Quadra

Connecting Technology and Business.

Microsoft Cloud App Security

More and more cloud-based apps are being used by businesses, such as Dropbox, Box and Microsoft-created services like OneDrive and Office 365. Now Microsoft has launched Microsoft Cloud App Security, a service designed specifically to help protect companies and their employees who use cloud-based apps.

Microsoft says that, according to its surveys, each employee in a company uses 17 cloud apps and workers in 91% of organizations grant access to their personal accounts to their company's cloud storage services. Microsoft Cloud App Security provides those organizations the following features to protect their employees and the company as a whole:

  • App Discovery: Cloud App Security identifies all cloud applications in an enterprise’s network—from all devices—and provides risk scoring and ongoing risk assessment and analytics

  • Data Control: With special focus on sanctioned apps, enterprises can set granular controls and policies for data sharing and loss prevention (DLP) leveraging API-based integration. They can use either out-of-the box policies or build and customize their own

  • Threat Protection: Cloud App Security provides threat protection for the Enterprise’s cloud applications leveraging user behavioral analytics and anomaly detection

Archive your mails on the Cloud - No more local PSTs

Microsoft Exchange Online Archiving is a Microsoft Office 365 cloud-based, enterprise-class archiving solution for organizations that have deployed Microsoft Exchange Server 2013, Microsoft Exchange Server 2010 (SP2 and later), or subscribe to certain Exchange Online or Office 365 plans.

Note: For Exchange Online customers, Exchange Online Archiving is what is referred to as “In-Place Archive” as feature in Exchange Online.

Exchange Online Archiving assists organizations with their archiving, compliance, regulatory, and eDiscovery challenges while simplifying on-premises infrastructure, and thereby reducing costs and easing IT burdens.

Features

Archive mailbox

  • An archive mailbox is a specialized mailbox that appears alongside the users’ primary mailbox folders in Outlook or Outlook Web App.

  • Users can access the archive in the same way that they access their primary mailboxes. In addition, they can search both their archives and primary mailboxes.

Move messages to Exchange Online Archiving

  • Users can drag and drop messages from .pst files into the archive, for easy online access.

  • Users can also move email items from the primary mailbox to the archive mailbox automatically, using Archive Polices, to reduce the size and improve the performance of the primary mailbox.

Deleted item recovery

  • Users can restore items they have deleted from any email folder in their archive.

  • When an item is deleted, it is kept in the archive’s Deleted Items folder. It remains there until it is manually removed by the user, or automatically removed by retention policies.

  • After an item has been removed from the archive’s Deleted Items folder, the item is kept in the archive’s Recoverable Items folder for an additional 14 days before being permanently removed.

  • Users can recover these items using the Recover Deleted Items feature in Microsoft Outlook or Outlook Web App.

  • If a user has manually purged an item from the Recoverable Items folder, an administrator can recover the item within the same 14-day window, through a feature called Single Item Recovery.

Retention policies

  • Helps organizations reduce the liabilities associated with email and other communications.

  • Administrators can apply retention settings to specific folders in users’ inboxes.

  • Administrators can also give users a menu of retention policies and let them apply the policies to specific items, conversations, or folders.

  • Offers two types of policies: archive and delete. Both types can be applied to the same item or folder. For example, a user can tag an email message so that it is automatically moved to the personal archive in a specified number of days and deleted after another span of days.

In-Place eDiscovery

  • Supports In-Place eDiscovery for searching the contents of mailboxes, primary mailboxes and archives.

  • Administrators or authorized Discovery managers can search a variety of mailbox items – including email messages, attachments, calendar appointments, tasks, and contacts.

Scenarios

  • Reduce potential liabilities. Archive and delete emails as per business needs. Employees don’t have to create and manage multiple PST files on their devices any more

  • Reduce Risk. Compliance search and eDiscovery gives Legal/Compliance teams ability to search all emails

  • Drive Mobile Productivity. Employees can search and view all their emails from Outlook, Outlook on the Web and mobile devices.

Microsoft Azure and the small / medium business

With the fast pace of innovation constantly accelerating, it’s becoming increasingly expensive for SMBs to keep investing in the latest and greatest IT solutions. At the same time, relying on older solutions while competitors invest in new ones gives a leg up on them to anticipate, manage, and respond more quickly to change.

By turning to Microsoft Azure and the cloud, SMBs can keep their competitive edge without expanding their budget. Azure helps SMBs bring products and services to market quickly. They can instantly scale globally, with everything needed to support worldwide business growth. They can run their operations more cost-effectively, paying only for what they use as opposed to for what they don’t. They can also free up their budget to spend on other business needs by eliminating the cost of new hardware. And they can gain enterprise-level security with the same data protection and datacenter security that many of the world’s largest organizations receive today.

Business focus

SMBs want to focus on running their business and increasing their bottom line,  not on their infrastructure. With Azure, they can build, deploy, and manage applications in the cloud without worrying about the cost of purchasing new server hardware. They can easily scale up or down as needed and gain peace of mind knowing they have the added protection of multiple data backups in Microsoft-managed datacenters.

Business Continuity

Many businesses lose critical data because they don’t have a data backup solution. Azure offers simple, reliable backup for company's data and applications that is affordable because they pay only for the storage they use. There are no typical infrastructure costs or per-server or data transfer fees. Plus their applications receive the same level of protection that Microsoft enterprise customers, including many of the world’s largest financial institutions, receive.

Business Boost

Any business can host its own website, but is the risk of poor performance, security breaches, and skyrocketing costs worth the price? With Azure, SMBs can quickly and easily host scalable websites in the cloud. Microsoft uses multiple datacenters around the world, helping provide business and their customers with a reliable, satisfying, and secure experience that enables them to deploy their applications close to their customers.

Microsoft uniquely offers a flexible platform that lets SMBs choose the path that is best for their business, whether that’s on-premises, in the cloud, or a hybrid combination. Working seamlessly with other Microsoft software and services such as Windows Server, SQL Server, and SharePoint, Azure helps make the cloud a seamless part of a business' IT in a way that is best for a company’s specific needs.

Optimizing SharePoint performance during migration to O365

A Microsoft IT Case study


Microsoft IT focused its performance optimization efforts for SharePoint Online on two major areas: a gradual, staged migration plan that mitigated most impacts of migration on performance, and a SharePoint portal performance analysis that led to important configuration optimizations in caching, content rendering, and navigation. Because of these efforts, Microsoft IT enjoyed an especially smooth migration of SharePoint content and portals to Office 365.

Optimizing migration through categorization and gradual onboarding

When Microsoft IT began migrating to SharePoint Online, there were approximately 70,000 site collections and over 100,000 My Site personal sites. Through a combination of cleanup efforts and a “Start Fresh” approach, (see below for a full description) to encourage net-new adoption, Microsoft IT was able to reduce the actual number of site collections that had to be fully migrated to 22,063 Team Sites. These sites consisted of 36 terabytes of data, and were approximately a 50 percent reduction in sites to be migrated (this did not including self-migrations of Team Sites or My Sites, which were primarily content-only moves). After the Start Fresh adoption and cleanup efforts were completed, the team successfully migrated more than 97 percent of its relevant SharePoint sites to the cloud in less than one year. Part of this success is attributable to the development of new SharePoint Online migration APIs (currently in preview; see Resources) coupled with a third-party tool developed by Metavis, which greatly improved throughput for migration throughout the year. Microsoft IT also treated the migration as a large-scale project, complete with project management assignments, a detailed communication plan, a rollback plan, and buy-in from all stakeholders. Most importantly, Microsoft IT planned and performed migrations in a staged manner that greatly minimized impact on performance.

Key takeaway

  • The most important step to prepare for migrating to SharePoint Online is to perform a detailed audit and to clearly understand your environment. Determine which sites have not been edited for some time and reach out to the site owners to find out if they are still needed. Remove those that are not needed any longer. This cleanup is essential to make sure you are only migrating the most relevant data.
Categorizing migration

Before beginning site migrations, Microsoft IT created four migration categories defined by site complexity (the level and breadth of existing customizations) and the degree of business value associated with the content. The categories were:

  • Start Fresh. Individuals and teams were encouraged to create new sites in the cloud and manually migrate their own content as needed, only moving the most important files and discarding the rest.
  • Forklift. Microsoft IT performed a bulk migration of nearly 30,000 high-value SharePoint sites, using third-party migration tools.
  • Partial Move. Select content was moved to the cloud, and more complex content (such as content for highly customized portal components) remained on-premises until it could be redesigned.
  • Redesign. Some portals with highly customized applications and solutions were slated for complete redesign, with custom workload migration and completely rebuilt solutions to take advantage of newly available technology, such as Azure media services, and to leverage the new app model.

Key takeaway

  • Performing migrations according to site categories is essential to efficient SharePoint migration.

Although all four approaches were instrumental in the successful Microsoft IT SharePoint migration and can serve as a model for any IT department planning a migration to SharePoint Online, the Start Fresh approach was perhaps the most significant for mitigating potential migration-related performance issues. This approach involved regular communication and a generous timeline, allowing users to self-migrate at their convenience.

To simplify the transition and encourage users to move, Microsoft IT created a process by which users could create a new SkyDrive Pro (now OneDrive for Business) site on first visit by simply clicking a link. Additionally end-users were informed that their on-premises My Sites would eventually be eliminated. Within a specified time (approximately one year), users could migrate critical content on their own and discard anything no longer needed. Microsoft IT did not migrate any content from My Sites on-premises to SkyDrive Pro. For more complex sites requiring third-party migration tools, users could request migration assistance from Microsoft IT in the form of forklift moves, partial moves, and redesigns.

Key takeaway

  • Establishing a project plan and using a third-party tool (Metavis) that takes advantage of the migration APIs developed by the SharePoint product group can reduce the overall impact of migration on performance.
Gradual onboarding and organic adoption

As users moved to their new sites and experienced the benefits of cloud document storage and accessibility firsthand, SkyDrive Pro experienced viral adoption. Growth in use of SharePoint Online in Microsoft IT was organic and gradual, but also highly efficient and effective. A year after the start of the SharePoint migration in Microsoft IT, more than half of its SharePoint footprint was in the cloud.

This gradual onboarding and adoption approach is ideal for organizations that can increase network bandwidth as needed over time. Although a large migration to Office 365 ultimately requires some increase in network capacity, very little upfront network load planning is necessary in a long-term migration model. This approach minimizes the effect of migration and any associated performance issues because it greatly reduces the possibility of sudden changes in throughput or network capacity.

Key takeaway

  • A gradual approach to SharePoint site migration that provides a generous timeline for more user control can minimize the effect of migration on network performance.

Optimizing Skype for Business performance in O365

A Microsoft IT case study


When Microsoft IT began its transition to Office 365, the team responsible for Lync and Skype for Business services was already involved with a major performance improvement effort as part of the transition from Lync to Skype for Business. This work included categorizing service challenges and large-scale, long-term planning for improved performance and availability both on-premises and in the cloud. This improvement project expanded to include an intense evaluation of the cloud management service and strategic work to prepare the network environment and optimize for the cloud, as well as a cloud migration plan that took advantage of flexible hybrid opportunities.

Preparing the network environment

Knowing that a Skype for Business cloud migration would require changes to the network environment for optimal performance, Microsoft IT took advantage of the Microsoft Click-to-Run technology to reduce complexity and IT overhead, allowing Office 365 to manage Office and Skype for Business client updates. By moving to the cloud, Microsoft IT was able to manage updates and ensure the most current versions of the client at all times, guaranteeing availability of the newest features and the greatest reliability.

Because real-time communication is extremely sensitive to network conditions, Microsoft IT also prioritized a deep understanding of three key elements of capacity and traffic planning before they began cloud migrations. To understand capacity and traffic planning:

  • They analyzed federated traffic with external organizations in a hybrid environment to prevent potential bottlenecks at the network edge.
  • They developed a deep understanding of the traffic flows within the network to optimize routes for voice traffic.
  • They ensured that their private connectivity, which reduced complexity in the network integration for Skype for Business in Office 365, had the appropriate markings for quality of service and guaranteed prioritization to the Office 365 network.

Historically, major IT investments have included tools, systems, and personnel for managing infrastructure and applications; moving to the cloud shifted some of those burdens to Office 365 and enabled Microsoft IT to focus more resources on adoption and improving control over the Skype for Business user experience. Microsoft IT has seen fewer incidents caused by network changes, because dedicated network links now connect users directly to server farms in the cloud. In Office 365, the risk of user or service impact caused by internal network changes or configuration drift is greatly reduced.

Key takeaway

  • Migrating Skype for Business Server to Skype for Business Online in Office 365 may allow IT departments to shift resources from internal IT infrastructure and applications to adoption efforts and a more managed user experience.
Optimization for transition to the cloud

Because of the real-time nature of the Skype for Business service, optimizing performance is even more critical than with other Office 365 services; even a few seconds of lost voice, video, or data affect user productivity. Therefore, before Microsoft IT could migrate Skype for Business to the cloud, it was crucial to evaluate change and develop new strategies for availability, reliability, and performance.

When Microsoft IT began to transition Skype for Business to the cloud, the existing wireless networks were optimized for data, but not for real-time communications such as voice. With the increase in the number and variety of mobile devices in the workplace, use of wireless connections more than doubled during meetings in less than a year. Additionally, transitioning to open floor plans to reduce physical footprints and accommodate new working models resulted in increased user density and additional meeting spaces. To accommodate channel overlap and improve signal optimization in this changing wireless environment, Microsoft IT re-tuned their wireless access point placements and deployment configurations based on analysis of changing user behaviors, varied user density, and new floor plan trends.

At the same time, Microsoft IT was seeing widespread increase in Windows 8 machines that were optimized for Wireless N network hardware rather than wired connections. Microsoft IT standardized the environment for wireless N, ensuring clear communications by proactively making sure that its wireless network drivers were as current as possible and continuing to actively push driver updates.

Key takeaway

  • The increasing popularity of mobile devices and open floorplans in the workplace requires analysis and potential redesign of network configurations, as well as increased focus on driver updates.
Using hybrid deployments for flexibility

The Microsoft IT Skype for Business migration to the cloud is occurring in phases. Even more complex than the SharePoint migration, the Skype for Business migration to Office 365 is part of a much larger deployment that also includes the launch of Skype for Business Server 2015 and the new Skype for Business client software. The Microsoft IT ecosystem for Skype for Business involves 218,000 users in both on-premises and Office 365 environments; of these, 30,000 are currently in the cloud, producing 3.5 million streams per month. This hybrid environment allows Microsoft IT to provide global public switched telephone network (PSTN) connectivity for both Skype for Business Server and Skype for Business Online while optimizing performance and the user experience. Processes and applications are moved into the public cloud environment as quickly as possible.

Microsoft IT currently provides global enterprise voice in the cloud and will remain in a hybrid configuration until global services are available online. There is high user satisfaction with the current hybrid environment; a cloud user and an on-premises user can have a seamless conference in a shared environment without any awareness of its hybrid nature.

Office 365 implementations will vary greatly by organization, with some small organizations moving easily to a total cloud environment and larger organizations using longer-term hybrid scenarios. Like Microsoft IT, other large IT departments may experience challenges that will influence performance planning for Skype for Business migration, such as application requirements, telecommunications investments, carrier limitations, partner dependencies, and number of users. Fortunately, the flexibility of gradual hybrid deployments can mitigate many of these challenges.

Key takeaway

  • A gradual hybrid transition to Office 365 allows companies to migrate to the cloud while continuing to maximize their investment in their existing on-premises telephony equipment.

The VPN style connectivity using Microsoft ExpressRoute for O365

A Microsoft IT Case study

Until now, Microsoft IT had been using Internet-based connectivity to Office 365 public services, working with network transport providers and carefully selecting the regional locations of the tenancy to improve the network experience. The current phase in Office 365 connectivity involves shifting connectivity from a standard public Internet connection to private peering using Microsoft ExpressRoute for Office 365, the same technology used for Microsoft Azure. ExpressRoute provides Microsoft IT with private network connectivity that offers performance that is more predictable and guaranteed service availability.

A standard public Internet connection is an uncertain and unpredictable network path in which service quality depends on carriers, traffic, intermediaries, and proximity to cloud datacenters. With ExpressRoute, organizations contract with a Microsoft partner who is a network service provider or an Exchange provider. (Tata Communications in India is now providing ExpressRoute from Amsterdam, Chennai+, Hong Kong, London, Mumbai+ and Singapore). These companies provide connectivity into the Microsoft network, which connects all Microsoft datacenters, offering predictable performance, data privacy, and guaranteed service availability.

The figure below illustrates using ExpressRoute with Office 365 and the corporate intranet.

Mt450488.image024(en-us,TechNet.10).jpg

Key takeaway

Using private network connections with Azure ExpressRoute for Office 365 is a practical solution that may help enterprises address any performance uncertainties of an Internet-connected network path.

Advanced analytics functionality in Excel 2016

Excel 2016 provides capabilities that allow users to further enhance your data analysis experiences and share their data and analysis more effectively across their company. These features, usually suitable for professional business analysts, come with all premium plans of Office 2016, including Office 365 ProPlus, Office Professional Plus, Excel 2016 Standalone, and now also in Office 2016 Professional.

Here is the list of the advanced analytics features:

Advanced analytics and modelling capabilities with Power Pivot

With the full Power Pivot management UX, users can benefit from advanced modelling capabilities like Diagram View, KPIs, Hierarchies and DAX Calculated Columns.

New ways to get the Excel business analytics features  1

Advanced connectivity options with Power Query

For corporate users who require advanced connectivity and importing features, Microsoft has added the option to connect to corporate, big data and cloud data sources, such as Oracle, DB2 or MySQL database, a variety of Azure data sources, such as Azure SQL Database, Salesforce, Hadoop files and many more.

New ways to get the Excel business analytics features  2

Advanced collaboration

With an addition of Power BI license, users will also benefit from a corporate data search and will be able to share their import and transformation queries with other analysts within their organization through the means of a Corporate Data Catalog.

New ways to get the Excel business analytics features  3

-Microsoft Excel Team

Work together in Groups in Office 365

Getting things done at work means sharing information and collaborating across ad hoc groups and project teams.  But, often times the tools we use to bring people together are different in each app—distribution groups in Outlook, Favorites lists in Skype for Business, groups in Yammer.  That’s why Microsoft has introduced Groups in Office 365, so you can easily connect with the colleagues, information and applications you need to do more.

OWA Groups conversation feed

To support a project, one can easily create a new Group and invite colleagues. One can also search for and join existing Groups, which are open by default, to see all discussions, milestones and files and get up to speed quickly.  Of course, one can create private Groups as well for sensitive projects and content.

Groups will show up within the web experiences of Office 365 email and calendar and OneDrive for Business.  Yammer and Lync also will be added to the Groups experience to help users do even more.

Eligible Office 365 plans include the Office 365 Enterprise E1, E3 and E4 subscription, Office 365 Business Essentials and Business Premium plans and Office 365 Kiosk plan.

In some ways, Office 365 Groups behave like traditional email distribution groups in that you can send a message to a group and have it delivered to all the group members. But the problem with distribution groups is that if you’re not a member, you don’t get the information. And when you join, you don’t gain access to previous discussions.

An Office 365 group is a more persistent entity than an email distribution group because while you can use a group like a regular distribution group, it also stores discussions for new members to discover when they join. It’s kind of like an Office 365 Group is a cross between a distribution group and a public folder. And like a distribution group, an Office 365 Group is instantiated as a group object in the directory - in this case, within Azure Active Directory. 

Perhaps a more accurate comparison is to a combination of a distribution group and a site mailbox (or even a traditional shared mailbox). Groups are preferred to site mailboxes if you need a collaboration platform for a new project.

Document Fingerprinting for DLP in Office 365

Information workers in an organization handle many kinds of sensitive information during a typical day. Document Fingerprinting makes it easier for organizations to protect this information by identifying standard forms that are used throughout the organization.

Basic scenario for Document Fingerprinting

Document Fingerprinting is a Data Loss Prevention (DLP) feature that converts a standard form into a sensitive information type, which you can use to define transport rules and DLP policies. For example, organizations can create a document fingerprint based on a blank patent template and then create a DLP policy that detects and blocks all outgoing patent templates with sensitive content filled in. Optionally, organizations can set up Policy Tips to notify senders that they might be sending sensitive information, and the sender should verify that the recipients are qualified to receive the patents. This process works with any text-based forms used in an organization. Additional examples of forms that you can upload include:

  • Government Forms

  • HIPPA compliance forms

  • Employee information forms for HR departments

  • Custom forms

An organization might already have an established business practice of using certain forms to transmit sensitive information. After an empty form is uploaded to be converted to a document fingerprint and set up a corresponding policy, the DLP agent will detect any documents in outbound mail that match that fingerprint.

How Document Fingerprinting works

In the same way that a person’s fingerprints have unique patterns, documents have unique word patterns. When you upload a file, the DLP agent identifies the unique word pattern in the document, creates a document fingerprint based on that pattern, and uses that document fingerprint to detect outbound documents containing the same pattern. That’s why uploading a form or template creates the most effective type of document fingerprint. Everyone who fills out a form uses the same original set of words and then adds his or her own words to the document. As long as the outbound document isn’t password protected and contains all the text from the original form, the DLP agent can determine if the document matches the document fingerprint.

The following example shows what happens if you create a document fingerprint based on a patent template, but you can use any form as a basis for creating a document fingerprint.

Example of a patent document matching a document fingerprint of a patent template

A patent document matching a document fingerprint.

The patent template contains the blank fields “Patent title,” “Inventors,” and “Description” and descriptions for each of those fields—that’s the word pattern. When you upload the original patent template, it’s in one of the supported file types and in plain text. The DLP agent uses an algorithm to convert this word pattern into a document fingerprint, which is a small Unicode XML file containing a unique hash value representing the original text, and the fingerprint is saved as a data classification in Active Directory. (As a security measure, the original document itself isn’t stored on the service; only the hash value is stored, and the original document can’t be reconstructed from the hash value.) The patent fingerprint then becomes a sensitive information type that you can associate with a DLP policy. After you associate the fingerprint with a DLP policy, the DLP agent detects any outbound emails containing documents that match the patent fingerprint and deals with them according to your organization’s policy. For example, you might want to set up a DLP policy that prevents regular employees from sending outgoing messages containing patents. The DLP agent will use the patent fingerprint to detect patents and block those emails. Alternatively, you might want to let your legal department to be able to send patents to other organizations because it has a business need for doing so. You can allow specific departments to send sensitive information by creating exceptions for those departments in your DLP policy, or you can allow them to override a policy tip with a business justification.

Supported file types

Document Fingerprinting supports the same file types that are supported in transport rules.

Limitations of document fingerprinting

The Document Fingerprinting DLP agent won’t detect sensitive information in the following cases:

    • Password protected files

    • Files that contain only images

    • Documents that don’t contain all the text from the original form used to create the document fingerprint

Prevent Data Loss in Office 365

When was the last time you asked your employees to carry your company’s handbook containing all the company policies with them? Do your IT workers know whether a particular email message they’re sending may violate company policy and run the risk of being noncompliant? Are they sure whether an email they’re sending contains sensitive information? Almost every IT worker faces compliance questions like these daily.  

DLP Policy Tips inform your workers in real time. With the DLP Policy Tips in Office 365, admins can inform email senders that they may be about to pass along sensitive information that is detected by the company’s policies-before they click Send. This helps your organization stay compliant and it educates your employees about custom scenarios based on your organization’s requirements. It accomplishes this by emphasizing in-context policy evaluation.

Policy Tips not only analyzes email messages for sensitive content but also determines whether information is sensitive in the context of communication. That means you can target specific scenarios that you associate with risk, external communication for example, and configure custom policy tips for those scenarios. Reading those custom policy tips in email messages keeps your workers aware of your organization’s compliance policies and empowers them to act on them, without interrupting their work.

DLP Policy Tips is supported only in Outlook 2013, but even if your users don’t have the latest version of Outlook, you are still protected from disclosing sensitive data through back-end processing. Admins can configure rules and take actions by setting up DLP rules in the Exchange Administration Center (EAC). This ensures that a single DLP policy controls both the client and server endpoints, minimizing the admin administrative overhead.

How do Policy Tips work? Consider a real-life scenario. A company has an internal policy to warn its employees any time they include sensitive information like a credit card number in email communications. An employee is composing an email to a person, who works outside her organization. She includes credit card information in the mail, and immediately a DLP policy tip shows up in the message in Outlook.

https://officeblogswest.blob.core.windows.net/wp-content/migrated-images/78/1462.DLP_01.png

When you include sensitive information in an email message, a DLP policy tip alerts you before you send the message.

At this point the employee can decide to: send the email message with the credit card information, send the message with the credit card information and click Report to report a false positive, or delete the credit card information before sending the message. If she’s unsure what to do, she can click Learn more to understand her company’s policy, which her admin may have customized. 

Let’s look at another scenario. A company has recently set up a policy that blocks emails containing multiple credit cards or that need to be overridden with a business justification. An employee starts an email message to book the travel for multiple employees in the company and attaches a document that includes the personal credit card information of the employees. A different policy tip shows up, highlighting the new compliance requirement. In Outlook 2013, the attachment that is the cause of concern is also highlighted, making it easy for her to locate the information being questioned.

 

https://officeblogswest.blob.core.windows.net/wp-content/migrated-images/78/5040.DLP_02.png

A custom DLP policy tip alerts you about an attachment that may contain high-count sensitive information.

As these two scenarios show, data loss prevention empowers end users, making them part of the organization’s compliance process and ensuring that the business flow is not interrupted or delayed, because achieving compliance does not get in users’ way. At the same time, data loss prevention simplifies compliance management for admins, because it enables them to maintain control easily through the Exchange Administration Center in the Office 365 admin portal.

Policy Tips are similar to MailTips, and Admins can configure them to present a brief note in Outlook 2013 that provides information about your business policies to the person creating a message. Admins can configure policy tips that will merely warn workers, block their messages, or even allow them to override your block with a justification. Policy tips can also be useful for fine-tuning a company’s DLP policy effectiveness, because they allow end users to easily report false positives. If policy tips are not available to a user in Outlook, admins can still control compliance behavior by setting up rules in the Exchange Administration Center. For example, admins can set up an action to generate incident reports if a particular DLP event occurs. Such incident reports can help tracks events in real time, because a report is generated in real time and sent to a designated mailbox, such as the mailbox for incident manager account.

The figure below shows a sample incident report.

https://officeblogswest.blob.core.windows.net/wp-content/migrated-images/78/0777.DLP_03.png

Admins can generate incident reports for specific DLP events in Office 365.

 -gleaned from Office blogs