{"id":11169,"date":"2016-04-21T15:14:04","date_gmt":"2016-04-21T22:14:04","guid":{"rendered":"https:\/\/www.microsoft.com\/insidetrack\/blog\/?p=11169"},"modified":"2023-06-16T15:58:47","modified_gmt":"2023-06-16T22:58:47","slug":"monitoring-and-protecting-sensitive-data-in-office-365","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/insidetrack\/blog\/monitoring-and-protecting-sensitive-data-in-office-365\/","title":{"rendered":"Monitoring and protecting sensitive data in Office 365"},"content":{"rendered":"<div class=\"m-alert f-error\" role=\"alert\">\n<div>\n<div class=\"c-glyph glyph-incident-triangle\" aria-label=\"Error message\"><\/div>\n<p class=\"c-paragraph\">This content has been archived, and while it was correct at time of publication, it may no longer be accurate or reflect the current situation at Microsoft.<\/p>\n<\/div>\n<\/div>\n<p>Microsoft IT created a solution to manage the risk of sharing sensitive data, while still promoting collaboration in Office 365. Power BI dashboards give insight into how Microsoft corporate users share information. This solution detects sensitive data sharing and helps Microsoft IT proactively manage and respond to information security risks.<\/p>\n<p>With Office 365, Microsoft corporate users can access and share data from anywhere, on any device, and be more productive by using all of its collaboration features. On the other hand, it\u2019s easier to inadvertently share sensitive information with others both inside and outside of the company.<\/p>\n<p>To manage security risk, Microsoft IT created a solution that uses the Office 365 Management Activity API and the data loss prevention (DLP) features of Office 365. The solution gathers data about sharing from Microsoft Exchange Online, SharePoint Online, OneDrive for Business, and Azure Active Directory. It also includes a custom governance solution to help protect data. Microsoft Power BI dashboards visualize the data to show how Microsoft corporate users share information.<\/p>\n<p>The dashboards help answer four business questions that have direct business impact on risk, and the answers help leadership make decisions that reduce risk. Microsoft IT uses an agile process to answer these questions:<\/p>\n<ol class=\"c-list\">\n<li>Which sites are capable of external sharing?<\/li>\n<li>What is the classification of externally shared sites?<\/li>\n<li>Which files are shared externally?<\/li>\n<li>What operations are performed by external users on those externally shared files?<\/li>\n<\/ol>\n<p>Microsoft IT tests hypotheses about how various policies and programs might improve users\u2019 sharing behavior and then check the dashboards to see if the behavior has changed. Besides dashboards, the solution improves sharing behavior by giving users visual cues about appropriate sharing. The solution automatically sends email to users who violate security policies by sharing too much, asking them to change their behavior. This helps manage and respond to information security risks.<\/p>\n<h2>Information security policies<\/h2>\n<p>To protect valuable intellectual property, Microsoft has corporate policies for handling and sharing data. Using business rules based on these policies, the solution detects and reports when users share documents and if the sharing is in or out of compliance with the rules. For example, Microsoft data handling policy states that sensitive business information must be encrypted both at rest and in flight. And, when shared externally, users are accountable for who they share it with.<\/p>\n<p>The solution audits the following types of sharing:<\/p>\n<p><strong>Regulated information<\/strong>. Regulated information includes government identification numbers such as social security numbers and passport numbers, financial data such as credit card numbers and financial records, or medical information. Regulated information must always be protected by encryption.<\/p>\n<p><strong>Business information<\/strong>. At Microsoft, sensitive business information is called High Business Impact (HBI) data. Users can store HBI data on SharePoint Online and OneDrive for Business if they comply with Microsoft policies for HBI data storage and transmission; however, to share HBI content externally, users must get a policy exception from the Microsoft IT security and privacy team.<\/p>\n<p>Low Business Impact (LBI) and Medium Business Impact (MBI) data is permitted on SharePoint Online and OneDrive for Business with no special approval. Users must review all classifications to understand how to classify, protect, and handle data that they create, and ensure that it is properly categorized for use at Microsoft.<\/p>\n<h3>How users share too much<\/h3>\n<p>Inappropriate sharing occurs when users make information accessible to others in a way that violates information security policies. There\u2019s rarely malicious intent behind inappropriate data sharing. Rather, the main reasons for it are:<\/p>\n<ul class=\"c-list\">\n<li>The feeling of importance associated with having sought-after, inside information.<\/li>\n<li>Lack of understanding about the sensitive nature of the information or the security level of the site where it\u2019s shared.<\/li>\n<\/ul>\n<p>Users often don\u2019t grasp the implications of sharing information with many people. While some users\u00a0<i>do <\/i>understand appropriate sharing, there are people who share all information indiscriminately.<\/p>\n<p>Some common inappropriate sharing scenarios are:<\/p>\n<ul class=\"c-list\">\n<li>When sharing a document internally, a user doesn\u2019t set appropriate security settings to limit the ability to open or edit the document to named users or groups.<\/li>\n<li>A user shares a sensitive business document or regulated information on a SharePoint Online or OneDrive for Business site, and the site has users who shouldn\u2019t have access to that document or information. For example, with OneDrive for Business, a user might inadvertently select the \u201cshare with everyone\u201d folder for highly sensitive information.<\/li>\n<li>A user includes a credit card number, driver\u2019s license number, password, or other regulated information in email.<\/li>\n<li>A user sends a sensitive business document in email and does not set appropriate Microsoft Rights Management permissions on the document.<\/li>\n<\/ul>\n<h3>Detecting inappropriate sharing<\/h3>\n<p>Organizations subscribing to Office 365 can use DLP to detect regulated and sensitive information that users share. In addition, Office 365 provides audit data for all file-related events, such as open, upload, download, and delete. Organizations can access audit data through the Office 365 Security and Compliance Center and use search and PowerShell cmdlets to get different views. They can also use Office 365 APIs in custom solutions.<\/p>\n<p>Microsoft IT wanted to do advanced analytics and statistical analysis on this raw data and give the results in a Microsoft Power BI dashboard. A custom solution was built to automatically detect, analyze, and report on sharing behavior. The solution uses the following types of information:<\/p>\n<ul class=\"c-list\">\n<li><strong>Sharing activities.<\/strong>\u00a0The solution audits how files are shared on SharePoint Online, OneDrive for Business, and Exchange Online. It also audits login activities on Azure Active Directory. To obtain audit data, it uses the Office 365 Management Activity API.<\/li>\n<li><strong>Regulated information.<\/strong>\u00a0Adhering to international information privacy regulations, Microsoft IT configured rules for DLP to monitor regulated information contained in Exchange Online email and in files on SharePoint Online and OneDrive for Business. The Microsoft IT solution uses DLP PowerShell cmdlets to create reports for further analysis and reporting. To learn more about configuring DLP rules and using the DLP cmdlets to get reports, see\u00a0<a class=\"c-hyperlink\" href=\"https:\/\/technet.microsoft.com\/en-us\/library\/jj150527(v=exch.150).aspx\" target=\"_blank\" rel=\"noopener\" aria-label=\"Read more about Data loss prevention\">Data loss prevention<\/a>\u00a0and\u00a0<a class=\"c-hyperlink\" href=\"https:\/\/technet.microsoft.com\/en-us\/library\/jj150520(v=exch.150).aspx\" target=\"_blank\" rel=\"noopener\" aria-label=\"Read more about View DLP policy detection reports\">View DLP policy detection reports<\/a>.<\/li>\n<li><strong>Documents containing usernames and passwords.\u00a0<\/strong>In addition to the DLP data about how users share regulated information, Azure Machine Learning looks for shared documents and email that contain usernames and passwords.<\/li>\n<\/ul>\n<h4>Technical solution components<\/h4>\n<p>The main components of the technical solution are:<\/p>\n<ul class=\"c-list\">\n<li><a class=\"c-hyperlink\" href=\"https:\/\/msdn.microsoft.com\/en-us\/library\/office\/dn707385.aspx\" target=\"_blank\" rel=\"noopener\" aria-label=\"Read more about Office 365 Management Activity API\">Office 365 Management Activity API<\/a>\u00a0provides endpoints for Azure Active Directory, Exchange Online, and SharePoint Online (including OneDrive for Business) from which to download audit data. The endpoints are Audit.AzureActiveDirectory, Audit.Exchange, and Audit.SharePoint. Office 365 lets organizations acquire complete audit data on their users\u2019 file actions, such as upload, download, open, close, and delete.<\/li>\n<li><a class=\"c-hyperlink\" href=\"https:\/\/technet.microsoft.com\/en-us\/library\/ms.o365.cc.dlplandingpage.aspx\" target=\"_blank\" rel=\"noopener\" aria-label=\"Read more about DLP in Office 365\">DLP in Office 365<\/a>\u00a0identifies regulated information shared on\u00a0SharePoint and OneDrive for Business\u00a0and in\u00a0<a class=\"c-hyperlink\" href=\"https:\/\/technet.microsoft.com\/en-us\/library\/jj150527(v=exchg.150).aspx\" target=\"_blank\" rel=\"noopener\" aria-label=\"Read more about Exchange\">Exchange<\/a>\u00a0Online email. It informs users when their content is sensitive and, if necessary, restricts sharing.<\/li>\n<li><a class=\"c-hyperlink\" href=\"https:\/\/msdn.microsoft.com\/en-us\/library\/mt631707(v=exchg.160).aspx\" target=\"_blank\" rel=\"noopener\" aria-label=\"Read more about Get-DlpDetailReport\">Get-DlpDetailReport<\/a>\u00a0is a PowerShell cmdlet that returns detailed information for the previous seven days about specific DLP rule matches for SharePoint Online, OneDrive for Business, and Exchange Online. The organization subscribing to Office 365 defines the DLP rules for the types of information to detect in their users\u2019 files and email messages.<\/li>\n<li><a class=\"c-hyperlink\" href=\"https:\/\/azure.microsoft.com\/en-us\/services\/data-factory\/\" target=\"_blank\" rel=\"noopener\" aria-label=\"Read more about Azure Data Factory\">Azure Data Factory<\/a>\u00a0extracts, transforms, and loads DLP data.<\/li>\n<li>The Office 365 Management Activity API webhook notifies the solution\u2019s webhook endpoint when new audit data is available.<\/li>\n<li>The webhook endpoint hosts a custom API that was developed to receive notifications and acquire audit data from Office 365.<\/li>\n<li>Microsoft SQL Server 2014 running in an\u00a0<a class=\"c-hyperlink\" href=\"https:\/\/azure.microsoft.com\/en-us\/services\/virtual-machines\/\" target=\"_blank\" rel=\"noopener\" aria-label=\"Read more about Azure virtual machine\">Azure virtual machine<\/a>\u00a0hosts a staging database. For security reasons and to allow data archiving, a second SQL Server virtual machine hosts the aggregated data used by the solution.<\/li>\n<li><a class=\"c-hyperlink\" href=\"https:\/\/azure.microsoft.com\/en-us\/services\/storage\/blobs\/\" target=\"_blank\" rel=\"noopener\" aria-label=\"Read more about Azure Blob Storage\">Azure Blob Storage<\/a>\u00a0provides data storage.<\/li>\n<li><a class=\"c-hyperlink\" href=\"https:\/\/azure.microsoft.com\/en-us\/services\/hdinsight\/\" target=\"_blank\" rel=\"noopener\" aria-label=\"Read more about Azure HDInsight\">Azure HDInsight<\/a>\u00a0provides search and transformation for the raw DLP data.<\/li>\n<li>AutoSites manages SharePoint Online site classifications (LBI, MBI, or HBI) and sends users email about inappropriate sharing sensitive information. AutoSites is a governance solution that Microsoft IT developed.<a class=\"c-hyperlink\" href=\"https:\/\/github.com\/OfficeDev\/PnP\/tree\/master\/Solutions\/Governance.TimerJobs\" target=\"_blank\" rel=\"noopener\" aria-label=\"Read more about Design information and sample code\">Design information and sample code<\/a>\u00a0for this solution is available on GitHub.<\/li>\n<li><a class=\"c-hyperlink\" href=\"https:\/\/azure.microsoft.com\/en-us\/services\/machine-learning\" target=\"_blank\" rel=\"noopener\" aria-label=\"Read more about Azure Machine Learning\">Azure Machine Learning<\/a>\u00a0detects when files and email messages contain usernames and passwords.<\/li>\n<li><a class=\"c-hyperlink\" href=\"https:\/\/www.microsoft.com\/en-us\/server-cloud\/products\/r-server\/\" target=\"_blank\" rel=\"noopener\" aria-label=\"Read more about Microsoft R Server\">Microsoft R Server<\/a>\u00a0supports forensic data analysis.<\/li>\n<li><a class=\"c-hyperlink\" href=\"https:\/\/powerbi.microsoft.com\/en-us\/\" target=\"_blank\" rel=\"noopener\" aria-label=\"Read more about Microsoft Power BI\">Microsoft Power BI<\/a>\u00a0provides reports, data visualizations, and dashboards.<\/li>\n<\/ul>\n<h2>How the solution works<\/h2>\n<p>The following diagram shows the relationship between the different components of the solution. Arrows represent data flowing through the system.<\/p>\n<figure id=\"attachment_11172\" aria-describedby=\"caption-attachment-11172\" style=\"width: 616px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-11172 size-full\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_image001.png\" alt=\"This diagram shows the relationship between the different components of the DLP solution.\" width=\"616\" height=\"312\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_image001.png 616w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_image001-300x152.png 300w\" sizes=\"(max-width: 616px) 100vw, 616px\" \/><figcaption id=\"caption-attachment-11172\" class=\"wp-caption-text\">Figure 1. Microsoft IT auditing and DLP solution<\/figcaption><\/figure>\n<p>To get audit data, the solution subscribes to the Office 365 Management Activity API webhook notification service. When new audit data is available, the webhook sends a notification to a webhook endpoint that hosts a custom API created by Microsoft IT. The API downloads the new audit data for Exchange Online, SharePoint Online, OneDrive for Business, and Azure Active Directory. The raw data goes to the webhook endpoint and then into Azure Blob Storage.<\/p>\n<p>To acquire DLP data, the solution uses the Get-DlpDetailReport PowerShell cmdlet to move raw data to a staging database. To prepare it for further processing, the data goes to Data Factory, where it\u2019s extracted, transformed, and then loaded into HDInsight. HDInsight performs computations that aggregate the data into useful chunks, such as average number of DLP incidents. The solution then moves the data back into Data Factory, which then loads it into Blob Storage. Power BI uses the data in Blob Storage to generate reports, data graphics, and dashboards.<\/p>\n<p>AutoSites reports on the number of sites that are misclassified, for example, when a site is classified as LBI or MBI, but has HBI information posted on it. AutoSites also reports on sites that have no classification at all.<\/p>\n<p>The solution detects SharePoint site classification and correlates that information with DLP data and Machine Learning results to yield compliance information.<\/p>\n<p>DLP in Office 365 notifies users when information they\u2019re working with is regulated. If a user attempts to share regulated information, sharing is blocked unless the user has a policy override.<\/p>\n<p>Microsoft R Server allows Microsoft IT to perform advanced statistical analysis on the data to identify opportunities for further improvements in compliance.<\/p>\n<h2>Reporting<\/h2>\n<p>Power BI dashboards answer four business questions about how information is shared at Microsoft, as described earlier. They give the security and privacy team and business leaders a view of how information is shared and how many users are out of compliance with corporate information security policies. The dashboards let the security and privacy team respond to risks in a timely manner and check the effectiveness of risk reduction programs.<\/p>\n<p>They are most interested in how users share HBI information. The solution detects HBI information and aggregates this data into the dashboards, as follows:<\/p>\n<ul class=\"c-list\">\n<li>AutoSites counts every document as an HBI document when it\u2019s stored in a site classified as HBI.<\/li>\n<li>DLP reports on the instances that conflict with its configured DLP policies.<\/li>\n<li>The Machine Learning module counts documents containing usernames and passwords when they\u2019re stored on sites that aren\u2019t classified as HBI.<\/li>\n<\/ul>\n<p>Microsoft IT works closely with attorneys and privacy experts to make sure that the solution is ethical and that a balance is maintained between individual privacy and the organzation\u2019s needs for information security. Only authorized users can view the dashboards. Management and security team members get different views according to the type of information they need. Authorized dashboard users are:<\/p>\n<ul class=\"c-list\">\n<li><strong>Chief Information Security Officer and leadership team.\u00a0<\/strong>They use the dashboards to make strategic decisions about appropriate security risks.<\/li>\n<li><strong>Online service manager.<\/strong>\u00a0The service manager decides how to deploy service features in a way that reduces risk. Service managers are responsible for the security of information that\u2019s shared on their services. They use the dashboard to measure outcomes of different approaches to improving security.<\/li>\n<li><strong>Security Operations team members.<\/strong>\u00a0Security Operations team members monitor dashboards and drill down into more detail when exceptional events occur, such as cases of extreme sharing or access by users from blacklisted IP addresses. They then provide details to the appropriate manager for further action.<\/li>\n<\/ul>\n<h3>Evaluating dashboard data<\/h3>\n<p>Leadership looks at aggregated numbers and trends in the dashboards to see how well policies are working and the impact of policy changes. To learn when and where sensitive information is shared inappropriately, dashboard data is evaluated, such as:<\/p>\n<ul class=\"c-list\">\n<li>Number of SharePoint Online sites<\/li>\n<li>Number of SharePoint Online sites that are set up for external sharing<\/li>\n<li>The number of sites that are actually shared<\/li>\n<li>The number of external users of these sites<\/li>\n<li>Operations performed on shared files<\/li>\n<\/ul>\n<p>They get some of this data from this summary dashboard:<\/p>\n<figure id=\"attachment_11173\" aria-describedby=\"caption-attachment-11173\" style=\"width: 379px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-11173 size-full\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_image002.jpg\" alt=\"A screeenshot of a summary dashboard.\" width=\"379\" height=\"159\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_image002.jpg 379w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_image002-300x126.jpg 300w\" sizes=\"(max-width: 379px) 100vw, 379px\" \/><figcaption id=\"caption-attachment-11173\" class=\"wp-caption-text\">Figure 2. Summary dashboard data<\/figcaption><\/figure>\n<p>This data shows that most sharing is appropriate. Less than 10 percent of SharePoint sites have externally shared content, even though many more are set up for it.<\/p>\n<p>Another dashboard shows file operations.<\/p>\n<figure id=\"attachment_11174\" aria-describedby=\"caption-attachment-11174\" style=\"width: 435px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-11174 size-full\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_image003.jpg\" alt=\"A screenshot of another dashboard showing Shared files with various operation. Includes categories FilesViewed, FilesFetched, FileSyncDownloaded and more.\" width=\"435\" height=\"281\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_image003.jpg 435w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_image003-300x194.jpg 300w\" sizes=\"(max-width: 435px) 100vw, 435px\" \/><figcaption id=\"caption-attachment-11174\" class=\"wp-caption-text\">Figure 3. Operations on files shared on OneDrive for Business and SharePoint<\/figcaption><\/figure>\n<p>The security team is most interested in HBI sharing and if the sharing is appropriate. Authorized users can drill down into the dashboards to get more detailed information, such as the groups sharing the most HBI information.<\/p>\n<p>The following dashboard shows that few external users have access to HBI as compared to LBI and MBI.<\/p>\n<figure id=\"attachment_11175\" aria-describedby=\"caption-attachment-11175\" style=\"width: 428px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-11175 size-full\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_image004.jpg\" alt=\"Screenshot of a dashboard showing % of users by classifications of LBI, MBI, HBI and Blank.\" width=\"428\" height=\"283\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_image004.jpg 428w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_image004-300x198.jpg 300w\" sizes=\"(max-width: 428px) 100vw, 428px\" \/><figcaption id=\"caption-attachment-11175\" class=\"wp-caption-text\">Figure 4. Percent of external users with access to HBI<\/figcaption><\/figure>\n<p>While there are about 80,000 external users, most of the information shared with them is LBI. This means that employees are collaborating outside the company, which is desirable, but mostly with information that isn\u2019t highly sensitive.<\/p>\n<p>The security team is more interested in sharing on SharePoint Online versus OneDrive for Business. Because the scope of sharing is broader on SharePoint sites, which often host group projects with multiple users, it\u2019s easier to inadvertently share too much. The security team prefers sharing on OneDrive for Business because users explicitly share a single document. The following figure shows that most sharing is, in fact, on OneDrive for Business.<\/p>\n<figure id=\"attachment_11176\" aria-describedby=\"caption-attachment-11176\" style=\"width: 421px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-11176 size-full\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_image005.png\" alt=\"Screenshot of showing % of shared sites in OD48 and SharePoint out of total, actively externally shared sites.\" width=\"421\" height=\"285\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_image005.png 421w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_image005-300x203.png 300w\" sizes=\"(max-width: 421px) 100vw, 421px\" \/><figcaption id=\"caption-attachment-11176\" class=\"wp-caption-text\">Figure 5. Percentages of shared sites on SharePoint Online and OneDrive for Business, out of active, externally shared sites<\/figcaption><\/figure>\n<p>The team also wants to know who does the most sharing. The next dashboard shows the distribution of sharing.<\/p>\n<figure id=\"attachment_11177\" aria-describedby=\"caption-attachment-11177\" style=\"width: 371px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-11177 size-full\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_image006.jpg\" alt=\"Screenshot of Externally shared files by employee category.\" width=\"371\" height=\"238\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_image006.jpg 371w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_image006-300x192.jpg 300w\" sizes=\"(max-width: 371px) 100vw, 371px\" \/><figcaption id=\"caption-attachment-11177\" class=\"wp-caption-text\">Figure 6. Sharing by category of user<\/figcaption><\/figure>\n<p>A DLP dashboard gives summary data and details about instances where regulated data is shared.<\/p>\n<figure id=\"attachment_11178\" aria-describedby=\"caption-attachment-11178\" style=\"width: 518px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-11178 size-full\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_image007.jpg\" alt=\"Screenshot of a DLP dashboard showing some summary data.\" width=\"518\" height=\"74\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_image007.jpg 518w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_image007-300x43.jpg 300w\" sizes=\"(max-width: 518px) 100vw, 518px\" \/><figcaption id=\"caption-attachment-11178\" class=\"wp-caption-text\">Figure 7. Summary data on the DLP dashboard<\/figcaption><\/figure>\n<p>This dashboard reports the number of documents found daily that contain regulated data. Other DLP dashboards give the number of OneDrive for Business and SharePoint instances by user category\u2014employee, intern, or vendor\u2014and also file type.<\/p>\n<p>The dashboards reveal that most users at Microsoft share HBI appropriately, in keeping with company policies. Even so, the less HBI shared, the lower the risk of sharing too much. The following dashboard shows sharing trends since 2014, when the solution was implemented.<\/p>\n<figure id=\"attachment_11179\" aria-describedby=\"caption-attachment-11179\" style=\"width: 367px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-11179 size-full\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_image008.jpg\" alt=\"Graph showing percent of HBI sites out of total actively shared sites.\" width=\"367\" height=\"231\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_image008.jpg 367w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_image008-300x189.jpg 300w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_image008-342x216.jpg 342w\" sizes=\"(max-width: 367px) 100vw, 367px\" \/><figcaption id=\"caption-attachment-11179\" class=\"wp-caption-text\">Figure 8. Percent of all shared sites that are classified HBI<\/figcaption><\/figure>\n<h2>Healthy collaboration\u2014with controls<\/h2>\n<p>At Microsoft, we expect employees to use good judgment and common sense\u2014and we want them to collaborate. Instead of shutting off their ability to share information, we believe it\u2019s more effective to teach them to avoid sharing too much. As an extra security step, if necessary, DLP may also prevent sharing of regulated and\/or sensitive business information.<\/p>\n<p>The Microsoft IT solution influences and modifies users\u2019 sharing behavior in these ways:<\/p>\n<h3>Site classification and labeling<\/h3>\n<p>AutoSites requires site owners to classify SharePoint sites according to the type of information that may be posted on it: LBI, MBI, or HBI. When creating a new site, the site owner picks the type. This applies the appropriate security settings to the site and labels it according to its classification. The levels of information are clearly defined in the user interface, as shown here.<\/p>\n<figure id=\"attachment_11180\" aria-describedby=\"caption-attachment-11180\" style=\"width: 376px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-11180 size-full\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_image009.png\" alt=\"Screenshot of the start a new site interface displaying Common examples of information that maybe posted on HBI, LBI, or MBI sites.\" width=\"376\" height=\"361\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_image009.png 376w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_image009-300x288.png 300w\" sizes=\"(max-width: 376px) 100vw, 376px\" \/><figcaption id=\"caption-attachment-11180\" class=\"wp-caption-text\">Figure 9. Information classification in SharePoint Online<\/figcaption><\/figure>\n<p>When a site is created, it\u2019s labeled based on what the information type that the site owner specified: LBI, MBI, or HBI. This tells SharePoint Online users what type of information they should post. Users are expected to honor the classification and post only the type specified. If HBI information that is posted on a site labeled LBI or MBI or on a site that hasn\u2019t been labeled, AutoSites detects the classification and includes this information in a dashboard report.<\/p>\n<figure id=\"attachment_11181\" aria-describedby=\"caption-attachment-11181\" style=\"width: 150px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-11181 size-full\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_image010.png\" alt=\"Icons for LBI MBI HBI SharePoint sites.\" width=\"150\" height=\"40\" \/><figcaption id=\"caption-attachment-11181\" class=\"wp-caption-text\">Figure 10. SharePoint site labels<\/figcaption><\/figure>\n<h3>Signaling<\/h3>\n<p>A user who shares files inappropriately automatically receives a signal that helps teach them the desired behavior. A signal can be a Policy Tip or an email message. And, if necessary, the sensitive content is blocked.<\/p>\n<h4>Policy Tips<\/h4>\n<p>DLP includes policies for sharing regulated information that administrators can use out of the box and customize for their specific company needs and region. Information covered under these policies includes credit card and social security numbers and their international equivalents. DLP displays Policy Tips in the user interface that inform users about potential policy violations. At Microsoft, Policy Tips display when the content of an Exchange Online email or a file that\u2019s been uploaded to a SharePoint site or OneDrive for Business doesn\u2019t comply with Microsoft sharing policies.<\/p>\n<figure id=\"attachment_11182\" aria-describedby=\"caption-attachment-11182\" style=\"width: 584px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-11182 size-full\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_image011.jpg\" alt=\"Secreenshot of a policy tip for an Office 365 OneDrive.\" width=\"584\" height=\"268\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_image011.jpg 584w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_image011-300x138.jpg 300w\" sizes=\"(max-width: 584px) 100vw, 584px\" \/><figcaption id=\"caption-attachment-11182\" class=\"wp-caption-text\">Figure 11. Policy Tips in SharePoint and OneDrive<\/figcaption><\/figure>\n<p>In addition, when a user posts a file on a SharePoint site or OneDrive for Business that contains regulated information, DLP displays an icon in line with the file that indicates the file contains regulated information. DLP also blocks other users from viewing or accessing the file unless the administrator has configured a policy override for the site. Microsoft IT has a business process for users to request this override.<\/p>\n<h4>Email messages<\/h4>\n<p>Both DLP and AutoSites send email messages to users who share too much, as follows:<\/p>\n<ul class=\"c-list\">\n<li><strong>DLP for Office 365.<\/strong>\u00a0If a user shares regulated information on SharePoint or OneDrive for Business or in an Exchange Online email message, the DLP system locks down the document or rejects the message. It then sends an email message letting the user know about it. The email message contains the same information as the Policy Tip. If there\u2019s a valid business reason to share the information, the user can request a policy override.<\/li>\n<li><strong>AutoSites.<\/strong>\u00a0When a user shares other types of sensitive information, such as usernames and passwords, AutoSites sends an email message asking the user to correct the issue. AutoSites also sends an email message to a user who shares HBI information on an LBI or MBI SharePoint site, or one that has no label. The SharePoint site owner receives the same message.<\/li>\n<\/ul>\n<p>Rather than pointing out that users are doing something wrong, the AutoSites messages are positive. If a user doesn\u2019t change the sharing behavior on SharePoint or OneDrive for Business, AutoSites automatically delivers another message. If the user and the site owner still haven\u2019t corrected the issue after receiving three email messages, the site is locked down. If the site remains out of compliance, it is removed.<\/p>\n<h3>Training programs<\/h3>\n<p>Training programs educate users about information security policies and how to handle sensitive business information. All employees receive formal security training and have access to reference information about information security policies. Microsoft IT also works with particular groups that share a lot of HBI information to make sure they\u2019re trained on how to handle it properly. One important thing the security team has learned is that all users are not alike when it comes to sharing information. There are the two extremes\u2014inappropriate sharing or not sharing at all. Then, there are the people who fall in the middle. This means that not all approaches and training programs will fit all users. Therefore, the information that the auditing and DLP solution provides about groups of users who share inappropriately makes it possible to tailor future training programs to just these people.<\/p>\n<h2>How the solution reduces risk<\/h2>\n<p>This section describes how the auditing and DLP solution is reducing information security risks at Microsoft.<\/p>\n<h3>Product design is improved<\/h3>\n<p>Information security managers, service managers, and Microsoft IT take dashboard data to product teams. The data influences changes to services and features that improve information security. For example, a SharePoint Online service process was changed to require users to obtain permission before sharing HBI information externally. This process tells users about their responsibility to handle HBI information appropriately. It acts as an extra reminder that they\u2019re accountable for their actions.<\/p>\n<h3>Fewer HBI documents are being shared<\/h3>\n<p>Dashboard data is shared with service owners and works with them to reduce inappropriate sharing. So far, the number of HBI documents being shared has been reduced by about a third. In most cases, the issue was corrected when users got the required policy exception to post HBI information.<\/p>\n<h3>Executives can make informed decisions about security policy<\/h3>\n<p>Decisions about securing information are no longer made based on guesses and gut feelings, but are informed by concrete data in reports.<\/p>\n<h3>Data security strategies are tuned based on actual data<\/h3>\n<p>When a strategy is implemented, its relative success or failure can be seen in the audit data. The strategy can be honed and audit results checked to see if the change was effective. This creates an ongoing process of improvement because the impacts of decisions are measurable.<\/p>\n<h2>Best practices<\/h2>\n<h3>Account for diverse attitudes on information sharing<\/h3>\n<p>Some users share too much\u2014others don\u2019t. Some are in the middle. Microsoft IT needed to account for the whole gamut of attitudes and behavior. They plan to target training to the users who need it the most.<\/p>\n<h3>Verify regional privacy regulations<\/h3>\n<p>DLP and auditing activities can have privacy implications around the world. Notice and consent are fundamental privacy principles that apply here, but before implementing these security controls be sure to check with your legal advisor and works councils in the European Union.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This content has been archived, and while it was correct at time of publication, it may no longer be accurate or reflect the current situation at Microsoft. Microsoft IT created a solution to manage the risk of sharing sensitive data, while still promoting collaboration in Office 365. Power BI dashboards give insight into how Microsoft [&hellip;]<\/p>\n","protected":false},"author":146,"featured_media":11171,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"_hide_featured_on_single":false,"_show_featured_caption_on_single":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[1],"tags":[],"coauthors":[674],"class_list":["post-11169","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","m-blog-post"],"jetpack_publicize_connections":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Monitoring and protecting sensitive data in Office 365 - Inside Track Blog<\/title>\n<meta name=\"description\" content=\"Microsoft IT created a solution to manage the risk of sharing sensitive data, while still promoting collaboration in Office 365. Power BI dashboards give insight into how Microsoft corporate users share information. This solution detects sensitive data sharing and helps Microsoft IT proactively manage and respond to information security risks.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/monitoring-and-protecting-sensitive-data-in-office-365\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Monitoring and protecting sensitive data in Office 365 - Inside Track Blog\" \/>\n<meta property=\"og:description\" content=\"Microsoft IT created a solution to manage the risk of sharing sensitive data, while still promoting collaboration in Office 365. Power BI dashboards give insight into how Microsoft corporate users share information. This solution detects sensitive data sharing and helps Microsoft IT proactively manage and respond to information security risks.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/monitoring-and-protecting-sensitive-data-in-office-365\/\" \/>\n<meta property=\"og:site_name\" content=\"Inside Track Blog\" \/>\n<meta property=\"article:published_time\" content=\"2016-04-21T22:14:04+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-06-16T22:58:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_hero.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1040\" \/>\n\t<meta property=\"og:image:height\" content=\"585\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Inside Track \u2013 retired stories\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Inside Track \u2013 retired stories\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"19 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/monitoring-and-protecting-sensitive-data-in-office-365\/\",\"url\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/monitoring-and-protecting-sensitive-data-in-office-365\/\",\"name\":\"Monitoring and protecting sensitive data in Office 365 - Inside Track Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/monitoring-and-protecting-sensitive-data-in-office-365\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/monitoring-and-protecting-sensitive-data-in-office-365\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_hero.jpg\",\"datePublished\":\"2016-04-21T22:14:04+00:00\",\"dateModified\":\"2023-06-16T22:58:47+00:00\",\"author\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/59e5f7b07dae629412c990cc1a63b575\"},\"description\":\"Microsoft IT created a solution to manage the risk of sharing sensitive data, while still promoting collaboration in Office 365. Power BI dashboards give insight into how Microsoft corporate users share information. This solution detects sensitive data sharing and helps Microsoft IT proactively manage and respond to information security risks.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/monitoring-and-protecting-sensitive-data-in-office-365\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/insidetrack\/blog\/monitoring-and-protecting-sensitive-data-in-office-365\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/monitoring-and-protecting-sensitive-data-in-office-365\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_hero.jpg\",\"contentUrl\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_hero.jpg\",\"width\":1040,\"height\":585,\"caption\":\"IT professional at a digital consulting firm.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/monitoring-and-protecting-sensitive-data-in-office-365\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Monitoring and protecting sensitive data in Office 365\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/\",\"name\":\"Inside Track Blog\",\"description\":\"How Microsoft does IT\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/59e5f7b07dae629412c990cc1a63b575\",\"name\":\"Inside Track \u2013 retired stories\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/image\/ee0de87c339052d5d84852473bd7f213\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/24a8c329ab32afd1bc23fd1658d1acc2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/24a8c329ab32afd1bc23fd1658d1acc2?s=96&d=mm&r=g\",\"caption\":\"Inside Track \u2013 retired stories\"},\"description\":\"The content on this page was crafted to highlight a specific moment in time or the solutions that have led us to where we are today. It offers valuable insights into our journey and the progress made over the years. Check out the Inside Track blog page for our up-to-date stories around Microsoft.\",\"url\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/author\/insidetrackarchive\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Monitoring and protecting sensitive data in Office 365 - Inside Track Blog","description":"Microsoft IT created a solution to manage the risk of sharing sensitive data, while still promoting collaboration in Office 365. Power BI dashboards give insight into how Microsoft corporate users share information. This solution detects sensitive data sharing and helps Microsoft IT proactively manage and respond to information security risks.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/insidetrack\/blog\/monitoring-and-protecting-sensitive-data-in-office-365\/","og_locale":"en_US","og_type":"article","og_title":"Monitoring and protecting sensitive data in Office 365 - Inside Track Blog","og_description":"Microsoft IT created a solution to manage the risk of sharing sensitive data, while still promoting collaboration in Office 365. Power BI dashboards give insight into how Microsoft corporate users share information. This solution detects sensitive data sharing and helps Microsoft IT proactively manage and respond to information security risks.","og_url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/monitoring-and-protecting-sensitive-data-in-office-365\/","og_site_name":"Inside Track Blog","article_published_time":"2016-04-21T22:14:04+00:00","article_modified_time":"2023-06-16T22:58:47+00:00","og_image":[{"width":1040,"height":585,"url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_hero.jpg","type":"image\/jpeg"}],"author":"Inside Track \u2013 retired stories","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Inside Track \u2013 retired stories","Est. reading time":"19 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/monitoring-and-protecting-sensitive-data-in-office-365\/","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/monitoring-and-protecting-sensitive-data-in-office-365\/","name":"Monitoring and protecting sensitive data in Office 365 - Inside Track Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/monitoring-and-protecting-sensitive-data-in-office-365\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/monitoring-and-protecting-sensitive-data-in-office-365\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_hero.jpg","datePublished":"2016-04-21T22:14:04+00:00","dateModified":"2023-06-16T22:58:47+00:00","author":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/59e5f7b07dae629412c990cc1a63b575"},"description":"Microsoft IT created a solution to manage the risk of sharing sensitive data, while still promoting collaboration in Office 365. Power BI dashboards give insight into how Microsoft corporate users share information. This solution detects sensitive data sharing and helps Microsoft IT proactively manage and respond to information security risks.","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/monitoring-and-protecting-sensitive-data-in-office-365\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/insidetrack\/blog\/monitoring-and-protecting-sensitive-data-in-office-365\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/monitoring-and-protecting-sensitive-data-in-office-365\/#primaryimage","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_hero.jpg","contentUrl":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_hero.jpg","width":1040,"height":585,"caption":"IT professional at a digital consulting firm."},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/monitoring-and-protecting-sensitive-data-in-office-365\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/insidetrack\/blog\/"},{"@type":"ListItem","position":2,"name":"Monitoring and protecting sensitive data in Office 365"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/","name":"Inside Track Blog","description":"How Microsoft does IT","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/insidetrack\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/59e5f7b07dae629412c990cc1a63b575","name":"Inside Track \u2013 retired stories","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/image\/ee0de87c339052d5d84852473bd7f213","url":"https:\/\/secure.gravatar.com\/avatar\/24a8c329ab32afd1bc23fd1658d1acc2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/24a8c329ab32afd1bc23fd1658d1acc2?s=96&d=mm&r=g","caption":"Inside Track \u2013 retired stories"},"description":"The content on this page was crafted to highlight a specific moment in time or the solutions that have led us to where we are today. It offers valuable insights into our journey and the progress made over the years. Check out the Inside Track blog page for our up-to-date stories around Microsoft.","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/author\/insidetrackarchive\/"}]}},"jetpack_featured_media_url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/5753_hero.jpg","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9hcZA-2U9","_links":{"self":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts\/11169"}],"collection":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/users\/146"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/comments?post=11169"}],"version-history":[{"count":6,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts\/11169\/revisions"}],"predecessor-version":[{"id":11188,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts\/11169\/revisions\/11188"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/media\/11171"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/media?parent=11169"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/categories?post=11169"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/tags?post=11169"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/coauthors?post=11169"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}