Risk: Got anything to worry about? You probably don’t need to be here if

Help me respond to this lawsuit Average number of active lawsuits for $1B+ companies: 147 $1M Average per case cost to find and cull evidence I’m regulated. Help me know and show we are doing the right thing Help me enforce internal policies Standards of Business Conduct, Confidentiality, Financial Integrity, Anti-Corruption… Subpoenas Regulations and Law Internal Policy

Bring the data home Ingestion Migrations from third party stores, more formats Go Big, Go Fast, Unify One Compliance Centre, Scale, Compliance Roadmap Built in (not bolt on) Compliance for Office In-Place Archiving Unified Experience Extensible Platform In-Place Immutability and in-place search, preservation, deletion Immutable Exchange Lync File shares Immutable SharePoint Bloomberg Immutable Exchange Lync 3rd Party Archives File Shares Immutable SharePoint Immutable Exchange Immutable SharePoint

How we plan to get there Build compliance into Exchange and SharePoint Index or Ingest to extend beyond these workloads Unify compliance experience and configuration across the suite Exchange SharePoint Others Traditional Archive eDiscovery and Compliance Bloomberg Immutable Exchange Lync 3rd Party Archives … Immutable SharePoint

AGENDA Risk, and how we can help Data Compliance Archive and Retention EDiscovery Data Flow and Data Access Compliance Data Loss Prevention Encryption Mobile Device Management Auditing and Reporting

Exchange In-Place Archive Outlook OWA Retain folder hierarchy Primary Immutable Deletions Inbox Purges Versions Audits Deleted Items … Archive Immutable Deletions “Inbox” Purges Versions Audits … User A ……

Exchange Deletion Policies SharePoint Document Deletion Policies

Exchange PreservationSharePoint Preservation

Exchange Preservation Architecture Mailbox Recoverable Items Deletions (1) Message delivered Deleted Items Inbox … (2) Message deleted by User (3) Message eliminated by User (4) Message purged by user Or Deleted Item Retention Period expires for that item Depending on Hold type, items are preserved or removed Mailbox Recoverable Items Deletions (1)Message delivered Deleted Items Inbox … (2) Message deleted by User (3) Message eliminated by User (4) Message purged by user Versions Purges Gone forever Versions Purges DiscoveryHolds Audits Delete Hold

Lync Preservation User A Mailbox Recoverable Items Deletions Deleted Items Inbox Versions Purges DiscoveryHolds Server side archiving All Lync modalities captured (PC, mobile, web, OWA) User A on hold Hold state synced Lync archives content into Exchange mailboxes when user is on Hold Includes instant messaging and meeting content

Ingestion Public Folder Hold Unified Preserve/Delete experiences And more… Future: Archiving

AGENDA Risk, and how we can help Data Compliance Archive and Retention EDiscovery Data Flow and Data Access Compliance Data Loss Prevention Encryption Mobile Device Management Auditing and Reporting

Identify and Preserve Search and Process ReviewProduce eDiscovery Overview 147 Average number of active lawsuits for $1B+ companies $1M A verage per case cost of eDiscovery

Today: Multi-Mailbox Search in EAC

Hold Capabilities Mailbox: John Doe Mailbox: Jane Doe Mail Items Query: SpaceX Conversations Query: SpaceX Site: SpaceX Site: Owner: John Doe Content: Query: SpaceX Attorney Discovery Center Hold: “SpaceX” Exchange 2013 Lync 2013 SharePoint 2013

Easy: download from SharePoint, Exchange, and file shares whether on premises or in Office 365 all at once EDRM XML Support: growing industry standard for data interchange, import into popular review tools Take it offline: Native files, PSTs, pages as.MHT, lists and feeds as.CSV Export Capabilities

Scale and Performance Search and Comply Future: Discovery FFO/EOP UCC – eDiscovery console Policy Store Policy WebService Policy cmdlet eDiscovery Results Sync Process Policy DAL eDiscovery cmdlets eDiscovery DAL Workload (Exchange) Backend Arbitration Mailbox (per tenant policy store) eDiscovery Results Store (per tenant) eDiscovery Results Service Policy Sync Service Backend 1 Backend N DAR Exchange Search Tasks 3 rd Party Data Sources … Federated Query Infra Workload (Sharepoint) Backend Policy Store (per tenant policy store) eDiscovery Results Store (per tenant) eDiscovery Results Service Policy Sync Service Backend 1 Backend N DAR SP Search Tasks Discovery Store (Aggregated result counts, metadata, case management etc)

AGENDA Risk, and how we can help Data Compliance Archive and Retention Ediscovery Data Flow and Data Access Compliance Data Loss Prevention Encryption Mobile Device Management Auditing and Reporting

Content analysis Get Content Regex Analysis Function Analysis Additional Evidence Verdict Policy Tips Outlook and OWA Document Fingerprinting Protect intellectual property like patents, company confidential information, and other standardized form content

CountryPIIFinancialHealth France EU data protection, Data Protection Act, National Id (INSEE), Drivers License, Passport EU Credit, Debit Card, IBAN, BIC, VAT, Swift Code US HIPPA, UK Health Service, Canada Health Insurance card Germany EU data protection, Drivers License, Passport National Id EU Credit, Debit Card, IBAN, VAT, BIC, Swift Code UK Data Protection Act, UK National Insurance, Tax Id, UK Driver License, Passport EU Credit, Debit Card, IBAN, BIC, VAT, Swift Code Canada PIPED Act, Social Insurance, Drivers License Credit Card, Swift Code US US State Security Breach Laws, US State Social Security Laws, COPPA GLBA & PCI-DSS (Credit, Debit Card, Checking and Savings, ABA, Swift Code) Japan PIPA, Resident Registration, Social Insurance, Passport, Driving License Credit Card, Bank Account, Swift Code Australia Drivers License, Passport, Social InsuranceCredit Card, Bank Account, Swift Code Beyond Regulations and Law: Prevent inappropriate content from entering or leaving Limit the interaction between specific recipients and senders (ethical firewall, school bully). Apply disclaimers to messages as they leave

OME IRM (RMS) Prevents sensitive information from being printed, forwarded, or copied by unauthorized people inside the organization S/MIME Sign and encrypt messages to users using certificates Encrypt messages to any SMTP address

Exchange Online Policy detection and Enforcement Tenant configuration O365 UserInternet User Send Microsoft account/Organization Account Mail Reading Portal Deliver Post

Microsoft Intune Built-In Device Management Conditional Access Selective Wipe Built-In Microsoft Intune LoB app User-centric approach

Before mobile devices can access Office 365 data, they must be enrolled and healthy. 1. A user downloads the public OneDrive app on a personal iPad 2. The user is shown a page that directs them to enroll the iPad 3. The user steps through the enrollment process 4. The OneDrive app is now MDM enabled 5. The user is able to access their OneDrive data Built-In Q1 2014

Office 365 Users on their devices Azure AD Report device compliance Enroll device, evaluate & enforce compliance with device management policies Microsoft Intune IT Admin

Device Polices Control what mobile devices can connect to Office 365 Data Set device configuration policies such as pin lock Enforce data encryption on devices Admin Controls Built-In management in console and PowerShell Configure device policies by groups Product level granular control Block non-compliant devices, or just report Device Reporting Device compliance reports Mobile usage and trends in our organization API support Built-In Q1 2014

Exchange Auditing SharePoint Auditing

Unified Logs, Unified XP Always On Auditing Better Together: Search, DLP, MDM FFO/EOP UCC – Auditing console Policy Store Policy WebService Policy cmdlet Policy DAL Workload (SharePoint) Backend Policy Store (per tenant policy store) Policy Sync Service Content FE SP Content Front End Node Audit Storage (EXO) Audit Long Term Storage FFO/EOP UCC – Auditing console Reporting cmdlets Reporting UX Reporting Web Service Content BE SQL Workload (Exchange) Backend Arbitration Mailbox (per tenant policy store) Local Queue, Uploader (per BE server) Policy Sync Service Backend 1 Backend N Exchange Auditing Hook Audit Upload Web Service Local Queue, Uploader (per BE server) Future: Auditing

sharepoint activity individual reports archiving reports devices data loss prevention eDiscovery retention Compliance admin center Jul 7: 9:45 pm Jul 7: 2:35 pm Jul 7: 1:00 pm Jul 7: 10:00 am Jul 7: 9:30 am Jul 7: 9:00 am Jul 6: 10:45 am Jul 6: 2:45 pm Jul 6: 9:45 pm Jul 5: 9:45 pm Jul 5: 2:35 pm Jul 5: 1:00 pm Jul 4: 10:00 am Jul 4: 9:30 am Viewed Deleted Viewed Created Shared Updated Shared Viewed Shared Viewed Deleted Viewed Created Shared ACTIONDATE HR.xlsx ssn.doc foo.doc apple.xls bar.list X.doc ssn.doc x.doc HR.xlsx ssn.doc foo.doc apple.xls FILE Bob Kirsten George Washington Howard Gonzales Isabel Monty Jay Hammer Laura Post Matej Peter Bob Kirsten George Washington Howard Gonzales Isabel Monty USER User or group nameFile name Event All search From date 2014/07/01 11:00 AM To date 2014/07/07 10:00 PM Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. activity log search Export results users Bob Kirsten 2 users Laura Post TARGET

sharepoint activity individual reports archiving reports devices data loss prevention eDiscovery retention Compliance admin center Date: Jul 6: 10:45 am User: Laura Post Action: Shared Service: SharePoint Entity: X.doc and others External Access: Yes Classification: HBI User Type: User Modified Property: N/A Details: N/A Laura shared X.doc and 19 other docs with an external user Jul 7: 9:45 pm Jul 7: 2:35 pm Jul 7: 1:00 pm Jul 7: 10:00 am Jul 7: 9:30 am Jul 7: 9:00 am Jul 6: 10:45 am Jul 6: 2:45 pm Jul 6: 9:45 pm Jul 5: 9:45 pm Jul 5: 2:35 pm Jul 5: 1:00 pm Jul 4: 10:00 am Jul 4: 9:30 am Viewed Deleted Viewed Created Shared Updated Shared Viewed Shared Viewed Deleted Viewed Created Shared ACTIONDATE HR.xlsx ssn.doc foo.doc apple.xls bar.list X.doc ssn.doc x.doc HR.xlsx ssn.doc foo.doc apple.xls FILE Bob Kirsten George Washington Howard Gonzales Isabel Monty Jay Hammer Laura Post Matej Peter Bob Kirsten George Washington Howard Gonzales Isabel Monty USER User or group nameFile name Event All search From date 2014/07/01 11:00 AM To date 2014/07/07 10:00 PM Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. activity log search Export results users Bob Kirsten 2 users Laura Post TARGET

In the Cloud? Compliance is easy HIPAA Business Associate Agreement (HIPAA BAA) FISMA authority to operate (ATO) from a federal agency FERPA use and disclosure restrictions related to student data EU model clause addressing international transfers of data CJIS Security Policy 5.2 requirements met for CA and TX law enforcement DPA (Data Processing Agreement) to address the privacy, security, and handling of customer data Supporting Customer Compliance ISO 27001: First major business productivity public cloud service to have implemented ISO mgmt. controls SAS 70 Type I and Type II attestation O365 Accreditations Protecting Against Government Snooping: snooping.aspx Transparency Advocacy: DC Ops Auditing Numbers of govt requests for data government-requests-for-customer-data.aspx Law enforcement requests report: us/reporting/transparency/ Transparency and Government Snooping “We are committed to notifying business and government customers if we receive legal orders related to their data. Where a gag order attempts to prohibit us from doing this, we challenge it in court. “

SAMPLE