Describe the data compliance solutions of Microsoft Purview Flashcards
An employee is suspected of sending sensitive infos to a key competitor.
You need to preserve the evidence of the activity.
What should you do?
A legal hold in the mailbox
In Purview, eDiscovery has an hold feature.
It can apply to a mailbox and will retain all changes, including deletions.
For what a Data Loss Prevention (DLP) Policy can be used?
A DLP Policy can be used to identify sensitive info used in M365 apps and it can be set up to prevent that info from being shared.
Define Digital signature
Digital signatures ensure that unauthorized data modifications can be detected.
It uses digital certificates in outlook: if the email has been modified in transit, the signature will be invalid
BUT
* it doesn’t encrypt data in email (that’s S/MIME protocol)
* it doesn’t ensure data can be recovered if accidentally deleted
——–helps customers with compliance by displaying controls for a given standard, starting with templates.
However it doesn’t guarantee compliance
Compliance Manager
What does Microsoft Purview Insider Risk Management correlate to identify potential risks?
Various signals to identify potential malicious or inadvertent insider risks such as IP theft, data leakage, and security violations.
Insider risks can be both intentional and unintentional actions that compromise security.
What does insider risk management enable customers to create?
Policies to manage security and compliance.
These policies help organizations tailor their risk management strategies.
What is a key design principle of Microsoft Purview Insider Risk Management?
Built with privacy by design.
This means that privacy considerations are integrated into the system from the outset.
How are users treated in Microsoft Purview Insider Risk Management regarding privacy?
Users are pseudonymized by default.
Pseudonymization helps protect user identities while managing risks.
What access controls are in place to ensure user-level privacy?
Role-based access controls and audit logs.
These measures help restrict data access and track user interactions.
What is the primary function of Microsoft Purview Insider Risk Management?
To help minimize internal risks by detecting, investigating, and acting on malicious and inadvertent activities.
This involves monitoring user behavior to identify potential threats.
What do insider risk policies allow organizations to define?
The types of risks to identify and detect in their organization.
This customization is crucial for addressing specific organizational needs.
What can be done with cases identified by insider risk policies?
Acting on cases and escalating cases to Microsoft eDiscovery (Premium) if needed.
Escalation ensures that serious cases receive appropriate attention.
When you create a new insider risk policy with the policy workflow, what are the policy templates available?
- Data theft by departing users: works with indicators and info from HR connector
- Data leaks
- Data leaks by risky users: to detect when a potentially stressed user has unadvertenly or maliciously contravened security protocols. Works with combined indicators from Defender for endpoint with HR connector
- Security policy violations: to determine when a user has installed malware or disabled security feature on its device. Leverages MS Defender for endpoint to determine
What does eDiscovery allow you to search for?
Content stored in Exchange mailboxes, OneDrive accounts, SharePoint sites, Microsoft Teams, Microsoft 365 Groups, and Viva Engage Teams
What is the purpose of exporting search results in eDiscovery?
To copy items from their original content location and package them for download to a local computer
What does placing content locations on hold accomplish?
Preserves content relevant to an investigation and secures it from deletion
What is a review set in eDiscovery?
A secure Azure Storage location in the Microsoft cloud for collecting and analyzing data
What can you do with the items in a review set?
Search, filter, tag, analyze, and predict relevancy using predictive coding models
What functionality does Optical Character Recognition (OCR) provide in a review set?
Extracts text from images and includes it with the content added to a review set
What is the benefit of conversation threading in eDiscovery?
Allows collection of entire conversation threads for context during review
True or False: eDiscovery allows for the deletion of content during an investigation.
False
Fill in the blank: A review set provides a _______ set of content that can be analyzed.
[static, known]
What is Microsoft Purview Data Lifecycle Management?
(formerly Microsoft Information Governance)
tools and capabilities to retain the content that you need to keep, and delete the content that you don’t.
What are Microsoft Purview Data Lifecycle Management features?
Retention policies are the cornerstone for data lifecycle management. Use these policies for Microsoft 365 workloads that include Exchange, SharePoint, OneDrive, Teams, and Viva Engage.
- Configure whether content for these services needs to be retained indefinitely, or for a specific period if users edit or delete it.
- Or you can configure the policy to automatically permanently delete the content after a specified period if it’s not already deleted.
- You can also combine these two actions for retain and then delete, which is a very typical configuration. For example, retain email for three years and then delete it.
When you configure a retention policy, you can target all instances in your organization (such as all mailboxes and all SharePoint sites), or individual instances (such as only the mailboxes for specific departments or regions, or just selected SharePoint sites).
If you need exceptions for individual emails or documents, such as a longer retention period for legal documents, you do this with retention labels that you publish to apps so that users can apply them, or automatically apply them by inspecting the content.
Retention labels are also used with Adaptive Protection, if you’re using this solution with insider risk management. In this case, the retention label and auto-apply policy is automatically created for you.
Other data lifecycle management capabilities to help you keep what you need and delete what you don’t:
* Mailbox archiving to provide users with additional mailbox storage space, and auto-expanding archiving for mailboxes that need more than 100 GB storage. A default archiving policy automatically moves email to the archive mailbox, and if required, you can customize this policy.
* Inactive mailboxes that retain mailbox content after employees leave the organization.
What’s the difference between Azure Information Protection and Azure Rights Management?
Azure Information Protection (AIP) provides classification, labeling, and protection for an organization’s documents and emails.
Content is protected using the Azure Rights Management service, which is now a component of AIP.
What’s the difference between Azure Information Protection and Microsoft Purview Information Protection?
Unlike Azure Information Protection, Microsoft Purview Information Protection isn’t a subscription or product that you can buy. Instead, it’s a framework for products and integrated capabilities that help you protect your organization’s sensitive information.
Microsoft Purview Information Protection products include:
- Azure Information Protection
- Microsoft 365 Information Protection, such as Microsoft 365 DLP
- Windows Information Protection
- Microsoft Defender for Cloud Apps
Microsoft Purview Information Protection capabilities include:
- Unified label management
- End-user labeling experiences built into Office apps
- The ability for Windows to understand unified labels and apply protection to data
- The Microsoft Information Protection SDK
- Functionality in Adobe Acrobat Reader to view labeled and protected PDFs
What is Azure Information Protection?
Azure Information Protection (AIP) provides the encryption service, Azure Rights Management, that’s used by Microsoft Purview Information Protection and the following capabilities:
- Sensitivity labels
- Microsoft Purview Information Protection client
- Microsoft Purview Information Protection scanner
- Microsoft Information Protection SDK
What is Azure Rights Management?
Azure Rights Management (Azure RMS) is the cloud-based protection technology used by Azure Information Protection.
Azure RMS helps to protect files and emails across multiple devices, including phones, tablets, and PCs by using encryption, identity, and authorization policies.
For example, when employees email a document to a partner company, or save a document to their cloud drive, Azure RMS’s persistent protection helps secure the data.
Protection settings remain with your data, even when it leaves your organization’s boundaries, keeping your content protected both within and outside your organization.
Azure RMS may be legally required for compliance, legal discovery requirements, or best practices for information management.
Azure RMS ensures that authorized people and services, such as search and indexing, can continue to read and inspect the protected data.
Ensuring ongoing access for authorized people and services, also known as “reasoning over data”, is a crucial element in maintaining control of your organization’s data. This capability may not be easily accomplished with other information protection solutions that use peer-to-peer encryption.
What role do sensitivity labels play in data protection?
Sensitivity labels safeguard sensitive content, offering multiple layers of protection.
How do sensitivity labels enforce security measures?
Once defined and applied, they automatically enforce necessary security measures to protect data.
What is one key feature of sensitivity labels related to file encryption?
They can automatically apply encryption to sensitive files and emails.
What does encryption ensure regarding sensitive content?
Only authorized users with decryption keys can access the content.
What is the purpose of access control in sensitivity labels?
To restrict access to sensitive data, controlling who can view, edit, or share specific content.
Fill in the blank: A file labeled as ‘Confidential’ might only be accessible to a _______.
[select group of employees]
What visual markings can sensitivity labels add to documents?
Watermarks, headers, or footers.
Why are visual markings important in document management?
They provide a visible indication of the content’s sensitivity level.
True or False: Sensitivity labels do not help users identify how to handle documents.
False
What risk do sensitivity labels help reduce?
The risk of unintentional misuse of documents.
What is records management?
Records management takes retention a step further by applying advanced controls to business-critical or legally required records.
What does immutability mean in the context of records management?
Immutability means records can’t be altered once classified as records, ensuring legal and regulatory compliance.
What is the purpose of understanding the records management solution?
To leverage advanced retention capabilities designed for content that must be preserved as records.
What is a file plan in records management?
A file plan helps organize your retention schedules by categorizing records based on their type and retention requirements.
How does a file plan function in records management?
It acts as a roadmap for governing specific sets of content across your organization.
What are retention labels?
Retention labels classify content as a record and apply the appropriate retention rules.
What is the role of retention labels in records management?
They ensure that content is retained according to your file plan and that records are protected against deletion or modification.
What happens once records reach the end of their retention period?
The system can be configured to automatically delete or review the content for disposition.
Why is managing the permanent deletion of data important?
It helps maintain compliance by ensuring no records are kept beyond their required retention.
What is awarded when you complete the requirements for implementation of an improvement action?
Points
How often is the action status updated on your dashboard after a change?
Within 24 hours
What happens to the control status after following a recommendation to implement a control?
Updated the next day
How are points awarded for actions that appear in multiple assessments?
Per action per assessment
What is the exception for technical actions scoped to your tenant regarding points?
Points are granted once per action
What is the basis for calculating an improvement action’s overall score?
Average of scores received by its subscriptions
What affects the score of each subscription?
Status of the relevant virtual resources
What determines the score value assigned to actions?
Whether they’re mandatory or discretionary, and whether they’re preventative, detective, or corrective
What are mandatory actions?
Actions that can’t be bypassed
Give an example of a mandatory action.
Centrally managed password policy
What are discretionary actions?
Actions that rely on users to understand and adhere to a policy
Give an example of a discretionary action.
Locking computer when unattended
What do preventative actions address?
Specific risks
Give an example of a preventative action.
Protecting information at rest using encryption
What do detective actions do?
Actively monitor systems to identify irregular conditions or behaviors
Give an example of a detective action.
System access auditing
What do corrective actions aim to do?
Minimize adverse effects of a security incident
Give an example of a corrective action.
Privacy incident response
What does each action have assigned in Compliance Manager?
A value based on the risk it represents
What is the workflow in Purview communication compliance?
- configure
- investigate
- remediate
- monitor
What does the Compliance Manager dashboard display?
Your overall compliance score
This score measures progress in completing recommended improvement actions within controls.
What does the overall compliance score help you understand?
Your current compliance posture
It can also help prioritize actions based on their potential to reduce risk.
What is the basis for assigning a score value to improvement actions?
The potential risk involved
Each action has a different impact on your score.
How is the assessment score calculated?
Using improvement action scores
Each Microsoft action and each improvement action managed by your organization is counted once.
How is the overall compliance score calculated?
Using improvement action scores
Each Microsoft action, technical action, and nontechnical action managed is counted once.
What can cause your overall compliance score to differ from the average of your assessment scores?
The logic used to count actions
Each action is counted once to provide accurate accounting of implementation and testing.
Fill in the blank: The Compliance Manager dashboard measures your progress in completing recommended _______.
improvement actions
True or False: Each improvement action is counted multiple times in the compliance score calculation.
False
Each action is counted once to ensure accurate scoring.
The initial score in Compliance Manager is based on…………..
MS 365 data protection baseline, which is a set of controls including key regulations and standards for data protection
TRUE OR FALSE
Sensitivity label can be used to encrypt documents to prevent unauthorized access to information?
TRUE
Are sensitivity labels visible for all users?
No
They are not visible in apps to guests and users from other orgs
TRUE OR FALSE
Sentivity labels can be used to protect meeting and chats in MS Teams
TRUE
Teams admins can use sensitivity labels to protect meetings and chats to safeguard sensitive content created inside Teams
In compliance manager what is a control?
A control defines how system configurations are managed
Compliance score is calculated on 3 control categories: MS managed controls, customer managed control, shared controls
In compliance manager, what is an assessment?
An assessment defines actions that are required to meet the requirements of a standard
In compliance manager, what is a group?
A group organizes assessments by standard or service.
They make locating assessments easier.
You can group assessments by chosen attributes: by team, year, standard…
In compliance manager, what are templates?
Templates are preconfigured assessments
