel=\"noopener noreferrer\">Top 10 Security Deployment Actions with Microsoft 365 infographic<\/a><\/li>\n<li><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/security-deployment-3\/\" target=\"_blank\" rel=\"noopener noreferrer\">Deployment blog series<\/a><\/li>\n<li><a href=\"https:\/\/aka.ms\/AIPWebinar\" target=\"_blank\" rel=\"noopener noreferrer\">Azure Information Protection Webinar Series<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>The \u201cTop 10 actions to secure your environment\u201d series outlines fundamental steps you can take with your investment in Microsoft 365 security solutions. In \u201cStep 8. Protect your documents and email,\u201d you\u2019ll learn how to deploy Azure Information Protection and use Office 365 Advanced Threat Protection (ATP) and Exchange Online Protection to help secure your documents and emails.<\/p>\n","protected":false},"author":96,"featured_media":87337,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3659],"topic":[3669,3671,3675],"products":[3690,3692,3695],"threat-intelligence":[],"tags":[3809],"coauthors":[1868],"class_list":["post-89247","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","content-type-best-practices","topic-data-protection","topic-email-security","topic-information-protection-and-governance","products-microsoft-defender","products-microsoft-defender-for-cloud-apps","products-microsoft-defender-for-office-365","tag-security-strategies"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Step 8. Protect your documents and email: top 10 actions to secure your environment<\/title>\n<meta name=\"description\" content=\"The \u201cTop 10 actions to secure your environment\u201d series outlines fundamental steps you can take with your investment in Microsoft 365 security solutions. In \u201cStep 8. Protect your documents and email,\u201d you\u2019ll learn how to deploy Azure Information Protection and use Office 365 Advanced Threat Protection (ATP) and Exchange Online Protection to help secure your documents and emails.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/04\/09\/step-8-protect-documents-email-top-10-actions-secure-environment\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Step 8. Protect your documents and email: top 10 actions to secure your environment\" \/>\n<meta property=\"og:description\" content=\"The \u201cTop 10 actions to secure your environment\u201d series outlines fundamental steps you can take with your investment in Microsoft 365 security solutions. In \u201cStep 8. Protect your documents and email,\u201d you\u2019ll learn how to deploy Azure Information Protection and use Office 365 Advanced Threat Protection (ATP) and Exchange Online Protection to help secure your documents and emails.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/04\/09\/step-8-protect-documents-email-top-10-actions-secure-environment\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2019-04-09T16:00:24+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-16T06:10:06+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/12\/EMS_Top_10_DeploymentActions_Step8_blog.png\" \/>\n\t<meta property=\"og:image:width\" content=\"720\" \/>\n\t<meta property=\"og:image:height\" content=\"420\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Debbie Seres\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Debbie Seres\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/04\/09\/step-8-protect-documents-email-top-10-actions-secure-environment\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/04\/09\/step-8-protect-documents-email-top-10-actions-secure-environment\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/debbie-seres\/\",\"@type\":\"Person\",\"@name\":\"Debbie Seres\"}],\"headline\":\"Step 8. Protect your documents and email: top 10 actions to secure your environment\",\"datePublished\":\"2019-04-09T16:00:24+00:00\",\"dateModified\":\"2023-05-16T06:10:06+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/04\/09\/step-8-protect-documents-email-top-10-actions-secure-environment\/\"},\"wordCount\":1811,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/04\/09\/step-8-protect-documents-email-top-10-actions-secure-environment\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/12\/EMS_Top_10_DeploymentActions_Step8_blog.png\",\"keywords\":[\"Security strategies\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/04\/09\/step-8-protect-documents-email-top-10-actions-secure-environment\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/04\/09\/step-8-protect-documents-email-top-10-actions-secure-environment\/\",\"name\":\"Step 8. Protect your documents and email: top 10 actions to secure your environment\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/04\/09\/step-8-protect-documents-email-top-10-actions-secure-environment\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/04\/09\/step-8-protect-documents-email-top-10-actions-secure-environment\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/12\/EMS_Top_10_DeploymentActions_Step8_blog.png\",\"datePublished\":\"2019-04-09T16:00:24+00:00\",\"dateModified\":\"2023-05-16T06:10:06+00:00\",\"description\":\"The \u201cTop 10 actions to secure your environment\u201d series outlines fundamental steps you can take with your investment in Microsoft 365 security solutions. In \u201cStep 8. Protect your documents and email,\u201d you\u2019ll learn how to deploy Azure Information Protection and use Office 365 Advanced Threat Protection (ATP) and Exchange Online Protection to help secure your documents and emails.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/04\/09\/step-8-protect-documents-email-top-10-actions-secure-environment\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/04\/09\/step-8-protect-documents-email-top-10-actions-secure-environment\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/04\/09\/step-8-protect-documents-email-top-10-actions-secure-environment\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/12\/EMS_Top_10_DeploymentActions_Step8_blog.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/12\/EMS_Top_10_DeploymentActions_Step8_blog.png\",\"width\":720,\"height\":420,\"caption\":\"Image which says \\\"Step 8\\\"\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/04\/09\/step-8-protect-documents-email-top-10-actions-secure-environment\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Step 8. Protect your documents and email: top 10 actions to secure your environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Step 8. Protect your documents and email: top 10 actions to secure your environment","description":"The \u201cTop 10 actions to secure your environment\u201d series outlines fundamental steps you can take with your investment in Microsoft 365 security solutions. In \u201cStep 8. Protect your documents and email,\u201d you\u2019ll learn how to deploy Azure Information Protection and use Office 365 Advanced Threat Protection (ATP) and Exchange Online Protection to help secure your documents and emails.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/04\/09\/step-8-protect-documents-email-top-10-actions-secure-environment\/","og_locale":"en_US","og_type":"article","og_title":"Step 8. Protect your documents and email: top 10 actions to secure your environment","og_description":"The \u201cTop 10 actions to secure your environment\u201d series outlines fundamental steps you can take with your investment in Microsoft 365 security solutions. In \u201cStep 8. Protect your documents and email,\u201d you\u2019ll learn how to deploy Azure Information Protection and use Office 365 Advanced Threat Protection (ATP) and Exchange Online Protection to help secure your documents and emails.","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/04\/09\/step-8-protect-documents-email-top-10-actions-secure-environment\/","og_site_name":"Microsoft Security Blog","article_published_time":"2019-04-09T16:00:24+00:00","article_modified_time":"2023-05-16T06:10:06+00:00","og_image":[{"width":720,"height":420,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/12\/EMS_Top_10_DeploymentActions_Step8_blog.png","type":"image\/png"}],"author":"Debbie Seres","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Debbie Seres","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/04\/09\/step-8-protect-documents-email-top-10-actions-secure-environment\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/04\/09\/step-8-protect-documents-email-top-10-actions-secure-environment\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/debbie-seres\/","@type":"Person","@name":"Debbie Seres"}],"headline":"Step 8. Protect your documents and email: top 10 actions to secure your environment","datePublished":"2019-04-09T16:00:24+00:00","dateModified":"2023-05-16T06:10:06+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/04\/09\/step-8-protect-documents-email-top-10-actions-secure-environment\/"},"wordCount":1811,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/04\/09\/step-8-protect-documents-email-top-10-actions-secure-environment\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/12\/EMS_Top_10_DeploymentActions_Step8_blog.png","keywords":["Security strategies"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/04\/09\/step-8-protect-documents-email-top-10-actions-secure-environment\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/04\/09\/step-8-protect-documents-email-top-10-actions-secure-environment\/","name":"Step 8. Protect your documents and email: top 10 actions to secure your environment","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/04\/09\/step-8-protect-documents-email-top-10-actions-secure-environment\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/04\/09\/step-8-protect-documents-email-top-10-actions-secure-environment\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/12\/EMS_Top_10_DeploymentActions_Step8_blog.png","datePublished":"2019-04-09T16:00:24+00:00","dateModified":"2023-05-16T06:10:06+00:00","description":"The \u201cTop 10 actions to secure your environment\u201d series outlines fundamental steps you can take with your investment in Microsoft 365 security solutions. In \u201cStep 8. Protect your documents and email,\u201d you\u2019ll learn how to deploy Azure Information Protection and use Office 365 Advanced Threat Protection (ATP) and Exchange Online Protection to help secure your documents and emails.","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/04\/09\/step-8-protect-documents-email-top-10-actions-secure-environment\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/04\/09\/step-8-protect-documents-email-top-10-actions-secure-environment\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/04\/09\/step-8-protect-documents-email-top-10-actions-secure-environment\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/12\/EMS_Top_10_DeploymentActions_Step8_blog.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/12\/EMS_Top_10_DeploymentActions_Step8_blog.png","width":720,"height":420,"caption":"Image which says \"Step 8\""},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/04\/09\/step-8-protect-documents-email-top-10-actions-secure-environment\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"Step 8. Protect your documents and email: top 10 actions to secure your environment"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"msxcm_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/89247"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/96"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=89247"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/89247\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media\/87337"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=89247"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=89247"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=89247"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=89247"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=89247"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=89247"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=89247"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}