June 17, 2020
Data Governance Tools and Threat Intelligence for Microsoft Office 365
When a company grows, the amount of stored data increases. Some of this data is regularly used, edited and updated, but other parts of it are rarely used. Unused data occupying storage space leads to higher storage costs, especially for cloud storage. In addition, shared files and folders that are located on shared storage can constitute a threat for the security and data integrity of the entire company. If one of the files located on shared storage is infected with malware, this file can infect the machines of other users when they access it.
When it comes to Microsoft Office 365, OneDrive and SharePoint are two such services used for storing data and collaboration. A system administrator can spend a lot of time checking which data is useful and which data is useless in the Office 365 cloud environment of an organization. Microsoft usually improves and updates Office 365 and provides data governance tools and threat intelligence to audit servers and other hardware and prevent security threats. This post covers data governance tools for Office 365 and explains how threat intelligence can be used.
What Is Data Governance?
If a user has left the company, a system administrator can keep storing this user’s data or they can delete it. The decision depends on the value of the data. Important data should be stored until it is copied to another location (another user account or storage unit) while useless data should be deleted as soon as possible to clean the storage space and reduce costs payed for cloud storage. Whether the data was intentionally or unintentionally deleted, it is important to be able to restore it when you need it. Data governance tools for Office 365 allow system administrators to set retention policies and define how long data can be preserved and recovered. Then administrators can see recommendations on which data can be safely deleted and which should be preserved and archived.
Retention labels are used to classify data in your organization and to apply the correct rules to the labeled data. For example, data with tax labels should be retained for a specified time and press materials should be deleted when they reach the set age. Labels can be added by users manually and automatically. By assigning retention labels automatically, you avoid having to train users on how to do it. A retention policy is created after publishing retention labels for the purpose of organizing a set of retention labels and defining in which locations those labels should be published.
What Is Microsoft Threat Intelligence?
Threat Intelligence is a special feature in Office 365 aimed at protecting your Office 365 environment, users and data against hackers and blocking malware. Microsoft Office 365 Threat Intelligence tools can generate data that simulates the behavior of malware and can use a machine learning system to detect that malware and react by using real-time tools, including alerts, isolation methods, handling suspicious content, and so on. Office 365 Threat Intelligence can work with Microsoft Security Graph and Advanced Threat Protection, which provides a graphical user interface to display information in dashboards. Administrators can see warnings and detect unusual activity in time thanks to Threat Intelligence real-time analysis. Inappropriate activity can be a logon from a suspicious location, mass file deletion, a logon of a user who has been inactive for a long time but has not been deleted, and so on.
A management API can be used to integrate Office 365 Threat Intelligence with Security Information and Event Management (SIEM) solutions. Microsoft Security Graph analyzes a huge amount of data from all Microsoft data centers across the globe and provides information about malware families by detecting a piece of code. Threat Intelligence can be seamlessly integrated with Exchange Online Protection and other Office 365 features.
Office 365 Editions Supporting Data Governance
Users usually ask: Does Office 365 E3 include advanced threat protection and data governance tools? Given that not all Office 365 editions support data governance tools, I will provide a detailed answer to this question below.
Data governance tools are available for the following Office 365 editions (subscription plans):
- Office 365 Business Essentials
- Office 365 Business Premium
- All levels of Office 365 Enterprise packages
- Exchange Online Plans 1, 2 and Kiosk
- SharePoint Online Plans 1 and 2
- Skype for Business Online Plans 1 and 2
As you see, data governance tools are included in Office 365 E3 and E5 licenses.
Data Governance Tools and GDPR
You can configure Office 365 data governance tools in accordance with General Data Protection Regulation (GDPR) requirements. In brief, the GDPR is a regulation in EU Law that regulates the processing by companies of personal data of individuals residing in the European Economic Area regardless of the location of the company and citizenship of the data owner (sharing a user’s data without user’s permission is forbidden). Microsoft helps businesses meet these compliance requirements and allows administrators to select the location of a datacenter, create data loss prevention policies, configure Advanced Data Governance (introduced when GDPR was announced), use encryption keys to control user access to Office 365, monitor data with Microsoft Audit, and so on. Moreover, Office 365 provides a migration system that can filter data, separate EU users and non-EU users, and migrate only the allowed data to OneDrive, SharePoint Online, Exchange Online and other Office 365 cloud services.
The Strategy for Implementing Data Governance
The implementation of data governance with Office 365 Data Governance tools in an organization can be complicated if it is your first time doing it. It is recommended to define the data governance strategy for SharePoint, Exchange, OneDrive and other Office 365 services used in an organization before moving to practical implementation. Use the following list of recommendations to enable data governance in your company:
- Analyze the current situation in your company and the condition of data management.
- Define objectives for implementing data governance.
- Explain to all workers the reasons and objectives of implementing data governance for Office 365 in your company.
- Develop policies that must be configured with data governance tools and draft the roadmap.
- Implement data governance based on your strategy.
- Monitor and check that everything is configured properly. Fine-tune by using data governance tools on demand.
Specify policies on a tenant level for all departments and define policies on a department level for specific departments.
Define the retention policies to set how long data must be stored from file creation or last modification before being deleted or archived. These policies can be applied to libraries where the important files are stored, to specific content by using keywords or to the entire site (SharePoint site). Retention polies can be applied to new content that is created and to content that already exists.
If multiple retention policies with different retention periods are applied to the content, the policy with the longest retention period has the highest priority. Policies can be implicit (are applied to all accounts and location at the site level) and explicit (are applied to specific content for a specified location or account). Explicit policies have a higher priority than implicit ones.
Configuring Data Governance in Office 365
When you have planned the implementation of data governance for Office 365 in your company, you can move to the practical part and configure data governance tools in the Microsoft 365 admin center.
Open a web browser and go to https://protection.office.com/homepage to open the Office 365 Security & Compliance admin center. You must log in as administrator.
In the left pane of the Office 365 Security & Compliance page, click Information governance to expand the submenu. Then click Dashboard to see the main dashboard with statistics and management options. On the screenshot below, you can see that when you open the dashboard for the first time, some statistical data is displayed, but most settings should be configured to display more data. The main buttons on this page are:
- Create a policy
- Create a label
- Publish labels
- Open information governance toolbox
Click Open information governance toolbox to prepare, govern and monitor data for Office 365 in your organization.
A new window opens. In the Prepare section, you can see options to import data from local servers to an Office 365 cloud environment and enable archive mailboxes to provide additional email storage. In the Govern section, there are three main options: Create a label, Publish labels, Auto-apply labels.
Creating a label
Let’s create a label to classify and retain users’ content by clicking the appropriate link in the web interface of the current page.
Now you are on the Home > Retention labels page and the Labels tab is open. There are no labels by default. Click Create a label to create a new one. You can also open the Label policies tab to publish one or more labels for Office 365 apps used by users in your organization.
A wizard that contains four steps open.
Name your label. Enter a name, a description for admins that is displayed to admins who manage this label, and a description for users that may be helpful for users when they hover over the label in their apps. Click Next to continue.
File plan descriptors. These descriptors are used to define conditions. Based on these conditions, labels will be automatically applied to the appropriate content.
Reference Id – a file plan descriptor reference Id;
Business function/department - select a business function department from the drop-down list or create a new one;
Category – select a category inside your department;
Subcategory - select a category for your department (optional);
Authority type – select Business, Legal Regulatory or create a new one;
Provision/citation – select the needed citation from the list or create a new one.
Label settings. Turn on the toggle to enable retention.
Select how long this label is applied to content (how long to retain the content) and what to do after this time has passed.
Select the Use label to classify content as a record checkbox if you don’t want users to be able to edit/delete content or change/remove the label.
Review your settings. Check your settings for the new label. If everything is correct, click Create this label.
Now the label is created. You can see retention labels in the Classification > Retention labels section of the Office 365 Security & Compliance admin center.
Creating a policy
Let’s explore how to create a new retention policy. In the Dashboard of the Information governance section, click Create a policy.
A new wizard opens.
Name your policy. Enter a name and description for your retention policy and click Next to continue.
Settings. Configure the retention settings for content. If you want to retain content, select how long the content must be retained and the related settings. You can also use advanced retention settings.
Choose locations. Select locations of Office 365 services such as Exchange email, SharePoint sites, OneDrive accounts, and so on, for which the policy must be applied. Select options to include or exclude for the selected locations for which Status is enabled.
Review your settings. Check the configuration of your policy. If everything is OK, click Create this policy. It can take up to one day for the retention policy to be applied.
You can see your retention policies in the Information governance > Retention section.
In the Archive section, you can see a list of mailboxes and the status of archiving options.
As for Office 365 Threat Intelligence options, you can find them in the Threat Management section of the Office 365 Security & Compliance admin center. You can view the dashboard, edit submissions, review reports, and configure policies.
Data governance tools for Office 365 may be useful if your company works with large amounts of data and has a high number of users. Data governance can help you to monitor the data structure, optimize storage usage, and make your environment cost-effective. Office 365 Threat Intelligence can help you protect your data by detecting threats and neutralizing them in time. Using Data Governance tools and Threat Intelligence for Office 365 can help you completely control your Office 365 environment, mitigate risks of data loss, improve anti-malware protection and security. However, if you want to have the best level of data protection, don’t forget about Office 365 data backup. Performing regular backups helps you protect your data, provides advanced data recovery options, including granular recovery, and allows you to reduce recovery time.