Cloud Accelerators & SOC Integration

Ally Turnbull
Cloud Solution Architect
OCP UK
alison.turnbull@microsoft.com
Microsoft Internal Use and Microsoft Partners Only
 Azure Sentinel Compliance Related Connectors

Microsoft Internal Use and Microsoft Partners Only

 DEMO - Compliance Workbooks

Microsoft Internal Use and Microsoft Partners Only

 Compliance Workbooks

Microsoft Internal Use and Microsoft Partners Only

$ 27B is the global opportunity for compliance
Series4: $7B

Series3: $27B

Current market potential on Information

Series2: $43B
Protection is $ 19B globally (UK $ 1.B),
growing 9% yoy

Series1: $64B

1
 Top of Mind Risks
In context of remote work

52%
Top-of-Mind Overall Insider Risks
n570; Shown as %

Data leak/spillage 52

Regulatory compliance violations

of compliance decision
31

makers say that data IP theft 27

leakage is their top Staffing changes 24

Threatening messages on
challenge for remote work. communication channels
23

Corporate code-of-conduct
20
policy violations

Workplace harassment 10

Insider trading 8
The customer’s compliance journey
Where to look? What to look for?
?? Rules &
Regulations
Or do we???
Compliance
Management

Information Protection Insider Risk

Risks
& Governance Management
Discover &
200+ updates per day from Respond
750+ regulatory bodies

Delete or Classify &

Or not??? Retain?
New Label
Devices New Migrate to the cloud ?
New Data Types
Applications Storage Architecture?
https://aka.ms/cloudaccelerators
 Material
s

https://aka.ms/cloudaccelerators
Compliance Workshop
Overview
Use Compliance Workshop as a Toolkit to Target that Journey
Data Risk Check
Identified compliance risks
Compliance Workshop
Data Risk Management

Discovery Session
Organizational vision
Compliance Strategy
Priorities and initiatives
Recommendations
Microsoft Compliance Overview and Next Steps
Compliance vision Partner Service /
Integrated solutions Partner
Products and services
Implementation/
Design Projects
Customer Immersion Experience
Licence Uplift
Hands-on with products and tools
Real life scenario’s
Different persona’s
Data Risk Check
Enable the services for automated
discovery, configure the search
artifacts

Enable
configure

Two weeks of automated Analyze Analyze and report on the

Automated
discovery. Searching for discovery & findings of the automated
compliance risks in Report discovery process
organizational data
Default scope
For the Data Risk Check activity

Microsoft Cloud Services automated discovery

Microsoft 365 (Exchange Online, SharePoint Online, OneDrive
for business, Teams, etc.)

Enabling Data Risk Check Discovery Services

Sensitive Information, Stale data and Suspicious activities

Analysis and Reporting

Optional scope
For the Data Risk Check activity

On-premises infrastructure and data storage

On-premises data repositories such as file shares and
SharePoint server

Malicious and inadvertent risk activities

Data leaks, data theft and offensive communication.

Inappropriate communication.
Profanity, threats or harmful messages
Out-of-scope
Data Risk Check will not assess….

Non-Microsoft Cloud services

Proof of concept or pilot deployment

People & Processes

Client workstation or mobile devices

Data Risk Check Deliverables

Data Risk Check findings

Structured & categorized overview highlighting the most important findings

Recommendations for risk mitigation

Mapping the identified risks to solutions.
Automated Discovery
Discovering the hidden compliance risks

Leverage Microsoft 365 Tools and Services

Data Loss Prevention, Content Search, Audit & Alert,

Analyze data stored in the Microsoft 365 cloud

Exchange Online, Sharepoint Online, OneDrive for Business, Teams, etc.

Search for data and identify compliance risks

Sensitive information, Stale data, Suspicious activities
Out-of-box sensitive info types
Microsoft 365 includes 100+ sensitive info types
For different countries, industries or by information type

Sensitive information comes in many forms

Financial data, Personally Identifiable Information (PII)

Examples
• Croatia Personal Identification (OIB) Number
• EU Debit Card Number
• EU Passport Number
• US Drivers License Number
• Social Security Number
Customer specific sensitive info types
Business intellectual property
Business plans, product designs, confidential projects

Employee or customer information

HR Information, resumés, employment records, salary information

Highly confidential information

Mergers and Acquisition, workforce reduction

Examples
• Employee or customer numbers Technology: RegEx
<EMP-nnnnn>
<CUST-nnnnnn-NL>
• Specific keywords Technology: Static Keywords
<Project Enigma>
<Highly Confidential>
<Internal only>
Automated Discovery
[Optional activities]

Analyze on-premises repositories

On-premises data repositories such as SMB file shares and SharePoint libraries

Detect malicious and inadvertent risk activities

Identify, investigate, and take action to address internal risks.

Monitor communications for inappropriate messages

Identify Profanity, threats or the intent to harm oneself or others.
On-premises automated discovery
On-premises file servers and file shares
Repositories that often contain large volumes of dark data

On-premise SharePoint server libraries

Home to organizational documents with sensitive information

Preparing for data migration

Know your data before moving to the cloud, making informed decisions
on deletions and migration
Insider Risk Management
Data Leaks
Accidental oversharing of information or data theft with malicious intent.

Departing employee data theft

Load HR termination data and highlight unusual confidential data usage
before departure

Assess communications as part of risk

Identify and prevent offensive and abusive behavior, automatically detect email
message content that may be considered abusive or offensive
Communication Compliance
Identify profanity violating code of conduct
Monitor communications for offensive language

Proactively highlight threats for investigation

Maintain a safe workplace by identifying threats to others or an intent
to self-harm

Identify profanity in regional languages

Create custom dictionaries to enable risk management of regional slang
and complex languages
Be Patient – Stakeholder Development

Team has executive and tactical

relationships with the customer
Mix of participants
Security, Compliance/Legal
Possibly a non-IT stakeholder

Get the right people engaged at the

customer then do the workshop.
Don’t Stop with Information Protection

Technology
Operations
Implementation
Architecture Migration MSSP

Pre-Sales Policy Management “aaS”

Advisory Remediation Audit / Assessment

Advisory – Law GRC Assessment M&A GRC Management
& Legal
GRC Strategy

Readiness and
Deployment Management Services
Governance
 Get Skilled and Build a Practice
Start engaging with Customers

Share this training with your Company Talk to your customers about
Compliance.

Engage with Local OCP Teams to build a Nominate your customers for the
compliance practice Compliance Accelerator

Run an in-house Compliance Check on

your own production tenant or use a Engage on Compliance check.
trial / demo tenant.
https://aka.ms/secpractice-presales
https://aka.ms/secpractice-identity
https://aka.ms/secpractice-cloudsec
https://aka.ms/secpractice-threat
https://aka.ms/secpractice-compliance
 All Labs are located here:
https://aka.ms/secpractice-labs

TODAYS LAB

Lab 8 – Data Governance

 THANK YOU

https://aka.ms/secpractice-survey
Microsoft 365 Compliance Resources
✓ Microsoft 365 Compliance Overview
✓ Microsoft 365 E5 Compliance SKU updates
✓ Microsoft 365 A5 (EDU) Compliance SKU updates
✓ FAQ – Microsoft 365 E5 Compliance SKU updates
✓ DECK – DECK - Learn how to deliver the new Compliance
Workshop for Data Risk Management
✓ DECK – Build solutions to help customers protect and
manage risk
✓ DECK – Protect data and manage risk in the world of
remote work
✓ DECK – Learn more about the comprehensive Microsoft
365 Compliance products and solutions
For partners
✓ Product demos – Microsoft 365 compliance
✓ Compliance learning paths – Manage information protection and
governance
✓ Compliance learning paths – Manage insider risk in Microsoft 365
✓ Watch webinar – Learn how to deliver the new Compliance Workshop
for Data Risk Management
✓ Watch video – Build solutions to help customers protect and manage
risk
✓ Watch video – Protect data and manage risk in the world of remote
work
✓ Watch video – Learn more about the comprehensive Microsoft 365
Compliance products and solutions