Information Governance and Mitigation of Compliance Risks in Microsoft 365

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
(tech whirring) - Coming up, I'll show you how you can establish an intelligent information governance approach for your data in Microsoft 365 and beyond, with the latest capabilities for governing and mitigating your compliance risks. Starting with understanding the internal and external data in your organization, central management of policies that trigger automatic data retention and deletion, the ability to use AI through trainable classifiers to automatically find the data so that policies can be applied at scale, and how you can evolve your policies and processes over time. For any organization, regardless of the size, data is one constant that's designed to grow. To meet your governance needs in one spot, we've designed the Microsoft 365 compliance center to give you a centralized management plane for all of your data compliance needs. From here in the Solution Catalog, we have a dedicated information governance solution, in fact, it's a good idea to pin it to your left navigation to easily get back to it. As you can see when I open it, this is where you can keep track of the policies via labels that you have in place across your environment. That said, any governance strategy starts with knowing what data exists within your organization. Understanding the sensitivity of your data and where it may reside as it's stored across environments, is one of the biggest challenges for establishing governance over your data today. Information governance has a few core concepts: Your information or files; setting policies to these files, this is usually retention or deletion; a set of processes to apply labels to your files, either manual or intelligently automated. The good news is, the new data classification tab gives you a consolidated view of business-critical data across your organization, whether it's in Microsoft 365 or other data repositories. This view is a combination of pre-built sensitive classifier types, and custom labels that you have in place, matched against the data in your organization. You're also able to see the activity around your data, as well as the data that remains unclassified and unmanaged, so that you can take appropriate actions. I'll show you how you intelligently and automatically classify your data at scale in a moment. First, to get the most holistic view of your data possible, we are also making it easier for you to bring in data from systems outside of Microsoft 365 to take advantage of a centralized governance approach. We give you a growing number of native data connectors, for the ingestion of data into Microsoft 365. For example, our improved Instant Bloomberg connector, which if I click on Connectors, you'll see I already have Instant Bloomberg configured. It maps email addresses in Bloomberg with corresponding Microsoft 365 user accounts. Let's switch to the user experience. You'll see that Adele has conversations from Instant Bloomberg that are now archived in her inbox. Once in Microsoft 365, this data is now discoverable, and policies can be applied. In this case for example, we have applied seven years of retention. Speaking of which, let me show you how you can easily set up data retention at scale. Back in the Compliance Center under Governance, I can see the retention policies I have running. I'm going to add a new retention policy. Give it a name. Give it a description. Click Next. Here is where you can set the duration of the retention and related settings, including automatic deletion. I'll click Next. And now I can select the locations where I want to retain data, everything from email to SharePoint to Teams, and more. I'll cancel out of this policy, because I already have one like this configured. Okay, so now I've set up retention across my various locations, the next thing that I want to do is scope specific policies based on the data type and content. For that I need Labels, so I'll go to the Labels tab. You can see I have nine labels already created. I'll go ahead and create a new one. I'll give it a name, Project Orlando. If I want, I can give it a description for my admins and users, but I'll skip that and click Next. This brings me into Label settings. I can configure my policy, I'll specify how long I want to keep this content type and what needs to happen at the end of my retention period. For example, I can trigger a disposition review or I can trigger retention based on other parameters, as well. I'll keep when it was created, and click Next. Now I'll review the Label and choose Create this label. And I'll can see the Project Orlando label I just created. And now I can go a step further. We'll automate when this label gets applied as content is created in the future that meets my criteria. This is how you can scale over all the content your users create. I'll click Auto-apply label. Here you can see all the options. I can look for sensitive information type. If you're familiar with our DLP offering, we give hundreds of built-in sensitive info types that you can use. You can also use specific keywords or phrases so that the label is triggered based on a keyword in a document or other metadata fields. Or something brand new. I can use machine learning trainable classifiers, and click Next. Here you see built-in classifiers for things like Offensive Language, Harassment, and Resumes to name a few, and you can also build your own, such as here I have created one called Contoso Insider trading as a custom classifier. I'll click on Create a new one to show you how these are built. I'd like to have a new classifier for contracts, so I'll click Create. Give it a name, Contoso Contracts. First, we need to seed the classifier with content. In our case existing contracts, so that it can identify similar content as it gets created in the future. For best results, you'll want to point this to a location with 50 to 500 samples, and these can be Office document types, PDFs, text files, etc. I'll use an existing SharePoint site with the content that I want to seed. This content happens to be in a folder. Now I'll click the plus sign to add it. I'll click Next. I'll review what I just built and click Create trainable classifier. Now you'll see Contoso Contracts. In the background it is creating a base model and predicting content that matches the criteria I set. This can a take a while based on your source content. This one is already complete and we can review the results. In fact, you'll see that classifier accuracy isn't available yet and I need to review before I can publish this classifier. So to do that, I'll click on Tested items to review. Here you see all the files that were predicted, and I can validate its assessment. I'll start with this one, 174283. It looks relevant, I agree with the prediction, and click Yes. Now I'll go to the next one, and this doesn't look like a contract or relevant. so I'll click No. In advance, I've gone through this process a few times to reach an accuracy of 99.6%. So I'm ready to publish. Now I'll close this and see that it's ready to use. Now let's try this out with a new contract. I'll upload a contract to a SharePoint site covered by my policy. Now it's in SharePoint. Now, it took a moment, but it detected it was a contract and you'll see that the Project Orlando retention label and policy is automatically applied. Okay, so now let's switch gears and talk about deletion or disposition. Earlier, I selected automatic deletion when we were setting up the retention policy, but I could have also triggered a disposition review workflow. Disposition is often just as important as retention and in some cases, you'll want oversight of what gets deleted. Let's look at the disposition review process. Now I'll go back into the Compliance Center. I'll click into the Disposition tab, and select Project Orlando. And you'll see that based on the policy there are seven items pending review. I'll click into this Terms and Conditions doc and now I can decide whether to Dispose, Extend, or Tag the file. I won't take any action at this point, but this just shows you how easy it is to do a disposition review. Now, I do want to show you one more thing. With your data enlightened through classification and retention policies and everything centrally managed, as new data comes into your environment and your organization evolves, you need to get insight into how policies are behaving and be able to efficiently make changes. Back in labels, we'll select Project Orlando again and I can now explore items to see what labels have been applied and removed. Such as here in October, I can see 25 labels were applied and one removed and now I can monitor and take actions from there. So that was a quick tour of the Information Governance solution in Microsoft 365, which allows you to know your data, including data from within and outside of Microsoft 365, centrally manage and automate governance at scale with machine learning, and evolve your policies over time. To learn more, check out aka.ms/InfoGovernance. Thanks for watching. (upbeat music)
Info
Channel: Microsoft Mechanics
Views: 11,247
Rating: 4.963964 out of 5
Keywords: advanced data governance, office 365, microsoft 365, data governance, information protection, regulatory compliance governance, records management, risk management, information governance, information governance training, information governance and compliance, information governance training videos, information governance basics, information governance solutions, information governance vs data governance, what is information security governance, what is information governance
Id: -NtGgezOA4o
Channel Id: undefined
Length: 10min 51sec (651 seconds)
Published: Tue Mar 17 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.