Browsed by
Category: Data Governance

App protection and a disabled Account

App protection and a disabled Account

Today I realised I totally forgot to add this setting to my App protection baseline. This setting was released some months ago. You can configure this conditional launch setting within the app protection policy. You have got 2 options: Block access: When Intune has confirmed the user has been disabled in Azure Active Directory, the app blocks access to work or school data. Wipe data: When Intune has confirmed the user has been disabled in Azure Active Directory, the app…

Read More Read More

The sum of all App protection policies

The sum of all App protection policies

Obviously, there is a need to use mobile devices to access company data. These devices and apps need to be secured. There are many articles written about when to use MDM and when to use MAM or combining them. This blog will be about troubleshooting App protection policies. This week we were enrolling new surfaces and mobile devices into Microsoft 365. It can be a struggle when you don’t have a greenfield tenant and you need to make sure the…

Read More Read More

Sensitivity Labels DLP’s Excellent Adventure

Sensitivity Labels DLP’s Excellent Adventure

In this blog, I’ll be talking about using DLP in combination with sensitivity labels and device protection. A perfect addition to labeling your data with sensitivity labels. Labeling your data may already be the best option you have to protect your data but adding an additional barrier by making sure data can’t be moved is even more excellent! Yeah! Microsoft 365 E5/A5 compliance license or the information protection and governance add-on is the “only” big requirement you need to start…

Read More Read More

What Happened to Monitoring External Access to Your Data?

What Happened to Monitoring External Access to Your Data?

Some time ago I wrote a blog about securing your data in which I described that this is only the first step in making sure your data is safe.   For example, whilst working with Teams, did you think about the “shadow users”? These users are not members of your Teams / Microsoft 365 groups but can still somehow access your data.  It’s very easy for an employee to share the whole Teams general folder within the Sharepoint site without you noticing. An employee just has to click on “share” to begin sharing it…

Read More Read More

The Fellowship Of Group Labeling

The Fellowship Of Group Labeling

Labelling your data with sensitivity labels is the way to go. Confidential data within your organization needs to be labelled with a proper sensitivity label. You can do this manually or automatically. But there is more, labelling your teams/Microsoft 365 groups itself is the next best thing. There are 3 options you can define, when setting up your Sensivity group labels. Setting your team privacy Allowing external users Non-compliant settings: You shall not pass(block access), full access and limited access)…

Read More Read More

Secure your data like it was Fort Knox

Secure your data like it was Fort Knox

One thing is certain, you need to protect your (important) data at all cost. Otherwise it could come back to haunt you. Luckily there are multiple options to protect your data. Each option has its pro’s and con’s and you can also combine some of them for the best security. Restrict downloading files from unmanaged devices Apply sensitivity labels on all important data Apply sensitivity labels when downloading files from unmanaged devices Restrict Copy Paste on unmanaged devices 1. Restrict…

Read More Read More

Automatic labelling Teams Data.

Automatic labelling Teams Data.

It’s really nice to see the option to apply a Label at a Team Site. When you configure the Group label options, you can make sure no guests are allowed…. Really nice I hoped after the last “automatic labelling” announcement in the Protection Portal, it would be possible to label a team site with no other options defined….. but for now, it is not… 🙁 Cloud App Security to the rescue. When your license has an option to use the…

Read More Read More