Azure Active Directory

With Microsoft Information Protection (MIP) and Microsoft's other compliance products, you can protect against data breaches and meet your security policies.

Protect data from unauthorized access

Information Protection and Compliance

With Microsoft Information Protection (MIP) and Microsoft's other compliance products, you can protect against data breaches and meet your security policies.

Azure Active Directory
Azure Active Directory
Confidential data in services from Microsoft and other providers
Every year, billions of records are publicly exposed through attack or oversight, plus an unknown number of unpublicized data breaches. Microsoft Information Protection (MIP) brings together a suite of specialized products that provide a suitable response for each attack vector. The individual products nevertheless interlock and build on each other. They integrate naturally with the rest of the Microsoft 365 world, but also protect your data in other services and systems.
As part of our Webcast Friday series, our compliance experts regularly report on current topics.
For which of your data should you implement additional protective measures? Sensitivity labels help you get an overview of where confidential data is being processed. Visible markers create awareness of confidentiality so users know where extra care is needed. Additional invisible markers enable automatic protection measures such as built-in encryption, tracking, and targeted use of other MIP features.
Endpoint DLP lets you define which applications and services are allowed to process confidential data. Built into Windows 10, it requires no additional software and works directly on the endpoint device. For example, you can specify who is allowed to print classified data, copy it to USB sticks or upload it to 3rd party cloud providers, and how. Endpoint DLP can only monitor or block these actions, user warnings are also possible.
Office 365 and Teams make it easy to share data with colleagues or externals. But if a link falls into the wrong hands, so does access to the data. Even with an email, an additional address quickly slips into the recipient list. It's enough to use the auto-complete function and not look closely enough. This is where Office DLP steps in: Depending on the classification of the data and the configuration of the system, it blocks the release or sending of confidential data to unintended recipients or requires explicit confirmation from the user.
All data in Microsoft-365 is basically encrypted at multiple levels, from BitLocker disk encryption of the data center servers to service encryption with Tentant-specific keys. But this is not enough for all compliance policies - self-imposed in the group, by legal regulations or because of supplier requirements. In such cases, the keys used must be generated and controlled by the company itself. The BYOK mechanism can be used for service encryption (customer key: Exchange, SharePoint Online, Teams), for encrypted sensitivity labels or data in Azure.
Which cloud services do your users use and what data is processed there? With Cloud App Security, you gain an overview and take back control. MCAS blocks downloads of sensitive data to devices that don't meet security requirements and uploads to services that don't reach the appropriate clearance level. MCAS reports suspicious cases and even allows real-time manual administrative intervention.