External Sharing and Advanced Information Protection in Office 365

Sharing information outside your organisation is an everyday part of doing business. We look at how Office 365 makes external sharing as safe and secure as possible.

It might seem counterintuitive, but instant sharing has made it easier than ever to protect your most sensitive business data.

In the bad old days of sharing documents via USB sticks, burned CD-Rs, and casually-forwarded attachments, data security was virtually non-existent. Beyond sticking a password on your document, you had very few measures to protect it; once data was free of your organisation, it was out of your control. And in the case of staff sharing sensitive material unintentionally – or, worse, maliciously – you were on your own.

Data Loss Prevention

The cloud has changed that for the better. Data Loss Prevention (DLP) systems – such as the one built into enterprise versions of Office 365 – automatically identify and protect sensitive data, such as credit card details, National Insurance numbers and passport information. Try to share something sensitive, and, depending on policy, you’ll receive a gentle reminder, be stopped in your tracks, or even have the attempt silently logged and flagged up to an administrator.

Data loss prevention in Office 365 automatically identifies and protects sensitive data, such as credit card details, National Insurance numbers and passport information. Try to share something sensitive, and – depending on the policies in-place – you’ll receive a gentle reminder, be stopped in your tracks, or even have the attempt silently logged and flagged up to an administrator.

Advanced Information Protection

Until recently, advanced DLP was the best-available protection for your most sensitive data that Office 365 had to offer. Now, with the introduction of Azure Information Protection (AIP), Microsoft is taking things a step further.
Where DLP introduced the ability to automatically identify and protect sensitive information, AIP now classifies, labels and protects documents all at once. You can set classifications from within a document – for example, from a toolbar in Word. This lets you instantaneously apply policies by setting a document’s classification to Internal, Confidential, Secret, or even secret to a particular department, such as Finance.

Classification and Protection

Classification can also be done automatically: Office 365 DLP detects more than 80 types of sensitive data, such as credit card, National Insurance and driver’s license numbers, bank account details and passport information.

If you try to save a file containing any sensitive data, Office 365 will spot it and take action. Depending on your organisational policies and user permissions, it will either recommend setting a higher classification level (and let you override it), or automatically apply classification and protection.

Monitoring external sharing

Sensitive data is marked for protection, and actively monitored by the system. When a user tries to send protected content outside of the organisation, Office will block the email from being sent, and send them message explaining what happened.

If you choose to share a sensitive document with specific external recipients, Office 365 will monitor who’s opened it, and present the results to you in email, and on a live map. This means you can quickly spot how far the document is spreading, and you can immediately revoke access if anything untoward happens.

CompanyNet are experts in Office 365. We are a Microsoft Gold Partner in Cloud Productivity, and are working with companies like Scottish Water and Tesco Bank to implement transformative cloud solutions.

Share this page

Leave a comment