07Sep2023
18May2022
Making sense of the many DLP options for Microsoft 365
One of my readers wrote to me recently about an article that I penned a couple of years ago, on the topic of Data Loss Prevention in Microsoft 365. They pointed out that my breakdown was a bit dated now, and that the Microsoft universe seems to...
01Nov2021
Announcing the Microsoft 365 SMB Data Protection Toolkit
Update March 2023: This product has been updated significantly, and renamed too. It is now called The SMB Guide to Data Protection and Microsoft Purview in Microsoft 365 Business Premium Plans. It still contains the written guide as well as supporting materials such as scripts and templates to help you...
11Jun2021
Simple Sensitivity Label design for the SMB
In the recent updates to the CIS Controls (v8), one of the most noticeable changes was the re-prioritization of Data Protection (now Control #3, up from #13 previously). This control calls out a number of safeguards: inventory of sensitive data and data classification is...
09Mar2021
There is no panacea, there is no silver bullet
I had a really interesting question come up during one of my recent online courses. One of the participants asked whether device management, and even MAM (application-based management) were necessary anymore, now that we have stuff like MIP and
18Aug2020
Behold: The Power of Sensitivity Labels
Even though some people are aware of the concepts of Data Classification and tools such as Microsoft 365 Sensitivity Labels, I do not think that many of us out there have yet grasped the full implications, or taken the long view, so to speak. Note: this is a longer read....
17Dec2019
The many ways to prevent data leakage in Microsoft 365
Office 365 Data Loss Prevention (DLP), Windows Information Protection (aka Endpoint DLP), Conditional Access App Enforced Restrictions, Conditional Access App Control with Microsoft Cloud App security, Sensitivity labels, Retention labels--are you thoroughly confused yet?All of the above can help you to prevent the leakage of sensitive data under certain...
27Aug2019
Protecting extra-sensitive accounts and data sets in Microsoft 365, Part 2: Apps and Data
Last time we looked at some additional identity-based protections that are possible via additional subscriptions like Enterprise Mobility + Security E5 (which contains Azure AD Premium P2).In this post, we'll work within the same framework, but shift our focus from identity, towards protections which can be applied to apps and...
15Aug2019
Teams, SharePoint and OneDrive best practices? Part 3: Data governance
In part 1 of this series, we discussed external sharing and chat. In part 2, we dealt with access controls and notifications. Now, we turn our focus to...
08Aug2019