Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sharing and access policies for SharePoint and OneDrive

Published byBlaze Harrington Modified over 6 years ago

Similar presentations

Presentation on theme: "Sharing and access policies for SharePoint and OneDrive"— Presentation transcript:

1 Sharing and access policies for SharePoint and OneDrive
7/4/2018 3:42 AM BRK3237 Sharing and access policies for SharePoint and OneDrive Kavita Kamani Principal PM Manager SharePoint & OneDrive © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Agenda Our approach Controls we give you and the role you play Roadmap
7/4/2018 3:42 AM Agenda Our approach Controls we give you and the role you play Roadmap Q&A © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 4.2 140+ 50% 45% 87% billion records compromised in the last year
7/4/2018 3:42 AM 4.2 billion records compromised in the last year 140+ days between infiltration and detection 50% Year-over-year growth in electronic data of organizations lack data governance, leaving them open to litigation and data security risks 45% 87% of senior managers admit to using personal accounts for work © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Our security, compliance, and admin promises
7/4/2018 3:42 AM Our security, compliance, and admin promises Industry leading protection for your information Manage easier with intuitive and advanced controls Be in-the-know with insights and intelligence Keep up-to-date with evolving compliance © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Manage easier with intuitive and advanced controls
7/4/2018 3:42 AM Manage easier with intuitive and advanced controls © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 Finding a balance Concerns Solution Needs IT Admin End-Users Usability
Security Concerns Productivity Control Discover and Express Understand Pilot Solution Needs Remediate Audit and Analyze Give Feedback

7 One size doesn’t fit all
Conditional Access Different Scopes Device Location User App Tenant Site File Access and Sharing Policies

8 7/4/2018 3:42 AM Securing Access © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Securing access based on device
7/4/2018 3:42 AM Securing access based on device Block all access on unmanaged devices (AAD CA) Limited browser only access on unmanaged devices, blocking download, print and sync Shorter browser sessions on public devices © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Limited browser-only access on unmanaged devices
7/4/2018 3:42 AM Limited browser-only access on unmanaged devices Available CY17 Prevents leakage of data on unmanaged devices Allows users to be productive on any device Limited Browser only access, no download, print, sync Scopes: Tenant and site Specific users Controls: Edit vs. View Download non-previewable files © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Limited Browser Access
7/4/2018 3:42 AM Limited Browser Access Demo: Single click policy application at tenant level Ability to Edit Scoping policy to sensitive sites © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 Shorter Sessions on Shared Devices
7/4/2018 3:42 AM Shorter Sessions on Shared Devices Available CY17 Secures access from shared devices by signing out idle sessions Allows users to be productive on public devices Configurable session lengths (Keep me signed in = false) Scopes: Tenant Controls: Warn After Sign Out After © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Idle Session Sign Out Demo: Idle session sign out on non KMSI sessions
7/4/2018 3:42 AM Idle Session Sign Out Demo: Idle session sign out on non KMSI sessions © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Securing access based on location
7/4/2018 3:42 AM Securing access based on location Block sign in from untrusted locations (AAD CA) Block access from untrusted locations © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Blocking access from untrusted locations
7/4/2018 3:42 AM Blocking access from untrusted locations In Production Secures access from only trusted IPs or via VPN Unblocks move to the cloud for FinServ customers Client IP validated against whitelist at access time Scopes: Tenant Controls: Allowed IP ranges © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Blocking access from untrusted locations
7/4/2018 3:42 AM Blocking access from untrusted locations © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 Securing access from mobile apps
7/4/2018 3:42 AM Securing access from mobile apps In Production Secures corporate data via managed mobile apps Users can bring their own mobile devices Integration with InTune MAM or 3rd party EMMs Scopes: Tenant Specific users Controls: Block download, print, control copy/paste, require PIN, encrypt app data © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 Securing access with MAM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 Securing access based on users
7/4/2018 3:42 AM Securing access based on users In Production Secures more sensitive user groups (senior leadership, guests etc) differently from the rest of the organization Scope AAD CA policies to specific users or groups Scopes: Users Security groups Controls: Require MFA Enforce strong passwords Revoke suspicious user sessions © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 Best Practices: Access Policies
7/4/2018 3:42 AM Best Practices: Access Policies Balance security and usability with the right access policies Reserve the most restrictive access policies to at-risk users and sensitive sites Users expect fluidity, let your users be productive on unmanaged devices Prevent data leakage with browser-only access and block download, print, sync Reduce risk by giving shorter sessions on kiosks Secure apps on BYOD mobile devices to protect corporate data © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 Limiting Overexposure via Sharing Controls
7/4/2018 3:42 AM Limiting Overexposure via Sharing Controls © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 Managing External Sharing
7/4/2018 3:42 AM Managing External Sharing You have a lot of control over sharers in your organization WHO can share, WHO they can share to, TYPES OF LINKS they can share, over recipients outside of your organization HOW they prove themselves, WHAT they can do (view/edit/re-share) HOW long they have access over WHAT content is shared Specific sites Non-sensitive files Your users will figure out a way to share anyway © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 Control over sharers in your organization
7/4/2018 3:42 AM Control over sharers in your organization In Production WHO can share WHO can they share to These affect the end-user Sharing dialog elements © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 Control over recipients
7/4/2018 3:42 AM Control over recipients In Production What external recipients can do Link properties © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25 Control over sensitive content
7/4/2018 3:42 AM Control over sensitive content In Production Protect sensitive sites by setting policies at the site level Protect sensitive files with DLP – out of box sensitive types or custom sensitive types, with end-user policy tips + override © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 Sharing admin UX getting a face lift
7/4/2018 3:42 AM Sharing admin UX getting a face lift In Preview © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 End-user sharing experience
7/4/2018 3:42 AM End-user sharing experience In Production ANYONE Easiest way to share files with anyone on the planet Recipient has access if they have the link Recipients decides who else gets access PEOPLE in my COMPANY Easiest way to share files within the company Recipient has access if they have the link AND are in the company Recipient decides who else in my company has access PEOPLE with EXISTING ACCESS Direct pointer, does not add permissions Recipients who already have access via membership, or explicit permission have access Recipient cannot decide who else to share to SPECIFIC PEOPLE Sharer decides which specific people inside and outside have access Only those people have access and prove their identity © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28 7/4/2018 3:42 AM Recipient Experience Available CY17 Secure links require recipients to prove their identity Before: Sign in with MSA or AAD NEW No need to create an account Friction-less access with one-time passcode sent to your © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29 External Sharing Demo: Accessing secure links with one-time passcode
7/4/2018 3:42 AM External Sharing Demo: Accessing secure links with one-time passcode Block external sharing based on label Block external sharing based on content in doc © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30 Best Practices: Sharing Policies
7/4/2018 3:42 AM Best Practices: Sharing Policies Balance security and usability with the right sharing policies Reserve the most restrictive sharing policies to the most at-risk users and sensitive sites and files Users expect seamless collaboration, let your users share safely Sharing policies allow rich control over sharers, recipients and content © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

31 Insights related to Sharing and Access
7/4/2018 3:42 AM Insights related to Sharing and Access © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

32 Insights for IT administrators and end-users
7/4/2018 3:42 AM Insights for IT administrators and end-users Who is sharing What is being shared Anomalies Policy matches Who has access to my content Are others re-sharing my content Why was I blocked from sharing/access © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

33 Using Auditing Awareness of activity and anomalies Audit log search
7/4/2018 3:42 AM Using Auditing In Production Awareness of activity and anomalies Audit log search Rule based alerts © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

34 DLP Policy Matches Tuning DLP policies and content patterns
7/4/2018 3:42 AM DLP Policy Matches In Production Tuning DLP policies and content patterns © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

35 New SharePoint Admin Center
7/4/2018 3:42 AM New SharePoint Admin Center Preview CY17 Dashboards show Files shared externally © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

36 Sharing notifications
7/4/2018 3:42 AM Sharing notifications In Production Be notified when your content is shared © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

37 Managing access to shared content
7/4/2018 3:42 AM Managing access to shared content In Production © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

38 Site Usage Awareness when content is externally shared
7/4/2018 3:42 AM Site Usage Coming Soon Awareness when content is externally shared © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

39 Who is accessing my content
7/4/2018 3:42 AM Who is accessing my content Coming soon Give awareness when their content is accessed in OneDrive © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

40 Knowing why I am blocked
Policy Tips Provide feedback to admin Override the policy © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

41 Insights Demo: Auditing DLP report New admin center 7/4/2018 3:42 AM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

42 Recap Industry leading protection for your information
7/4/2018 3:42 AM Recap Industry leading protection for your information Manage easier with intuitive and advanced controls Be in-the-know with insights and intelligence Keep up-to-date with evolving compliance © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

43 7/4/2018 3:42 AM Roadmap 2017 2018 Richer OneDrive admin home page New SharePoint admin UX (GA) Tenant Level - Limited Browser Access on unmanaged devices Classification driven policies Site Level - Limited Browser Access on unmanaged devices Idle session sign out on public devices Secure external sharing with one time passcode Block external sharing based on DLP and labels Reports – New Office 365 admin reports Auditing – New Events Richer site usage page Insights into who viewed your OneDrive files after sharing © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

44 Learn more http://aka.ms/spignitesessions
Read about the announcements See more in over 70 Ignite sessions Code Title Day Time Speaker BRK2229 Security you can trust, control you can count on Tuesday 4:00PM-5:15PM Navjot Virk, Bill Baer BRK3224 Manage and secure Microsoft OneDrive web, desktop and mobile: Deep dive with product team Wednesday 12:30PM-1:45PM Randy Wong, Ryan Hoge BRK2245 Enabling external sharing and collaboration with SharePoint and OneDrive Thursday 10:45AM-12:00PM Eugene Lin BRK3239 Manage SharePoint using the new SharePoint admin center 2:15PM-3:30PM Zohar Raz BRK3111 Understanding advanced concepts in getting the most out of Office 365 Data Loss Prevention Friday 9:00AM-10:15AM Mas Libman, Denise Goh

45 7/4/2018 3:42 AM Resources Securing your content in a new world of work with SharePoint and OneDrive Explore SharePoint and OneDrive security and compliance Solution based security guidance File protection in Office 365 Identity and device protection in Office 365 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

46 European SharePoint Conference SharePoint Conference North America
Next steps Join us at upcoming events Join the conversation Learn more SharePoint Unite October Haarlem, Netherlands European SharePoint Conference November 2017 Dublin SharePoint Fest December 2017 Chicago SharePoint Saturdays (almost) weekly at a city near you Microsoft Tech Summit Cities around the world SharePoint Conference North America May 2018 Las Vegas

47 Please evaluate this session
Tech Ready 15 7/4/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite Phone: download and use the Microsoft Ignite mobile app Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

48 7/4/2018 3:42 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

49 7/4/2018 3:42 AM appendix © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Sharing and access policies for SharePoint and OneDrive"

Similar presentations

Success through People with LinkedIn and O365

Success through People with LinkedIn and O365
9/12/2018 6:21 PM BRK2203 Protect and control your sensitive emails with new Office 365 Message Encryption capabilities Praveen Vijayaraghavan Principal.

9/12/2018 6:21 PM BRK2203 Protect and control your sensitive s with new Office 365 Message Encryption capabilities Praveen Vijayaraghavan Principal.
Microsoft Ignite 2016 5/16/2018 3:12 PM BRK2119

Microsoft Ignite /16/2018 3:12 PM BRK2119
Leverage the O365 Task Ecosystem with Microsoft To-Do and Planner

Leverage the O365 Task Ecosystem with Microsoft To-Do and Planner
Share and work together on the intranet with SharePoint Team Sites

Share and work together on the intranet with SharePoint Team Sites
What’s new in Service Health and Customer Experience Monitoring

What’s new in Service Health and Customer Experience Monitoring
New web experiences in Office 365 that empower your users

New web experiences in Office 365 that empower your users
5/29/2018 1:51 AM THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory Adam Steenwyk & Jeff Sakowicz Program Managers.

5/29/2018 1:51 AM THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory Adam Steenwyk & Jeff Sakowicz Program Managers.
Understanding EU GDPR from an Office 365 perspective

Understanding EU GDPR from an Office 365 perspective
Microsoft 2016 6/4/2018 8:21 AM BRK3082 Build solutions and apps with Microsoft OneDrive API and Microsoft Graph API Ryan Gregg Principal Program Manger,

Microsoft /4/2018 8:21 AM BRK3082 Build solutions and apps with Microsoft OneDrive API and Microsoft Graph API Ryan Gregg Principal Program Manger,
Azure Information Protection Strategy and Roadmap

Azure Information Protection Strategy and Roadmap
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Rottem @AmitaiTechie Senior Program Manager,

6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
Manage SharePoint using the new SharePoint admin center

Manage SharePoint using the new SharePoint admin center
6/16/2018 7:03 AM BRK2434 No team site left behind! Bring the latest features to your existing SharePoint sites! Tejas Mehta Senior Program Manager @tpmehta.

6/16/2018 7:03 AM BRK2434 No team site left behind! Bring the latest features to your existing SharePoint sites! Tejas Mehta Senior Program
Firstline Workforce and Office 365: Microsoft StaffHub

Firstline Workforce and Office 365: Microsoft StaffHub
6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.

6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.
Office 365 Groups Governance and Compliance

Office 365 Groups Governance and Compliance
6/19/2018 5:52 AM BRK2228 Migration to SharePoint and OneDrive in Office 365: Process and options Bill Baer Senior Technical Product Manager SharePoint.

6/19/2018 5:52 AM BRK2228 Migration to SharePoint and OneDrive in Office 365: Process and options Bill Baer Senior Technical Product Manager SharePoint.
6/25/2018 11:13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.

6/25/ :13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.
Decoding audit events in Microsoft Office 365

Decoding audit events in Microsoft Office 365

Similar presentations

Ads by Google