ECM 203 – Protecting your Content Demystifying Data Loss
33 Slides7.03 MB
ECM 203 - Protecting your Content Demystifying Data Loss Prevention (DLP) in SharePoint Don’t Pa.Panic
Paul Papanek Stork Owner/Principal Architect Author Developer’s Guide to WSS 3.0 MOSS 2007 Best Practices Don’t Pa.Panic Consulting http:// www.dontpapanic.com Microsoft Community Contributor Technet Forums MSDN Forums Yammer Groups Don’t Pa.Panic MCTS: WSS 3.0 Configuration Study Guide (70-631) SharePoint 2010 Development for Office 365 Contact Information Email: [email protected] Blog: http://dontPaPanic.com/blog Twitter: @PStork
Agenda What is Data Loss Prevention (DLP)? Compliance Center and eDiscovery Center How Does it Work? DLP Queries & Policies DLP Templates Actions Can I create custom DLP Templates, Queries, and Policies? Office 365 vs. SharePoint 2016 Don’t Pa.Panic
What is Data Loss prevention? Data Loss Prevention (DLP) - a strategy for controlling dissemination of sensitive Data Loss Prevention Types In Use In Motion Exchange At Rest SharePoint On-Premises Don’t Pa.Panic 4
Foundation Concepts DLP in Exchange since 2013 Recently added to SharePoint 2016 & SharePoint Online Personally identifiable information (PII) Sensitive Information Not a replacement for Records Management Identified during Search Crawl processing Don’t Pa.Panic 5
Processing in SharePoint 2016 Content Sources Crawler Content Processing Policy Definitions Don’t Pa.Panic Index Unified Policy Processing Tasks Query User
Sensitive information types Sensitive Information types contain A formatted or unformatted pattern (regex) Proximity to a keyword (like SSN or Social Security Number) Sensitive Information Type Examples Personal Identifiable Information (PII) Credit Card Numbers Social Security Numbers Bank Account Numbers Passport Numbers Driver’s License Numbers https://technet.microsoft.com/en-us/library/jj150541(v exchg.160).aspx Don’t Pa.Panic 7
DLP queries & Policies Compliance Center & eDiscovery Center Don’t Pa.Panic
DLP Queries DLP Queries Find content that contains sensitive information Understand your risks & security exposure Determine the location of content that your DLP policies need to protect Where to create them? Office 365 - Security and Compliance Center SharePoint 2016 - eDiscovery Center Don’t Pa.Panic
DLP Policies DLP Policies – Compliance Center Contain a Policy Template Rule definition based on the Policy Template Actions taken in Response to the Rule Where to create them? Office 365 - Security and Compliance Center SharePoint 2016 - Compliance Center Don’t Pa.Panic
Other Policies Deletion Policies Delete documents after a specified period of time Similar to Retention Policies in Document Libraries Assigned the same way as DLP Policies OneDrive is the primary Use Case https://blogs.msdn.microsoft.com/mvpawardprogram/2016/01/13/data-los s-prevention-dlp-in-sharepoint-2016-and-sharepoint-online/ Don’t Pa.Panic
Creating Compliance Policy & eDiscovery Centers Don’t Pa.Panic
DLP Policy Templates Identifies specific types of sensitive information Correspond to common regulatory requirements Implement regional differences Don’t Pa.Panic
Creating a DLP query Based on a DLP Policy Template Numerical Threshold of Sensitive Information items Confidence level – (Office 365 only) Refine Query using Date Range Author/Sender Query Scope limited by location Filter based on SharePoint metadata like Author, Content Class or Content Type Context – Shared Internally or Externally (Office 365 only) Don’t Pa.Panic
Creating a DLP Query Don’t Pa.Panic
Creating a DLP Policy Based on a DLP Policy Template Conditions that the content must match before the rule is enforced Numerical Threshold of Sensitive Information items Context – Shared Internally or Externally (Office 365 only) Actions that you want the rule to take Send an Incident report by email Display a Policy tip to the user Block access to the document Don’t Pa.Panic
Policy Tips Policy Tip - A notification or warning that appears when someone is working with content that conflicts with a DLP policy Used to Increase awareness Can be used to override DLP policy blocking Valid Business reason False Positive Don’t Pa.Panic
Creating a DLP Policy Don’t Pa.Panic
Applying a DLP Policy Assigned to a Site Collection By URL By Title Assigned to a Site Template A specific Site Template OneDrive for Business Template (applies to all OneDrive sites) Other Settings Default Policy Mandatory Policy (only one policy allowed) Don’t Pa.Panic 19
Assigning a DLP Policy Don’t Pa.Panic
Administering DLP SharePoint 2016 & Office 365 Don’t Pa.Panic
View DLP policy activity in the usage logs Example - view the text entered by users when they override a policy tip or report a false positive. Enable the option in Central Administration Monitoring Configure usage and health data collection Simple Log Event Usage Data SPUnifiedAuditEntry). Don’t Pa.Panic
Office 365 vs. SharePoint 2016 SharePoint 2016 Security & Compliance Center Activity Alerts Compliance Roles DLP Policies Deletion Policies Audit Log search Sensitive Information Queries Don’t Pa.Panic Office 365 Compliance Center DLP Policies Deletion Policies eDiscovery Center Sensitive Information Queries Individual Sites Audit Log search 23
Hybrid Audit Logging Search file access activities Office 365 On-premises SharePoint 2016 Configure Office 365 - Turn On Audit Log Search Recording in Compliance & Security Center On-Premises – Configure Usage and Health Data Collection in Central Admin Enable Hybrid Audit Logging in Hybrid Picker Don’t Pa.Panic 24
Limitations Cannot Create Custom Rules –YET! 1 Policy Center Per Web Application No “Clean” PowerShell CMDLETS for Automation One-to-one Site Collections & Policy Mappings Hybrid Does not Work That Well Systems actions – Blocking, flagging, etc. works by timer jobs Office 365 cannot access On-Premises timer jobs Don’t Pa.Panic
Office 365 security & Compliance Center Don’t Pa.Panic
Custom Types Office 365 only for now Contents Entity – Type of Information, ex. Employee ID Rule – Regular Expression Pattern – Supporting evidence Different combinations represent confidence levels https://support.office.com/en-us/article/Create-a-custom-sensitive-information-type-82c38 2a5-b6db-44fd-995d-b333b3c7fc30?ui en-US&rs en-US&ad US Don’t Pa.Panic
Custom Type Example ?xml version "1.0" encoding "utf-16"? RulePackage xmlns "http://schemas.microsoft.com/office/2011/mce" RulePack id "b4b4c60e-2ff7-47b2-a672-86e36cf608be" Version major "1" minor "0" build "0" revision "0"/ Publisher id "7ea13c35-0e58-472a-b864-5f2e717edec6"/ Details defaultLangCode "en-us" LocalizedDetails langcode "en-us" PublisherName Don't Pa.Panic /PublisherName Name Sample Sensitive Info /Name Description A Sample DLP Sensitive Info Type /Description /LocalizedDetails /Details /RulePack Don’t Pa.Panic
Custom Type Example – Part 2 Rules !-- bad word match list -- Entity id "acc59528-ff01-433e-aeee-13ca8aaee159“ patternsProximity "300“ recommendedConfidence "75" Pattern confidenceLevel "75" IdMatch idRef "BadWordList" / /Pattern /Entity Keyword id "BadWordList" Group matchStyle "word" Term Google /Term Term FOR INTERNAL USE ONLY /Term /Group /Keyword Don’t Pa.Panic
Custom Type Example – Part 3 LocalizedStrings Resource idRef "acc59528-ff01-433e-aeee13ca8aaee159" Name default "true" langcode "en-us" Sample Sensitive Info /Name Description default "true" langcode "en-us" A Sample DLP Sensitive Info Type /Description /Resource /LocalizedStrings /Rules /RulePackage Don’t Pa.Panic 30
Adding a Custom DLP UserCredential Get-Credential Session New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential UserCredential -Authentication Basic -AllowRedirection Import-PSSession Session New-DlpSensitiveInformationTypeRulePackage -FileData (Get-Content -Path “Path To XML\DLPfile.xml " -Encoding Byte) Get-DlpSensitiveInformationType where { .Name -like "Sample*"} Remove-DlpSensitiveInformationTypeRulePackage -Identity "b4b4c60e2ff7-47b2-a672-86e36cf608be" Remove-PSSession Session Don’t Pa.Panic
Additional resources DLP Sensitive Information Types https://technet.microsoft.com/en-us/library/jj15054 1(v exchg.160).aspx Create a DLP policy in SharePoint Server 2016 https://support.office.com/en-us/article/Create-a-DL P-policy-in-SharePoint-Server-2016-0bd9c41e-8ed44cd5-b4e8-0c0f66d8d538?ui en-US&rs en-US&ad US Don’t Pa.Panic 32
Questions? Contact Info Email: [email protected] Blog: http://dontPaPanic.com/blog Twitter: Don’t Pa.Panic @PStork