Protecting sensitive business data in documents and emails in Windows 10 (opens in new tab) is about to get a whole lot easier as Microsoft has updated its Microsoft Information Protection (MIP (opens in new tab)) solution with new capabilities.
MIP is built-in to Windows 10 and it provides a unified set of capabilities to know and protect business data and prevent data loss across Microsoft 365 (opens in new tab) apps, services, on-premises locations, devices and even third-party apps and services.
Understanding what sensitive data resides in an organization is the first step to protecting it and preventing data loss. This is why MIP includes both out-of-the-box sensitive information types (SITs) and well as Exact Data Match (EDM).
- We've put together a list of the best business VPN (opens in new tab) services available
- These are the best web hosting (opens in new tab) services for your website
- Also check out our roundup of the best SMB software (opens in new tab)
Out-of-the-box SITs use pattern matching to find data such as credit card numbers, account numbers and Social Security Numbers that need to be protected. MIP currently offers over 150 out-of-the-box SITs that are mapped to various regulations worldwide. EDM on the other hand is a classification method that enables users to create custom sensitive information types that use exact data values.
Knowing and protecting business data
To begin protecting your data using EDM, you first need to configure the EDM custom SIT and upload a CSV table of the specific data to be protected which may include employee, patient or other customer-specific information. From here you can then use the EDM custom SIT with policies such as data loss prevention (opens in new tab) (DLP) to protect your sensitive data.
Microsoft has continued to invest in and enhance its EDM service by increasing its service scale by a factor of 10 to support data files containing up to 100m rows while also decreasing the time it takes for data to be uploaded and indexed by 50 percent. The company has also added salting to the hashing process to better protect sensitive data uploaded to its EDM cloud service.
Another core component of MIP is sensitivity labels which can not only be applied to documents and emails but also to protect entire Teams (opens in new tab) and sites. Earlier this year, Microsoft allowed organizations to apply a sensitivity label to a Team or site and associate that label with policies related to privacy and device access. This allows users to secure sensitive data whether it is in a file or in a chat by managing access to a specific team or site.
Now Microsoft has announced that users can also associate external sharing policies with labels to achieve secure external collaboration (opens in new tab). This capability further helps ensure only authorized users can get access to sensitive data in Teams and SharePoint (opens in new tab) sites.
Principal group program manager at Microsoft Maithili Dandige provided further insight on the importance of protecting business data in a blog post (opens in new tab) announcing the new capabilities in MIP, saying:
“Data is the currency of today’s economy. Data is being created faster than ever in more locations than organizations can track. To secure your data and meet compliance requirements like the General Data Protection Requirement (GDPR) – you need to know what data you have, where it resides, and have capabilities to protect it. The above new capabilities are part of the built-in, intelligent, unified, and extensible solution that Microsoft Information Protection offers to enable both administrators and users to protect organization data while staying productive.”
- We've also highlighted the best antivirus (opens in new tab) software