New security and compliance updates across Microsoft 365 apps

Microsoft have released new updates across SharePoint, OneDrive and Teams for a compressive approach to cyber security, privacy, compliance and management.

Secure internal and external collaboration

 Sensitivity labels to control default sharing link types

 Microsoft’s Information Protection (MIP) labels-based external sharing policies were first announced earlier this year. Now, the support is being branched out to simplify default sharing experiences for internal and external collaboration. This is widely available for SharePoint sites.

For example, one of your teams or sites is labelled as ‘confidential’…you can now set the default sharing link type to be ‘Specific People’, meaning only authorised users can collaborate. Similarly, the same can be done with any ‘General’ teams or sites, this will allow a broader audience to access by configuring to ‘Anyone link’.

Auto labelling enhancements for Office documents in SharePoint and OneDrive

Auto labelling has been generally available for admins to create rules for easier detection and labelling of sensitive files across SharePoint sites and OneDrive accounts. Now, auto labelling enhancements can be used to target all OneDrive accounts and SharePoint sites within your business. That includes files that have been created or uploaded via Teams.

SharePoint Syntex support for Sensitivity Labels

SharePoint Syntex uses advanced AI and machine teaching to augment human expertise, automate content processing and convert content into knowledge. It can detect sensitive content and label the content for protection from unauthorised access. This can be done by applicating labels-based policies like encryption.

As this is now available, when creating a Syntex model, admins can choose an sensitivity label that’s been published to you to auto label the documents and protect it with security policies.

Data access governance in SharePoint and OneDrive

There’s been an increase in external collaboration, so it is natural to want to look for ways that will avoid over sharing or accidental exposure of sensitive sites. That’s no longer a worry as admins can use the data access governance insights dashboard to monitor the external sharing activities and label/policy settings for the sites that require it.

Data access governance feature is now in public preview and the insights will let you:

1. Discover your top sites that hold the highest count of sensitive documents, or the most shared content via shareable links
2. Validate that the sites have appropriate sensitivity labels and access policies to protect your business
3. Tailor any labels and polices when needed

Co-authoring and autosave on Office documents encrypted with Microsoft Information Protection

Co-authoring on Word, Excel and PowerPoint documents with sensitivity labels is now available for Windows and Mac. When sensitivity labels are used to encrypt Office documents, multiple users can now work on them in real-time with AutoSave.

Safeguard sensitive sites with Labels-based Granular Conditional Access Policies (GCAP)

In order to help your business secure its sensitive sites, Microsoft Information Protection labels-based granular conditional access policies for SharePoint and OneDrive sites is now in public preview. You’ll now be able to create sensitivity labels which can be linked with the granular conditional access policies in Microsoft 365 compliance centre.

Continuous Access Evaluation (CAE) in SharePoint and OneDrive

Zero trust heavily relies on authentication and authorising based on the data points that are available, such as the user identity state, IP address and device health. Using the conditional access policies support means that sensitive sites in SharePoint, OneDrive and Teams can only be accessed from a managed device.

Microsoft are now taking this one step further, with authorisation now under consistent evaluation based on the conditions which users access content. Let’s say for example you disable a user’s account within the directory, this users access to content in 365 will instantly be revoked in real-time, rather than the session expiration. This can all be done with Continuous Access Evaluation which is now available in SharePoint and OneDrive.

For more information on SharePoint, OneDrive and Teams, speak to our Microsoft Gold-Certified team today!