CTRL + ALT + Data Security #19

Hey Team,

Sorry for the delay in this one - my role has expanded (something that I will speak about over the next week or so) and as part of that my time to write articles fell to the wayside - though I am back on board now!

I will look at covering the last 2 months of updates here, and keep in mind - there is a lot going on, from the pay-as-you-go changes to feature updates; it's been a busy few month.

Check out the updates and associated links below; and as always - please let me know if you want anything specifically covered outside of what I have captured here.

Product Updates and Announcements

Data Security Investigations (preview)

• In preview: Data Security Investigations is now available in public preview to help cybersecurity teams in your organization harness generative artificial intelligence (AI) to analyze and respond to data security incidents, risky insiders, and data breaches.

Audit

• New Audit pay-as-you-go billing requirements to support audit logging for certain kinds of Copilot data.

Collection policies

• In preview: Create and Deploy collection policies with its first scenario on classifying network traffic.
• In preview: New. Collection Policies solution overview (preview) provides a high-level overview of the Collection Policies solution, including its purpose, key features, and benefits. This article is intended for users who are new to the Collection Policies solution and want to understand its capabilities and how it can help them manage their data collection processes more effectively.

Communication Compliance

• New Communication Compliance pay-as-you-go billing requirements for support of generative AI interactions.

Data Governance

• Updated: Data governance roles and permissions is updated to reflect the new Global Catalog Reader role and Local Catalog Reader role, which replace the Data Catalog Reader role.
• In preview: Critical data elements (CDE) and objectives and key results (OKR) data are now available for self-service analytics and can be used alongside other Microsoft Purview metadata for analytics and insights.
• In preview: Data Health controls users can configure the severity of rules they apply for each data health control.
• General Availability (GA): If your Azure Databricks is running on a virtual network or behind a private endpoint, you can now use Microsoft Purview data quality virtual network enabled compute to connect and perform data quality assessments, including profiling and rule-based scanning. This feature is now generally available and supported across all regions.
• In preview: If your Snowflake is running on a Virtual Network or behind a private endpoint, you can now use Microsoft Purview data quality virtual network enabled compute to connect and perform data quality assessments, including profiling and rule-based scanning. This feature is now in preview and supported across all regions.
• General Availability (GA): The consumed Processing Units (PUs) per data quality job are now displayed on the Data Quality Job Monitoring page. You can view the PU consumption for both profiling and data quality scanning jobs. Additionally, you can calculate the cost of your data quality scans and profiling activities based on the SKU type configured for your organization.

Data Lifecycle Management

• In preview: Rolling out, new retention policy locations and expanded support for Copilots and AI apps. Team's chats have been separated from Microsoft 365 Copilot interactions, with a location just for Teams chat.

• In preview: Retention for the Teams chats location now includes the Teams Facilitator features of moderation for meetings, and questions and answers for meetings. Previously, just AI-generated notes for chats were included.
• General availability (GA): You can use the Set-OrganizationConfig PowerShell command to automatically provision an archive mailbox when a primary mailbox that's licensed for archiving reaches 90% of the quota. More information: How to auto-enable archive mailboxes

Data Loss Prevention

• In preview: Learn about Microsoft Purview Network Data Security (preview)
• In preview: Learn about Advanced Label Based Protection (preview). This setting enhances productivity for users that label and encrypt file types other than those for Office and PDF by using the Microsoft Purview Information Protection client.
• In preview: Expanded Coverage for Microsoft 365 Copilot Chat and Microsoft 365 Copilot apps (Word, Excel, PowerPoint) for DLP policies.

Data Security Posture Management for AI

• In preview: Rolling out, the new recommendation to Extend insights into sensitive info in AI app interactions, which creates a one-click policy that uses network data security to detect sensitive info types shared with AI apps in browsers, applications, APIs, add-ins, and more, using a Secure Access Service Edge or Security Service Edge integration.
• General availability (GA): Previously named data assessments and now renamed data risk assessments, the default weekly assessment is now GA while custom assessments remain in preview. For privacy requirements, data is stored and displayed for 30 days only, with a new field that displays when the data expires.
• In preview: Data risk assessments now support on-demand classification as a remediation action to scan data for sensitive information from SharePoint sites and OneDrive accounts that report items as Data Not Scanned. From the flyout pane for the location, select the Identify tab, and then select the new option to Scan all items for sensitive information.

• In preview: The recently released recommendation and one-click policy to secure interactions for Microsoft Copilot experiences now also includes Security Copilot. As a shortcut to this policy recommendation, use the banner at the top of the Overview page that displays Microsoft Purview now secures Copilot in Fabric and Microsoft Security Copilot interactions. and select the Learn more option.
• Updated: Now that Endpoint DLP supports Off mode, going forward, the following one-click policies will apply to supported generative AI sites only, rather than all sites. If you previously created these policies and want the updated configuration, delete and recreate them:DSPM for AI: Detect sensitive info added to AI sitesDSPM for AI - Block sensitive info from AI sites
• New: Rolling out, Export options for data risk assessments and activity explorer that let you save and customize the current data into a choice of file formats (Excel, .csv, JSON, TSV).

Device Onboarding

• New: Any mobile device management tool for Microsoft Defender for Endpoint customers.
• New: Any mobile device management tool for customers without Microsoft Defender for Endpoint.

eDiscovery

• New eDiscovery article that outlines the pay-as-you-go billing requirements for data storage of non-Microsoft 365 AI data in eDiscovery cases.

Insider Risk Management

• New Insider Risk Management pay-as-you-go billing requirements to support generative AI-related indicators.

Microsoft Purview billing models

• Updated: The Microsoft Purview Billing Models article is updated for network data security meters.

Sensitivity labels

• New: Three new sensitivity label auditing events to help you identify failed labeling operations: Failed to apply file sensitivity label; Failed to change file sensitivity label; Failed to remove file sensitivity label. These events can be particularly helpful for monitoring auto-labeling policies. Refer to the new table for a description of FailureReason property values for these activities.
• General Availability (GA): Dynamic watermarks are now also generally available for labels that are configured with user-defined permissions (the Let users assign permissions encryption option). Dynamic watermarks deter leakage of labeled and encrypted documents by rendering over the document the reader's Universal Principal Name (UPN) or other identifying information. Unlike standard content markings, dynamic watermarks can't be changed or removed by the user.

• General availability (GA): When you protect a Teams meeting with a sensitivity label, you can automatically apply or recommend that the meeting is labeled with the highest priority sensitivity label from files shared for the meeting. Use the new label policy setting Apply inheritance between Teams meetings and artifacts and ensure that this policy is published to meeting organizers.
• New: The Microsoft Purview information protection client supports the Endpoint DLP preview setting Advanced label-based protection for all files on devices for users who label and encrypt file types other than those for Office and PDF. For more information, see Integration with Endpoint data loss prevention.

Administrative units

• In preview: You can add SharePoint sites to existing administrative units. This surfaces in DLP policies for SharePoint sites (preview).

Microsoft Purview billing models

• In preview: The Microsoft Purview Billing Models article is updated for multiple new meters and Microsoft Purview services that have features that are billed on a pay-as-you-go basis.

Blog posts and Community Content

“I heard that classic eDiscovery (Standard) will be retired on May 26th. How can I get started in the new Purview eDiscovery?”

Great article covering the new eDiscovery experience: you can find more info here: Getting Started with the New Purview eDiscovery (E3) | Microsoft Community Hub

Securing Microsoft M365 Copilot and AI with Microsoft's Suite of Security Products - Part 1

This multipart guide provides a detailed roadmap for using Microsoft’s security services together to protect AI deployments and Copilot integrations in an enterprise environment : Securing Microsoft M365 Copilot and AI with Microsoft's Suite of Security Products - Part 1 | Microsoft Community Hub