The Data Security Envisioning Workshop provides a summary of an organization’s data protection and compliance

Editor's Notes

• #1: NOTE Follow the instructions in the Delivery Guidance section. If this is being presented by a partner, the partner should include their logo on this slide Speaker notes No speaker notes available
• #2: Speaker notes: No speaker notes available for this slide
• #3: Speaker notes: No speaker notes available for this slide
• #5: This deck is frequently updated with new insights and feedback from the field. Please keep version history up to date.
• #6: Speaker notes: No speaker notes available for this slide
• #7: Speaker notes: No speaker notes available for this slide
• #8: Speaker notes: No speaker notes available for this slide
• #9: Speaker notes: Briefly go over the agenda for this meeting.
• #10: Speaker notes: Ask everyone on the meeting to present themselves. Limit to 30 seconds per person. It is important to understand the role of the attendees as this will help with resource allocation and assignments.
• #11: Speaker notes: On the next slides we will introduce the Data Security Envisioning Workshop and discuss what it is, how it can help, and what the expected outcome is. Changes to the master slide Updated speaker notes.
• #12: Speaker notes: Focus on learning Understanding the organization is key to identifying the right tools and solutions that will help to improve an organization’s compliance posture. Discover data security, compliance, and privacy risks Do you know where you might be exposed? We will use automated tools to discover data security, compliance and privacy risks in your organization. Learn about Microsoft’s approach We will we talk about Microsoft vision on compliance and how the Microsoft portfolio of tools and services can help you and your organization mitigate insider, privacy, and regulatory risks. Plan next steps Once we know your organization, understand your compliance strategy, and have identified the compliance risks in your data, we will work together to build a plan with actionable next steps you can engage in to improve your compliance posture.
• #13: Speaker notes: Briefly discuss the six objectives for the Data Security Envisioning Workshop and how they will help the organization gain better insight into their Data Security Posture. Understand the risks of Dark Data  Awareness Organizations and their employees create large volumes of documents, presentations, emails, etc. Much of the data becomes stale or unused immediately after creation and contains information that could impose a data security risk. Identify the risks organizational insiders may impose Are insider risks real? During the engagement, we will explore the risks and vulnerabilities that relate to the behavior and communication of organizational insiders. During the Data Security Check, we seek to surface hidden risks related to behavior and communication of organizational insiders. The Data Security Check leverages Microsoft Purview Tools and Services in an automated process that will monitor a select group of users for risky behavior. Assess your Microsoft 365 environment Scan Microsoft 365 repositories and communication channels for sensitive information that may pose a risk to the organization. Analyze and report Data Security Check uses an automated discovery process that will run for 2 weeks and crawl existing organizational data while searching for content that can impose a data security risk Learn about tools and services that can mitigate risks During the engagement tools and services that can help mitigate the identified data security risks will be discussed. Recommendations and next steps Based on the findings and data security risks identified by the automated discovery process, we will present recommendations and suggestions for mitigation and governance.
• #14: Speaker notes: The Data Security Envisioning Workshop activities can be categorized into four (4) buckets: Pre-engagement meeting An online meeting prior to the start of the engagement to go over logistics, timelines and expectations. <CLICK> Data Security Check The Data Security Check is the core activity of the Data Security Envisioning Workshop ; it leverages Microsoft Cloud technologies to identify data security risks in the organizational data. <CLICK> Microsoft Purview portfolio overview Introduces the customer to the Microsoft Purview vision and outlines Microsoft’s approach to providing integrated compliance. <CLICK> Recommendations and Next steps The findings and risks that were identified by the Data Security Check activity are mapped to Microsoft Purview products and services. At the end of the engagement this mapping will be discussed, and actionable next steps will be defined and presented.
• #15: Speaker notes This slide represents a sample delivery timeline and should be updated to reflect the customer’s specific situation. Pre-engagement call Before engaging, there will be a 1-1.5 hours call to prepare for the engagement. During this call, the engagement will be introduced and discussed. Actions required before the start of the engagement will be defined, questions like the below should be answered: When will we start? Who do we need to be part of the Data Security Envisioning Workshop team? What will the automated discovery process look for? Which optional activities should we engage in? Etc.  We typically take one week for the customer to prepare and get ready. Data Security Check Kick-off meeting Meet with the Data Security Envisioning Workshop team to discuss the upcoming activities. If all team members also attended the pre-engagement call, this meeting can be skipped. Acquire and assign license For customers that do not have the licenses required to enable the Auto Discovery services, the program provides an engagement trial license. Setup and configuration Enable and configure all required services for automated discovery. Start the automated discovery process.  The Automated Discovery process will run for at least two weeks. Data Security Check Analyze the findings All the logs and findings will be collected and analyzed for the presence of data security risks. Write-up The high impact findings, together with the recommendations for risk mitigation, will be added to the close-out deck. Compliance Manager Tenant Assessment Assess the customer’s Microsoft 365 environment against key data protection standards and regulations. Microsoft Purview portfolio overview Introduces the customer to the Microsoft Purview vision and outlines Microsoft’s approach to providing integrated compliance. Recommendations and next steps The close-out deck will be presented. Findings will be discussed and recommendations for mitigation will be provided. The findings and risks that were identified by the Data Security Check activity are mapped to Microsoft Purview products and services. Next steps will be defined. Data Security Check Decommission All Data Security Check configurations will be removed and services decommissioned. (OPTIONAL, customer can also choose to leave it running until license expiration.) Changes to the master slide Removed Update banner Changed the slide title
• #16: Speaker notes Talk about the text on the slide, no additional comment or guidance.
• #17: Speaker notes: In this first section we will set the scene. Consider reducing this section during kick-off, based on how much of the audience repeats from the pre-engagement call. Why is it important to know everything about the data within an organization? Why is it important to understand what users are doing with sensitive corporate data? Why should we protect and manage the data? What are the risks if you do not? How can the Data Security Envisioning Workshop, powered by Data Security Check help with discovering hidden risks?
• #18: Speaker notes: No speaker notes available for this slide
• #19: Cybersecurity is a constantly shifting landscape. As our digital world continues to grow, so do the risks. According to research, 83% of organizations experienced more than one data breach in their lifetime, of which 20% of data breaches are due to internal actors with an average cost of $15.4M when a malicious insider is involved. The potential cost is very significant and cannot be ignored. Data leaks and theft might be overshadowed by external threats in the past. However, they have become one of the most common vulnerability and risks that organizations need to address.  Recent Microsoft research also shows that 80% of the decision makers purchased multiple products to meet compliance and data protection needs, with majority of them purchase more than three products. Managing a fragmented solution landscape brings more complexity to the security teams with additional costs and efforts to bring siloed signals together while building a unified remediation plan across. "The total average cost of activities to resolve insider threats over a 12-month period is $15.4 million." - 2022 Cost of Insider Threats Global Report - Ponemon Institute Citations Cost of a Data Breach Report 2022, IBM Cost of Insider Threats Global Report 2022, Ponemon Institute February 2022 survey of 200 US compliance decision-makers (n=100 599-999 employees, n=100 1000+ employees) commissioned by Microsoft with MDC Research
• #20: Before we get into products, let’s make it real and show you some common scenarios. Because of all the complexities we have discussed, data security incidents can happen anytime and anywhere. First, when organizations don’t have visibility into their data, data is at risk of misuse. It’s like if you have you have your garage filled with so much stuff that you don’t have visibility in all your things, then there is a bigger chance that you wouldn’t even notice when things are stolen.   Data security incidents can be caused by: External – this is the one most organizations are aware of. Example - A user falls prey to a phishing email and their account was compromised. The compromised account stole and exposed sensitive data. Internal – these are carried out by “insiders” as we discussed in the first slide. In this category, there are 3 common scenarios: Data theft: Malicious insiders stealing data for personal gain. Example – A departing employee stole corporate intellectual property (IP) and took it with them to their next employer. Data leak: Negligent users accidentally overexposed data in AI applications when working on confidential information. Data sabotage: A disgruntled employee sabotaging corporate data. Example – A user is frustrated for not getting promotion and deletes all the information before he leaves the company. Today, we will take a look a couple scenarios that bring these to live.
• #21: This rapid AI transformation is only compounding today’s challenges around securing and governing data.   More than 80% of leaders have cited leakage of sensitive data as their main concern, with almost half of them expecting to continue banning all use of GenAI in the workplace. Only 31% of organizations have established a global data architecture and only 25% have a global data quality program, which you’ll hear later is critical to trustworthy AI innovation. Regulatory liability will continue to play a larger role in AI deployments. By 2027, at least one global company will see its AI deployment banned by a regulator for noncompliance issues.
• #22: So how can organizations get ahead of their data security challenges. They need to understand hidden risks to their data – this starts with getting visibility into what data your have, where it is located, how your users are interacting with that data, what activities are happening in your organization. Without this visibility, you will not be able to effectively protect the data. Once you have that visibility into data risks, you can implement multiple layers of controls – you need to combine that data context with the user context so that you can create effective data loss prevention policies across the digital landscape. Remember – there is no one size fits all – and that applies to your DLP policies as well. We hear from customers that they scope their DLP policies to most users and therefore only run them in audit mode, since they do not want to impede user productivity. Such a strategy, prevents the organization from being proactive and keeps in the reactionary stage. And finally, if and when a data security incident happens, you need to be able to quickly investigate and remediate the incident and put policies in place to prevent similar incidents from happening in the future.
• #23: Speaker notes Most organizations that are at the beginning of their data security journey are struggling with this question. What would be the best way to start? The first step in managing data security risks is understanding what happens in the organization. The Data Security Envisioning Workshop powered by Data Security Check could be a first step because it helps to: Objectively quantifies the challenges by analyzing existing data for artifacts that might impose data security risks to the organization. Identify risky behavior involving sensitive data Analyze the existing data without the need for extensive hardware or costly tooling. Builds on the existing infrastructure and analyze data and user behavior without the need for exporting or copying data or logs. Helps to understand and learn about solutions Microsoft has to offer to help you manage and protect your data and mitigate data security risks contained in corporate data.
• #24: Speaker notes: In this section we will introduce the Data Security Check to the audience We will talk about what has been done and why. Guidance Consider reducing this section if the audience has already been in the pre-engagement or kick-off meeting..
• #25: Speaker notes: Important to emphasize it is: An automated process that will monitor behavior and communication of a select group of users. Using existing Microsoft Purview tools and services that are available in the customer’s tenant. A license will be provided to enable the services the customer does not own. Will identify real risks and threats the customer recognizes and can relate to.
• #26: Speaker notes A 10,000-foot view on Data Security Check. There are three major buckets of activities: Enabling and configuring all the services required for the automated discovery process in the customer’s Microsoft 365 tenant. The automated discovery process runs for two weeks and crawls all data sources in Microsoft 365 for previously defined compliance related artifacts, additionally it scans for risky user behavior related to sensitive data. Analyzing and reporting on the findings of the automated discovery, provide (product) recommendations for mitigation.
• #27: Speaker notes: The Data Security Check is built on a modular concept. Every Data Security Check starts with a core activity to: Apply required trial licenses Define permissions and access Define and configure sensitive information types relevant to the customer Followed by four (4) mandatory modules focused on the most common data repositories: E-mail (Exchange Online) Document storage (SharePoint Online) Collaboration (Teams) And the analysis of user behavior related to sensitive data: Insider Risk Management To qualify for the associated funding, a partner must deliver the four (4) mandatory modules. And one (1) of the additional modules: Compliance Manager On-premises data repositories such as file shares or SharePoint Server libraries Windows 10/11 End point devices Communication Compliance Data security for Generative AI Based on customer requirements additional optional modules can be included in the engagement. Next, the data security risks identified by the Data Security Check will be analyzed and documented for use in the last activity of the engagement (Recommendations and Next steps) Optionally, at the end of the Data Security Check, all configuration and setup will be removed. The following slides provide more detailed information about the optional activities.
• #28: Speaker notes: It is important to discuss the scoping of Data Security Check. Briefly touch on all in-scope items Do not discuss exclusions or out-of-scope, as this will be on the next slide. Enable Data Security Check discovery services The core Data Security Check focuses on data stored in the commonly used cloud services and analyzing user behavior: E-mail  Exchange on-line Document storage  SharePoint on-line Collaboration  Teams User Behavior  related to sensitive information across Microsoft 365 For this the following services have to be enabled: Data Loss Prevention for Exchange, SharePoint, and Teams Insider Risk Management Sensitive Information Types Depending on the optional modules chosen, additional services should be enabled: Compliance Manager Information Protection Scanner Data loss prevention for Endpoints Communication Compliance Purview Data Security Posture Management for AI Enabling Data Security Check Discovery Services The automated discovery services will run for approximately 2-3 weeks and search for sensitive information, stale data, and suspicious / risky activities. Analysis and Reporting The findings of the Automated Discovery Process will be analyzed by identifying a top 10 of high impact data security risks, risky storage locations, and risky user behavior. The findings will be included in the closeout presentation that will be delivered at the end of the Data Security Envisioning Workshop
• #29: Speaker notes: At least one (1) optional module must be delivered as part of the mandatory scope. Discuss with your customer which module will be included. Additionally, the customer has the option to also opt-in to the additional modules. Briefly touch on all optional modules. Do not discuss exclusions or out-of-scope items as these are on the next slide. Compliance Manager The customers current Microsoft 365 environment will be assed against a set of controls for key regulations and standards for data protection and general data governance. On-premises infrastructure and data storage The default scope for Data Security Check only looks at data stored in the Microsoft Cloud. This optional module extends the automated discovery process to on-premises data repositories such as file shares and SharePoint server libraries. Windows endpoints Data Security Check leverages Endpoint Data Loss Prevention to identify risky behavior by users working with sensitive data on their workstations or laptops. Communication Compliance User communications (Teams, Exchange, Viva Engage) will be monitored for the presence of sensitive information and risky activity that can cause data security risks. Data security for Generative AI Identify Shadow AI in the organization, are user using unmonitored, unmanaged or unsanctioned AI applications Discover sensitive information and locations with potential oversharing risk based on existing pattern. Understand how users interact with Microsoft Copilot.
• #30: Speaker notes: Briefly discuss all out-of-scope items As you discuss subjects, regulatory concerns, or portions of the organization that are out of scope, you may want to update this slide to also include those items. It’s important to help them differentiate the activities in the Data Security Check from the overall capabilities of Microsoft Purview. Purview can be used across multiple clouds, but the scope of the risk check is Microsoft 365. Non-Microsoft Cloud services The Data Security Check Automated Discovery process does not discover data in other cloud services. Proof of concept or pilot deployment The engagement will not deliver an isolated proof of concept or production pilot. People & Processes The Data Security Check Automated Discovery process does not look at people or processes in an organization.
• #31: Speaker notes: The following deliverables have been defined for the Data Security Check: The findings report, which provides an overview of the most important findings and identified risks. A list of recommendations The recommendations are customer specific Based on the findings from the automated discovery process. Actional next steps A list of actionable next steps Prioritized based on deployment effort, cost, risk and expected outcome All deliverables will be part of the close out presentation that is planned as last activity for Data Security Envisioning Workshop .
• #32: Speaker notes Only for “authorized people”, defined by you Users have to explicitly grant rights to access findings and results, leverages RBAC (Role Based Access Control). Access will only be granted for people that you have identified. The customer has to assign the appropriate roles. Findings and results are only visible for authorized people. Personal Identifiable Data (PII) can be removed Discovery results and findings will by default contain PII data such as usernames or identifiable data repositories. If needed this PII information can be masked or removed. “It is your data and you control access.”
• #33: Speaker notes: The Automated Discovery process is the key element for Data Security Check In this section we will explain how the discovery process works and what it looks for.
• #34: Speaker notes The Data Security Check includes four (4) mandatory modules: Exchange online SharePoint online Teams Insider Risk Management These four mandatory modules look for: Sensitive information, documents containing artifacts that are sensitive to the organization. For example, documents containing Personal Identifiable Information (PII), credit card numbers or custom defined artifacts like product names Stale Data, data that is no longer used and has expired but still is present in user mailboxes or SharePoint libraries Risky User Activity, end user behavior that could impose a data security risk to the organization. NOTE: The next slides will provide more detail on each of the scenarios
• #35: Guidance Only deliver this section if the audience is interested in technical details and or background. Leave hidden if this level of detail is not needed / unwanted. Speaker notes It is important to understand where the Automated Discovery process searches for data security risks. Exchange Online and SharePoint Online are used as the two primary data storage locations. Teams messages are scanned while in transit by Data Loss Prevention for Teams or optionally through Communication compliance If the Purview Information Protection scanner is deployed on-premises, Auto Discovery will search file shares and SharePoint locations which may be migrated to Microsoft365 in the near future. Endpoint Data Loss Protection will monitor activity on the Windows 10/11 endpoint. Data will be checked for the presence of sensitive information, also when copied to external locations such as Network USB or even when printed. When adding Communication Compliance, Viva Engage will also be added as a target data repository for the automated discovery process The Automated Discovery process will check for the presence of Sensitive Information Types relevant to the customer. Insider Risk Management will consider all activities across all repositories and services Data Security Posture Management for AI will consider activity and interactions for both Microsoft Copilot and 3rd party generative AI websites Changes to the master slide Added hidden slide banner Made slide hidden Added guidance
• #36: Guidance Prior to initial meetings, you can use the listing of sensitive info types out of the box, together with the customer’s geography and vertical to suggest a slide update before your first meeting: Sensitive information type entity definitions - Microsoft Purview (compliance) | Microsoft Learn Document the sensitive info types the customer wants to include in the automated discovery process on the next slide Speaker notes How do we find data that might impose a data security risk? We do this by looking for sensitive info types. Sensitive info types come in many forms. Microsoft Purview comes with a number of built in classifiers for identifying sensitive information in the organization Sensitive info types Named entities Pre trained classifiers Credentials Organizations can use these classifiers out of the box, customize them, or create their own, to meet the unique needs of their businesses. The automated discovery process will leverage these pre-defined sensitive info types. We do not recommend searching for all sensitive data but to instead select what is relevant to your customer. This can be defined either in the pre-engagement meeting or the kick-off meeting. Speaker notes Business intellectual property Think of documents that have specific keywords such as product names, unique design numbers, or project names. For example, search for “Project Enigma” or documents that contain words like “Confidential” or “Company Secret” Employee or customer information Customers and employees are usually assigned a unique number. We will define search logic to identify these unique numbers. Highly confidential information Additional custom search queries for specific information. Typically this information can be recognized by keywords or labels like Highly Confidential. Geographical Requirements These are often in place to protect the privacy of citizens or identify the flow of information across borders Industry Requirements These are often defined by an industry or governing body to standardize and identify the processes for handling sensitive data Regulatory requirements These are often set by individual countries to protect and meet the unique needs of their citizens.
• #37: Speaker notes Much of the data that is created by organizations becomes stale or unused immediately after creation. Unused data can be a risk and cause unwanted liability. The automated discovery process will identify documents older that a pre-defined period (configurable). Will provide insight in number of documents. Two examples to mention from previous engagements Customer is a 100-year-old organization, they have never deleted anything. Boxes of files and documents --> how do we start? But also the flip side of the coin: Driven by all the threats and data breaches --> delete everything strategy (everything older than a year).
• #38: Speaker notes Every Insider Risk Management module starts with the mandatory Insider Risk Analytics activity. Depending on the customer’s preference, at least one of the two Insider Risk Management scenarios will be implemented: General Data Leaks Data Theft by Departing Users At a minimum, one scenario must be implemented to qualify for engagement funding. NOTE: do not provide too much detail about the different scenarios; they will be discussed in detail on the next slides.
• #39: Guidance Unhide and discuss this slide if the audience is technical and requests more technical background and details. Speaker notes Analytics is the first activity for the Insider Risk Management Module. Insider risk management analytics evaluates potential insider risks in the organization without the need to configure policies or do additional setup. Helps your organization identify potential areas of higher user risk and help determine the type and scope of insider risk management policies. This is a mandatory activity that will always be delivered as part of the Insider Risk Management module. Changes to the master slide Added hidden slide banner Made slide hidden Added guidance
• #40: Guidance Unhide and discuss this slide if the audience is technical and requests more technical background and details. Speaker notes: Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider risk management enables customers to create policies to manage security and compliance. The Data Security Check focusses on two scenarios (more are available): General Data Leaks Data Theft by Departing User Guide the user through the two scenarios and decide on the scenario(s) to implement. Activity Work with your customer to decide on the scenarios to implement. Document the decisions on the next slide. Changes to the master slide Added hidden slide banner Removed activity banner Made slide hidden Added guidance
• #41: Guidance Unhide and discuss this slide if the audience is technical and requests more technical background and details. Speaker notes: Discuss the indicators and triggers that will enrich Insider Risk Management. Both the HR Connector and Azure Active Directory account deletion can provide user context and will increase risk levels. (An employee leaving the organization is more likely to take data.) Endpoint integration enhances visibility on risky or malicious activities related to sensitive data. (Virtual) HR Connector Connection to the HR system to inform Insider Risk Management on the employment status of an employee. The employment status will be correlated to the risk score. The Data Security Check guidance offers a virtual implementation: Instead of connecting to the HR system (might be complex or unwanted for the engagement), the employee status is provided through a CSV file. Azure Active Directory account deletion Automatically checks for user account deletion in Azure Active Directory for the customer’s organization. Alternative to the HR connector. Can be used in parallel. Endpoint integration Provides additional signals to enrich Insider Risk Detection. Activities such as sharing files, copying files to cloud storage or USB devices are considered as additional indicators. IMPORTANT: Requires the endpoints to be enrolled in Purview. Activity: Together with your customer, decide on which triggers and indicators to implement. Document the decisions on the next slide. Changes to the master slide Added hidden slide banner Removed Activity banner Made slide hidden Added guidance
• #42: Speaker notes: Review the following optional modules with your customer to identify which modules (choose at least 1) to include as part of the Data Security Check
• #43: Guidance Discuss the optional modules with your customer Speaker notes The Data Security Check includes four (4) optional modules. For the Data Security Envisioning Workshop at least one (1) optional module must be delivered Compliance Posture Leverages Compliance manager and assess the customers Microsoft 365 environment against key regulations and standards for data protection and data governance On-premises infrastructure and data storage By installing the Purview Information protection scanner, the automated discovery process will be extended to on-premises data sources The on-premises data sources include SMB file shares and SharePoint server libraries The Information Protection Scanner will (re-)use the search artifacts that are also used by the cloud discovery process. Windows endpoints Data Loss Prevention services will be extended to also include Windows 10 or Windows 11 Endpoints DLP will identify risky behavior of end users working with sensitive data on their workstations and or laptops. User communication Communication Compliance will add additional functionality to Data Loss Prevention for teams. User communication will be monitored for inappropriate text, policy violations conflict of interest, etc. Data security for Generative AI Identify Shadow AI in the organization, are user using unmonitored, unmanaged or unsanctioned AI applications Discover sensitive information and locations with potential oversharing risk based on existing pattern. Understand how users interact with Microsoft Copilot. NOTE: The next slides will provide more detail on each of the scenarios
• #44: Guidance Only deliver this section if the audience is interested in technical details and/or background. Leave hidden if this level of detail is not needed / unwanted. Unhide the slide, remove the black banner “Hidden Slide” and discuss the slide contents if the audience is technical and requests more technical background and details. Speaker notes: The Compliance Manager Tenant Assessment is an optional module focused on assessing the customer’s Microsoft 365 environment against key data protection standards and regulations. It leverages Purview Compliance Manager to assess the customer’s Microsoft 365 environment. Changes to the master slide Added hidden slide banner Made slide hidden Added delivery guidance
• #45: Guidance Only deliver this section if the audience is interested in technical details and/or background. Leave hidden if this level of detail is not needed / unwanted. Unhide the slide, remove the black banner “Hidden Slide”, and discuss the slide contents if the audience is technical and requests more technical background and details. Speaker notes: The objective for this optional activity is to assess the customer’s Microsoft 365 environment against key data protection standards and regulations. The activity leverages regulatory assessments offered by Compliance Manager. The customer’s tenant will be assessed against: The Baseline Assessment, based on the most important elements from NIST CSF, ISO, FEDRAMP, and GDPR. At least one additional regulatory template that aligns to specific customer requirements or compliance regime. Additional regulatory templates per customer requirement. Compliance Manager will provide an overview of improvement actions and implementation guidance. Activity Together with your customer, decide if this module will be part of the engagement. Compliance Manager provides a comprehensive set of regulatory templates for creating assessments. Discuss with your customer the relevancy of the regulatory templates to their organization and decide the template(s) to implement. Document the decisions on the next slide. Changes to the master slide Added hidden slide banner Made slide hidden Added delivery guidance
• #46: Guidance Only deliver this section if the audience is interested in technical details and/or background. Leave hidden if this level of detail is not needed / unwanted. Unhide the slide, remove the black banner “Hidden Slide” and discuss the slide contents if the audience is technical and requests more technical background and details. Speaker notes: Customers with high volumes of data stored in on-premises data repositories can benefit from the optional Purview Information Protection Scanner module. This module leverages Purview Information Protection Scanner to scan network shares and SharePoint server libraries. Changes to the master slide Added hidden slide banner Made slide hidden Added delivery guidance
• #47: Guidance Only deliver this section if the audience is interested in technical details and/or background. Leave hidden if this level of detail is not needed / unwanted. Unhide the slide, remove the black banner “Hidden Slide” and discuss the slide contents if the audience is technical and requests more technical background and details. Speaker notes The on-premises automated discovery process leverages Purview Information Protection Scanner to scan for sensitive information in on-premises data stores. Connect to on-premises resources The Information Protection Scanner requires *read) access to the network shares (through SMB) and the SharePoint server libraries. Purview Information Protection Scanner will crawl on-premises file shares that are accessible through SMB and search for documents with sensitive information. The Purview scanner will scan the SharePoint server libraries for sensitive information and stale data. Runs as a service on Windows Server A physical, on-premises server is required. This server will run: SQL Server  to store the scan results. The Azure Information Protection client. IMPORTANT: The scanner will run in Discover Only mode: No files will be labeled. No files will me moved, deleted or protected. All content remains unchanged. Leverages the Azure Information Protection client. The Azure Information Protect client will be installed on the scanner server. Server configuration will be provisioned from Purview Compliance Portal. The scanner will use the sensitive information types configured for the other activities. Classifies the same types of files as the client. Re-uses the previously configured sensitive information types. Activity Together with your customer, decide if this module will be part of the engagement. Use the next slide to document the on-premises data sources to include. Changes to the master slide Added hidden slide banner Made slide hidden Added delivery guidance
• #48: Guidance Only deliver this section if the audience is interested in technical details and/or background. Leave hidden if this level of detail is not needed / unwanted. Unhide the slide, remove the black banner “Hidden Slide” and discuss the slide contents if the audience is technical and requests more technical background and details. Speaker notes: This optional module will extend the previously configured Data loss Prevention Service to end user devices and will monitor the actions that are being taken on items determined to be sensitive for the organization. Changes to the master slide Added hidden slide banner Made slide hidden Added delivery guidance
• #49: Guidance Only deliver this section if the audience is interested in technical details and or background. Leave hidden if this level of detail is not needed / unwanted. Unhide the slide, remove the black banner “Hidden Slide” and discuss the slide contents if the audience is technical and requests more technical background and details. Speaker notes Endpoint activity monitoring and Data Loss Prevention. Using the built in Windows 10/11 capabilities, Endpoint DLP will monitor activity on endpoints. Collect information on audited activity When files are copied, moved, created, printed, etc. their contents will be checked for the presence of sensitive information. In case of a match, information about the activity and the file will be collected. Leverage Activity Explorer to review activities Activity Explorer will instantly show all activity in both a graphical overview and in a table format. The overview will include historical data as well as current activity. Activity: Together with your customer decide if this module will be part of the engagement. Decide on the devices to include in the automated discovery process Decide on how to enroll the devices into the Purview portal Changes to the master slide Added hidden slide banner Made slide hidden Added delivery guidance
• #50: Guidance Only deliver this section if the audience is interested in technical details and or background. Leave hidden if this level of detail is not needed / unwanted. Unhide the slide, remove the black banner “Hidden Slide” and discuss the slide contents if the audience is technical and requests more technical background and details. Where Data Loss Prevention for Teams evaluates inter-user communications for the presence of sensitive information, Communication Compliance will monitor (chat) messages for business conduct violations such as sensitive or confidential information, harassing or threatening language, and sharing of adult content. Changes to the master slide Added hidden slide banner Made slide hidden Added delivery guidance
• #51: Guidance Only deliver this section if the audience is interested in technical details and/or background. Leave hidden if this level of detail is not needed / unwanted. Unhide the slide, remove the black banner “Hidden Slide” and discuss the slide contents if the audience is technical and requests more technical background and details. Speaker notes The Communication Compliance service will monitor user communication. For the User Risk Check, two scenarios must always be delivered: Inappropriate text Sensitive information Additionally, based on a customer’s requirements and interest, the customer can choose to also implement: - The Conflict of interest scenario NOTE: do not provide too much detail about the different scenarios, they will be discussed in detail on the next slides. Changes to the master slide Added hidden slide banner Made slide hidden Added delivery guidance
• #52: Guidance Unhide the slide, remove the black banner “Hidden Slide” and discuss the slide contents if the audience is technical and requests more technical background and details. Speaker notes: The Inappropriate text scenario is focused on identifying cyber bullying, harassment, or inappropriate messages. It will scan 100% of communications across Exchange Online, Teams, and Yammer. But only for users that are participating in the Data Security Check. Next to keywords, machine learning and artificial intelligence are used to identify inappropriate content. It is not about just inappropriate words but also about context. For example: “Here is a picture of my donkey” is different from “You are a real donkey”. This is a mandatory activity that must always be delivered as part of the Communication Compliance module. Changes to the master slide Added hidden slide banner Made slide hidden Added guidance
• #53: Guidance Unhide the slide, remove the black banner “Hidden Slide” and discuss the slide contents if the audience is technical and requests more technical background and details. Speaker notes: The Sensitive Information scenario is focused on monitoring legitimate communication that contains sensitive information. It will identify both unintended and malicious sharing of sensitive corporate data. By default, it will scan 10% of communications across Exchange Online, Teams, and Yammer. This can be changed if needed/desired. Sensitive information can be defined in several ways: Out-of-the-box Sensitive Info Types such as a credit card number or a social security number (as discussed on previous slides). Custom Sensitive Info Types that are custom built to identify sensitive organizational information that is relevant to the customer. Keyword lists or dictionaries. This is a mandatory activity that will always be delivered as part of the Communication Compliance module. Changes to the master slide Added hidden slide banner Made slide hidden Added guidance
• #54: Guidance Unhide the slide, remove the black banner “Hidden Slide” and discuss the slide contents if the audience is technical and requests more technical background and details. Speaker notes: The Conflict-of-interest scenario is focused on monitoring communications between users and/or groups of users that, because of their roles, may have conflicting interests. By default, it will scan 100% of communications across Exchange Online, Teams, and Yammer. The scenario will only evaluate internal communications. This is an optional scenario and can be implemented based on a customer’s requirements or interest. Changes to the master slide Added hidden slide banner Made slide hidden Added guidance
• #55: Guidance Only deliver this section if the audience is interested in technical details and or background. Leave hidden if this level of detail is not needed / unwanted. Unhide the slide, remove the black banner “Hidden Slide” and discuss the slide contents if the audience is technical and requests more technical background and details. Speaker notes: The optional Data Security for AI activity that will extend the Automated Discovery Process with insights into generative AI usage and potential associated data security risks within the organization. The Data Security for AI activities are organized around 3 scenarios that depend on which AI applications the customer is using and what features they have enabled. These different scenarios will be discussed on the next slides. Changes to the master slide Added hidden slide banner Made slide hidden Added delivery guidance
• #56: Guidance Only deliver this section if the audience is interested in technical details and or background. Leave hidden if this level of detail is not needed / unwanted. Unhide the slide, remove the black banner “Hidden Slide” and discuss the slide contents if the audience is technical and requests more technical background and details. Speaker notes Leveraging the capabilities of Purview DSPM for AI, organizations can effectively identify data security threats associated with the use of generative AI such as Microsoft Copilot and other third-party AI applications. Furthermore, Purview DSPM for AI aids in exploring data security risks that may result from over-sharing or data leakage. Purview DSPM for AI will: Provide insight into the (hidden) usage of 3r party Generative AI applications by the organizational users a.k.a. Shadow AI Report on oversharing of (sensitive) content within the organization Additionally, based on the organization’s use of Microsoft Copilot, Purview DSPM for AI will offer detailed insights and information on its usage. NOTE: do not provide too much detail about the different scenarios, they will be discussed in detail on the next slides. Changes to the master slide Added hidden slide banner Made slide hidden Added delivery guidance
• #57: Guidance Only deliver this section if the audience is interested in technical details and or background. Leave hidden if this level of detail is not needed / unwanted. Unhide the slide, remove the black banner “Hidden Slide” and discuss the slide contents if the audience is technical and requests more technical background and details. Speaker notes: While organizations/IT departments hold off the deployment of generative AI solutions because they first want address data security concerns, the users do not wait and start using unsanctioned or unmanaged (public) AI applications. The Shadow AI / 3rd party generative AI scenario that is part of the Data security for generative AI module will use DSMP for AI to: Report on users visiting 3rd party gen AI sites Supported AI sites by Microsoft Purview for data security and compliance protections | Microsoft Learn Discover sensitive content pasted or uploaded in Microsoft Edge to AI sites. Requirements -important to discuss- : All the devices that will participate in this module need to be enrolled in Microsoft 365, this will require to run an enrollment script locally (instructions provided) The Purview browser extension needs to be installed in the browser on the endpoint. (Instructions for Edge are provided) The Shadow AI/3rd party generative AI scenario is a mandatory part of the Data security for generative AI module. Changes to the master slide Added hidden slide banner Made slide hidden Added delivery guidance
• #58: Guidance Only deliver this section if the audience is interested in technical details and or background. Leave hidden if this level of detail is not needed / unwanted. Unhide the slide, remove the black banner “Hidden Slide” and discuss the slide contents if the audience is technical and requests more technical background and details. Speaker notes: Optional activity that can be delivered if the organization is already using Microsoft Copilot. Uncover hidden risks in using natural language prompts. Helps calculate user risk by detecting risky prompts and responses in Microsoft 365 Copilot Insight into Copilot usage Detect sensitive info shared with Copilot Detect sensitive information in prompts and responses in Microsoft 365 Copilot Changes to the master slide Added hidden slide banner Made slide hidden Added delivery guidance
• #59: Guidance Only deliver this section if the audience is interested in technical details and or background. Leave hidden if this level of detail is not needed / unwanted. Unhide the slide, remove the black banner “Hidden Slide” and discuss the slide contents if the audience is technical and requests more technical background and details. Speaker notes: Customers planning to deploy a generative AI solution in his/her organization and wanting to understand the risks of data oversharing. DSPM for AI activity will evaluate the top 100 SharePoint sites in the organization and report on over-permissioned and overshared data. The outcome and findings of this activity will be merged into the overall findings and recommendations that will be presented at the end of the Data Security Envisioning Workshop . Assess the top100 sites every week Provides insight on what is shared and with who The AI Oversharing scenario is a mandatory part of the Data security for generative AI module. Changes to the master slide Added hidden slide banner Made slide hidden Added delivery guidance
• #60: Speaker notes: The third activity for the Engagement: Data Risk Management is focused on getting to know Microsoft’s compliance vision and the Purview product suite
• #61: Speaker notes: The focus for this activity is: Introduce the Microsoft Purview vision. Outline Microsoft’s approach to providing integrated compliance. Discuss the benefits of a platform solution and how it provides end-to-end data security
• #62: Speaker notes: The last activity for the Data Security Envisioning Workshop . Focused on bringing it all together: What we have learned from the organization. What we found during the Data Security Check. The Microsoft product portfolio. Mapping risks to solutions. Building a list of actionable next steps.
• #63: Speaker notes: All the learning from the individual activities come together. The identified risks will be mapped to solutions that fit in the organization’s compliance vision and strategy.
• #64: Speaker notes: No speaker notes available for this slide
• #65: Speaker notes: No speaker notes available for this slide