Welcome back to part two of the 3-part-series about Security and Compliance Center. In case you missed part one you should check that out to make sure you have everything set for the following topics:
If you haven’t checked out my most ridiculous use of Office 365 tools for a simple survey and you want to smile… Check out that article #MicrosoftFormsIsEnterpriseReady 🙂 It is available in German and English.
This article is written in collaboration with Cian from Office 365 Ninjas. If you want us to work more together let us know and please share this article on your social media!
If someone is interested to work with me on an article, contact me via my email address or Twitter. I am happy to collaborate!
In-Place Archiving
In-Place Archiving
Verify that you are logged in as your global administrator and that this account is member of the “Organization Management” in your Security and Compliance Center. If you you want to see the guide for this, check out part one. Next go to “Data Governance” and “Archive” on the left side menu.
Here you see probably something familiar, if you are already used the Exchange Admin Center. You find the overview and the status of the users archive mailbox. You can disable and enable the archive either in the Security and Compliance Center or in the Exchange Admin Center.
Security and Compliance Center approach:
If you want to use the Exchange Admin Center, click in there on “recipients” (1), select the user and check the status for the archive mailbox on the right hand side (2). You can enable or disable it there as well, but I assume that both ways aren’t available forever.
Exchange Online Admin Center approach:
If you want to enable the archive via PowerShell you can do that of course as well. You can also check out the Office 365 PowerShell Basics article to get started with it. For this approach you open a PowerShell as an administrator and type:
Set-ExecutionPolicy Unrestricted
Select Yes / “Y” and pass your global administrator credentials into an variable via:
$UserCredential = Get-Credential
Then you have to start a new Exchange session (if you copy this, delete the line breaks):
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Please note that if you are using MFA it is a little different. You find that approach here. If that’s not a problem go ahead an use:
Import-PSSession $Session
Get the users mailbox to check the values:
Get-Mailbox -Identity Diana| Select displayname, *archive*
Enable the archive for him or her:
Enable-Mailbox -Identity Diana –Archive
That’s it for the PowerShell way. You can use the “Get-Mailbox” cmdlet again to check on the ArchiveStatus value.
Check the archive
You probably wonder how to check the feature, right? Open a internet browser and log in to Office 365 with the account you activated the archive. Go to Outlook Online, under Folders, click More and then you can view the archive folder as shown below.
Data Loss Prevention
Data Loss Prevention
Some might think: “I don’t need DLP”. I clearly can see that this is not something for everyone, but if you think how you can use DLP to easily educate your users, you might think different as you see in the next section.
First make sure you are again signed in as your global administrator and make sure he/she is still member or the Organization Management. Then go in your Security and Compliance Center to the left side menu, click “Data Loss Prevention” and then click “Policy”.
Click on “+ Create a policy”. Select “Financial”, “France Financial Data” and then click “Next”. It doesn’t matter that much, because you see in the picture below that it is about EU Debit Card Numbers.
Make sure that you give your policy a good name and please give that policy a description as well. I know, it is more to do, but I guarantee that you are happy if you check your policies after a while. Then click “Next”.
Next you choose your location where you policy gets applied. The more you cover, the better I would say.
Now, choose when you policy has to protect something. My policy trigger is if content is shared outside my organization.
Next you choose the actions of your policy. I have changed the instances from 10 to 1 and customized the “tip and email” section. Then click on next to activate your settings.
In the following screen you can directly activate your policy, keep it off or test it. For this demo I directly activate the policy. Make sure if you do that, that everything is really set correctly.
Last but not least you can review your settings and if everything is alright, click “Create”.
You can after creation review your policy again and adjust a few things, but for now I will show you what happens for the user.
Check your DLP policy
Note that you have to wait a few minutes to test this policy. In my tenant it took about 15 minutes. After that open Outlook Online and write a email to a person outside your company. After a few seconds you see the notification above the email.
You see the DLP-Policy works and you easily educate your users. To test it yourself, create the DLP policy like I did and save a valid credit card within a file. Try to send it outside your organization and you should get this notification as well.
This is a absolute win for IT and end users from my point of view.
Depending on your setting of the locations in the policy, this policy will also detect documents in OneDrive or SharePoint. Please be aware that the document must be crawled along with bring indexed before a DLP policy is applied to it.
Advanced Threat Protection
Advanced Threat Protection
ATP (Advanced Threat Protection) is again a pretty big topic. In this article I will focus on a safe link policy and the dashboard. To start off, click “Threat management” and click “Policy”.
Click “ATP Safe Links” and double click “Default” under “Policies that apply to the entire organization” and explore the options. Then go to the section “Policies that apply to specific endpoint” and click on the “+” icon.
Provide the name and description for the policy as noted below, change “Select the action for unknown potentially malicious URLs in messages” radio button to “On – URLs will be rewritten…”. Check “Use safe attachments to scan downloadable content”. Add your tenants domain by opening the drop-down and choosing “The recipient domain is…” at the bottom under the “Applied To” section. Recheck everything and click “Save”.
If you checked the picture above you saw a mistake. I did not write something in the description. Please be smart and do it better! 🙂
Check your ATP policy
To test the policy, send an email to a users mailbox, where your new policy was applied. Copy the link below in the email. The link is marked as malicious by Safe Links servers and will be blocked per policy. Don’t get confused, this link points to nowhere.
http://www.spamlink.contoso.com/
When you receive the email, right click the URL and select “properties” (open your Outlook Online in Internet Explorer). Note that the target URL address has changed and is wrapped in a safe link. Each time the user clicks on the link, Safe Links servers will verify if the URL is still safe and then allows or blocks access.
This works for both links in the mail below and also if you just copy the link address to your clipboard.
If the user still wants those 1.000.000$ (yeah, sure, right…) 🙂 and clicks the link, he / she gets a warning after clicking it. Microsoft is recommending to select “Do not allow users to click through to original URL” in the policy settings. In the picture below you can see, that it is possible to “Continue to this website”. This is the default setting.
If there is a requirement to allow certain users to click through to original URL, they can be added to exception in general policy and another policy can be created which will allow to click through.
Threat management dashboard
If you navigate on the left hand side under “Threat management” to the dashboard and you followed this guide, you should see some action there.
You can click into the statistics to gain more insights. I clicked on the “Sent and received email” tile. From there you can click again into the tiles you are most interested or check the detailed report on the top right.
If you go from the “Sent and received email report” to the tile “Spam Detection” and you click then the detailed report you find and overview of the senders and recipients.
Now lets move on to the currently most “hyped” and talked about topic.
GDPR / DSGVO
GDPR / DSGVO
This segment about GDPR / DSGVO is written together with Cian from Office365Ninjas. He really does an incredible job in sharing insights about Office 365. Follow him to stay up-to-date and to learn useful tips, tricks, lifehacks, best practices and news!
Microsoft is preparing Office 365 for the upcoming GDPR regulations. This is providing customers with new features and tools to help stay compliant and be able to respond to GDPR requests. Here we’ll introduce what the new GDPR dashboard provides along with some useful resources.
So, what is it all about? The new European privacy legislation is coming into effect May 25th 2018, called GDPR otherwise known as the General Data Protection Regulation or DSGVO in German (Datenschutz-Grundverordnung). These new regulations are far reaching and can affect any company or organization that holds, uses or processes data relating to European citizens. Misuse of data can be penalized with financial penalties in the worst of cases up to 4% annual global turnover. Nothing you are looking for, right?
Microsoft has recently integrated GDPR features directly into the Office 365 Security and Compliance Center. Now on the front page there is a new widget that will take you to the GDPR dashboard, which is also available from the left navigation > Data privacy > GDPR dashboard.
Open the GDPR dashboard and you will have several options available, that may vary depending on the features that are being used in the tenant. At the top of the dashboard the options will include:
- GDPR toolbox – Tools to help discover, govern, protect monitor personal data
- GDPR help center – Guidance on GDPR and features in Office 365 that can help with compliance
- Data subject requests – DSR cases allow customers to respond to requests when individuals ask for their personal data
- Active & closed cases from past 60 – Summary of recent active and closed cases
Additionally, insights or what Microsoft call smart reports will be shown to help you with your GDPR compliance goals. When features like DLP or classification have been implemented this will show how many DLP policy matches there have been, the top labels in use and so on. If Office 365 Threat Intelligence is in use, further insights will be shown.
SAR or Subject Access Requests are the right under GDPR for individuals to find out what data concerning them is being held by an organization. In the GDPR dashboard there is an option to create a data subject request (DSR) case that can help fulfill these SAR requests. This utilizes the same technology as the eDiscovery content search capabilities, to discover data that is being held about the data subject.
To start, click Create a DSR case from the GDPR dashboard.
Give the case a name and optionally a description (you hopefully know now, that descriptions are cool, right?)
Then for request details enter the data subject (the person in this case)
and then after creating the case click on “Show me search results” option.
Here you can refine the search query by adding conditions such as keywords, subject or sender. Notice the Participants condition is automatically filled in with the data subject name that was entered when creating the case. This should match emails where the data subject was in these fields: From, To, CC, and BCC.
It it also possible to select which Office 365 apps are searched by specifying locations. You may also want to further refine the results by searching for some common identifiers like email address, phone number or mailing address.
After the data has been refined, the results and personal data can be exported. Results are packaged into a PST file for emails or as document types.
Manage cases in the Security & Compliance Center from the left navigation > Data privacy > DSR cases.
Here all active and closed cases will be shown, where they can be opened and edited, as well as updating the search query. You can also create a new DSR case directly from here as well.
For a demonstration in more detail of these steps see the Microsoft Mechanics episode, where a DSR case is created to find information about an ex-employee. For advanced tips and guidance check the Office 365 Data Subject Request Guide.
Microsoft is helping Office 365 customers to comply with GDPR and the new GDPR dashboard is an important component. It not only provides insights on activities but also gives access to guidance and features that will help customers stay compliant.
This is it for the Security and Compliance Center Series Part 2.
Part 3 is already in the making and will contain the following topics:
- Content Search and eDiscovery Case Management
- Audit Logs and Alerting
- Office 365 Cloud App Security
- Multi-Factor Authentication
Follow me Twitter and Cian from Office 365 Ninjas to stay up-to-date and share this article to help us spread the news! Again, a big thanks to Cian for working with me together on this article.
If you want us to work more together, let us know via Twitter and share this article!