Security and Compliance in SharePoint, OneDrive, and Microsoft Teams
With the majority of the world working in various combinations of on-site and/or remotely due to the COVID-19 pandemic, cyberattacks have, unfortunately, become more common and more successful because of the quick pivoting businesses had to do in order to change from being the traditional onsite workforce to the new hybrid-style of workforce that combines both onsite and remote workers. Businesses are targeted as breaches of privacy and security, as their workforce use their own devices and points of access into their business’s systems. In response, Microsoft has worked with customers and partners to innovate and design a unique and comprehensive approach to cybersecurity, compliance, and privacy.
Secure External Collaboration
Control SharePoint External Sharing Policies with Sensitivity Labels: Leveling up on the Microsoft Information Protection (MIP) sensitivity labels for a SharePoint Site or a Team, Administrators can now tailor external sharing policies. These policies are based on the sensitivity of the data and include labels like “Top Secret” that blocks external sharing and a “General” label that allows external sharing. By choosing the appropriate security level label, site owners will have the ability to manage how their sites handle external sharing of data.
Access Governance Insights in SharePoint and OneDrive: As many businesses have pivoted to become more digital with their remote staff, a natural result has been the exponential growth of the external sharing of data, especially data that is sensitive. As the footprint of the digital estate grows, so does the need for ease of governance. Microsoft, in its roadmap announced at the 2020 Ignite, began planning to address this issue. This year, it was announced that a governance insights dashboard, located in the SharePoint Admin Center and accessible by Admins, will provide insights including policy settings and external sharing activities for the most important sites. What are the most important sites? These include sites that use anyone links for content sharing, sites that have the most sensitive data including the volume of data, top sites, have access policies appropriate to the business’ security policies, and sites that require tailored policies. This insights dashboard will all Admins to easily monitor these activities and modify the policies as needed to ensure the security of the externally shared data.
Microsoft Teams Connect and Secure Files Collaboration: Microsoft Teams has become one of the major methods for remote and onsite staff to collaborate. Microsoft Teams files collaboration is powered by SharePoint, so it is of no surprise that there are announcements today of enhancements to Microsoft Teams. One of these focuses on external collaboration and sharing of data, especially that of sensitive data. Microsoft Teams Connect addresses this issue by granting Admins access to granular control. By doing so, Admins retain control over how information and data are accessed by external users within Teams. Microsoft Teams Connect provides the ability to share, collaborate, and access information with people, whether they are across organizations or within their own.
Co-Authoring and AutoSave on Microsoft Information Protection (MIP) Labelled and Encrypted Files: In 2020, this capability was made available for Microsoft 365 apps on the web, including Word, PowerPoint, and Excel. This has now been extended to Microsoft 365 apps on the desktop for both Windows and Mac. With co-authoring, two or more users will have the ability to co-author on an encrypted file that automatically saves, ensuring it is intact. Labeled and encrypted files will also have autosave capabilities so that co-authors can focus on their work without worrying about constantly saving the file to prevent lost data.
Securing Access with Contextual and Conditional Policies
Implemented for many years now, labels-based policies for SharePoint, OneDrive, and Teams are being taken another step forward in response to the security of sensitive data and external users. Securing sensitive sites with labels-based granular conditional access (CA) policies will provide Admins the ability to secure sensitive sites and provide users with the ability to assign appropriate labels to their sensitive sites.
By adding another layer of security, passwordless technology has become the standard for authenticating users and for providing access to resources. Passwordless technology can be applied to sensitive sites. For these sites, access for a user can be assigned based on the sensitivity of the site and the authentication context of the site. For example, a multi-factor authentication (MFA) can be enforced for a site labeled “Confidential” if the user’s context does not meet the requirement of the site. These conditional access authentication contexts can now be created by Admins in the Azure Active Directory and can be tailored to their organization’s security posture. Additionally, these can then be associated with MIP sensitivity labels. Note that when a sensitivity label is assigned to a site, the associate policies are automatically enforced.
As a User, the complexity of the security policies is now transparent. A User can now assign, to their sensitive sites, the appropriate labels while granular contextual and conditional policies are enforced in the background. Users can be productive without interruptions unless they are accessing a sensitive site that requires MFA.
Information Barriers Improvements in SharePoint and OneDrive: Implemented in 2020, Information Barriers provided Admins the ability to place a barrier that blocks collaboration and communication between segments of users. This will now be extended across to Administrators and Site Owners.
From within the SharePoint Admin centre, Administrators can manage segments of information associated with the sites. With the information barriers compliance report, Administrators can view the compliance status of sites by implementing SharePoint admin PowerShell cmdlets.
From within the Site Information pane, SharePoint Site Owners are now able to add to their sites explicit segments.
Of note, information barrier policies in Microsoft 365 are honoured across Microsoft 365 Groups experience at groups’ members’ addition experience.
Teams Multi-Geo Support: Microsoft 365 Multi-Geo addresses and assists customers meet their data residency needs as not all countries have the same policies for data storage and use. Already supporting multi-geo are Exchange, SharePoint, and OneDrive, and this support has now been extended into Teams as Teams Multi-Geo.
These are just a few of the measures that Microsoft has taken as proactive steps towards keeping externally shared, sensitive, and confidential data secure between internal and external users, within their organizations and external organizations. With the majority of the world working remotely during this pandemic, it has forced organizations to rethink how technology can be leveraged to continue the productivity of their workforce. As always, Microsoft has been forward-thinking and proactive since its inception, and the response has been in place for years. Instead of responding, Microsoft is enhancing and adding to its repertoire of defences, staying ahead as the leader in collaboration and data security.