Microsoft Ignite October 2022: Part 2: Security and Compliance Across SharePoint, OneDrive, and Teams

In continuation from our first article, Part 1: Security and Compliance Across SharePoint, OneDrive, and Teams, we will continue to examine the announcements from Ignite 2022 of how Microsoft is offering new measures of cybersecurity as it resolves to meet the high Zero Trust standard of cybersecurity. Cybersecurity has been highlighted with the hybrid work environment with many organizations being prey to hackers, and in some situations, being held hostage to pay fines and ransoms. These situations can cause severe loss of income to the bankruptcy of an organization.

Not to be taken lightly, Microsoft has introduced six new security and management capabilities to help counter these cyberattacks. As announced at Ignite 2022, these counter measures include:

  1. Advanced access policies for secure collaboration
  2. Security controls to safeguard content
  3. Comprehensive compliance
  4. Migration enhancement
  5. Advanced sites lifecycle management
  6. Organization lifecycle management.

In our previous article, we examined Advanced Assess Policies for Secure Collaboration, and in this article, we will review the remaining new announcements for security and management.

Security Controls to Safeguard Content

User-Defined Permissions (UDP) Support for Office Files in SharePoint, OneDrive, and Teams: Private Preview

Expanding and innovating with Sensitivity Labels, User Defined Permissions, Office files will be protected with labels containing User Defined Permissions (UDP). Admins will be able to apply sensitivity labels that are associated with admin-defined permissions, such as who can view and co-author files in SharePoint, OneDrive, and Teams.

Protected PDFs Support in SharePoint, OneDrive, and Teams: Private Preview

By bringing the security controls that power Office files to protected PDF files, sensitivity labels can now be viewed in the Document Library’s sensitivity column when labeled and encrypted PDF files are uploaded to SharePoint, OneDrive, and Teams.  Compliance and security admins, by using their established DLP or eDiscovery policies, can govern these protected PDFs.

Default Sensitivity Labels for SharePoint Document Libraries: Public View

The default sensitivity label for SharePoint Document Libraries can be set through the Library Settings in the information panel. Once the appropriate sensitivity label has been assigned, all documents in that library will be labeled automatically. These documents can be newly created ones or ones that are being modified. The concept of labeling with rich sensitivity labels that have been applied with Office files, SharePoint Sites, Teams, and Microsoft 365 groups can now be applied to new and uploaded documents in SharePoint Document Libraries.

Programmatic Way to Assign Sensitivity Label to a File in SharePoint, OneDrive, and Teams: Private Preview

A premium capability, a programmatic endpoint in the Microsoft Graph Beta will allow users and applications to allow the labeling of files.

Anti-Malware Scan on File Download: General Availability

Advancing towards Zero Trust, the third layer of protection is added in addition to the asynchronous antimalware scanning in SharePoint and OneDrive with anti-malware scanning during downloading of unscanned files through the browser or in Teams.

Forensic Malware Identification and Extraction: General Availability

Through the use of the simple SharePoint PowerShell cmdlet, administrators will not need to elevate their access to the SharePoint or OneDrive site where malware and infected content is present. They will be able to determine what type of malware is present in a file that is marked infected and extracts the infected file from the site in order to perform further analysis, circumventing the existing challenge of how to gain access to infected files without needing to gain access to all the files in the source site.

Comprehensive Compliance

Information Barriers (IB) 2.0: IB Modes and Multi-Segment Support: General Availability

The needs of users can be tailored with the capability provided through the Information Barriers (IB) modes while maintaining corporate information barriers. With five IB modes (Owner-moderated, Open, Explicit, Implicit, and Mixed), there is flexibility and customizability to support site/team owners to bring in incompatible segments users to the site/team to participate in multiple regulatory projects to successfully complete projects while meeting mandatory regulatory needs.

Migration Enhancements

Migration Manager

With Migration Manager, Bulk download reports, Migration filters, and Estimated time to migrate are new features added to simplify the migration of content from file shares, Dropbox, Google Drive, Egnyte, and Box.

Bulk-Download Detailed Reports

When performing cloud migrations, gone is the time-intensive download of detailed reports that are chosen one by one. Instead, this can now be done with one click by selecting tasks in the scans and migrations tab.

Migration Filters

Content can be curated in M365 by filtering the files and folders containing invalid characters, excluding by folder names and file extensions, and by date of creation and modification. There is an option to replace invalid characters with valid characters.

Estimated Time to Migrate

An estimate of time to complete the migration project and the task level is provided based on scans, file sizes, and other factors.

SharePoint Migration Tool (SPMT) Improvements

Scanning and migration from On-prem Server are streamlined within one tool while the navigation page flow is intuitive for managing migration jobs and creating migration-by scenarios.

Advanced Sites Lifecycle Management

SharePoint Data Access Governance (DAG) Insights V1: General Availability

The lifecycle of a site starts at the time of its creation and evolves to the active state when content and collaboration occur with users. During this active state is when oversharing or accidental sharing occurs. With DAG, administrators can discover the top 100 and the top 10,000 sites of millions of sites that an organization may have and that requires the closest monitoring/validating/tailoring for share and access policies for these sites.

Sites Lifecycle Policies – Inactive Sites: Preview

With Sites Lifecyle Policies, administrators can create tailored inactive site policies that target specific SharePoint sites, Teams created sites, Public labeled sites, or sites with information segment of Research. These policies will trigger an alert to the respective site owner, providing them the option to delete, keep or exercise other actions on these inactive sites.

Site History and Recent Admin Actions: Preview

The Site History capability in the SharePoint Admin centre addresses the inability of SharePoint admins to troubleshoot inaccessible team sites, know the lifecycle state of a site, manage the lifecycle, and know the activities carried out by site owners. The Site History will provide a history of all changes made to site properties by all site owners and admins in the admin actions panel and will show the latest site changes such as site URL, site name, storage limit, and share settings. Admins will also be able to export 30 days of changes.

Organization Lifecyle Management

SharePoint Tenant Rename: General Availability

For tenants with less than 10k sites, SharePoint Tenant Rename allows SharePoint admins to rename the tenant’s SharePoint URL should the organization need to rebrand due to a merge or expansion across satellite locations.

OneDrive Cross-Tenant User Data Migration: General Availability

With OneDrive Cross-Tenant User Data Migration, admins can move users’ OneDrive and mailboxes across two tenants by implementing a simple set of SharePoint PowerShell cmdlets. Sharing links to old URLs will continue to work even though the URL of OneDrive has changed. Why would admins need to migrate users across two tenants? Situations arise when companies expand through mergers and acquisitions, which are part of an organization’s lifecycle. When mergers and acquisitions occur with a common footprint in Microsoft 365, OneDrive Cross-Tenant User Data Migration makes easy work of moving users from one tenant to the next while retaining content integrity and security.

Microsoft Ignite 2022 has had some exciting announcements, including its stance on Zero Trust concerning cybersecurity and the many ways it is addressing and proactively implementing to achieve this standard. From sensitivity labels to access policies, from site lifecycle management to secured migration tools, Microsoft is providing organizations, admins, and their users several layers, methodologies, and processes to retain control of content at the organization, admins, and user levels. Cybersecurity with Zero Trust is the new standard and Microsoft is working adamantly towards this high bar of security.