Data Security
This section describes the design decisions associated with managing data security for system(s) built using ASD's Blueprint for Secure Cloud.
Estimated reading time: 3 minutes
Microsoft Purview eDiscovery
Microsoft Purview provides eDiscovery tools to search for content in Exchange Online, OneDrive for Business, SharePoint Online, Microsoft Teams, Microsoft 365 Groups, and Yammer teams.
eDiscovery can search mailboxes and sites in the same eDiscovery search, and export the search results. Organisations can use Microsoft Purview eDiscovery (Standard) cases to identify, hold, and export content found in mailboxes and sites, and can further manage custodians and analyse content by using the extended Microsoft Purview eDiscovery (Premium) solution.
Design decisions
| Decision point | Design decision | Justification |
|---|---|---|
| Microsoft Purview eDiscovery | Use | Useful tools for eDiscovery use cases |
Microsoft Purview Communication Compliance
Microsoft Purview Communication Compliance is an insider risk solution that helps organisations detect, capture, and act on inappropriate messages that can lead to potential data security or compliance incidents within the organisation. Communication compliance evaluates text and image-based messages in Microsoft and third-party apps (Teams, Yammer, Outlook, WhatsApp, etc.) for potential business policy violations including inappropriate sharing of sensitive information, threatening or harassing language as well as potential regulatory violations (such as stock and capital manipulations).
Design decisions
| Decision point | Design decision | Justification |
|---|---|---|
| Communication Compliance | Use | Provide additional monitoring over reported compliance breaches |
Microsoft Purview Insider Risk Management
Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as theft of intellectual property, data leakage, and other security violations. Insider risk management enables customers to create policies to manage security and compliance. Built with privacy by design, user data undergoes pseudonymisation by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.
Design decisions
| Decision point | Design decision | Justification |
|---|---|---|
| Insider Risk Management | Configure | Provides additional capability to identify potential data loss events |
Note
The Blueprint recommends organisations follow the steps within Microsoft’s Purview insider risk management configuration guide to configure Purview Insider Risk Management to meet the organisations risk appetite.
Microsoft Purview Information Barriers
Microsoft 365 natively supports communication and collaboration across internal user groups and external organisations. It also provides the ability to restrict communication and collaboration between specified user groups as necessary through use of Information Barriers (IB) to avoid scenarios such as a conflict of interest.
Microsoft Purview Information Barriers is supported within Microsoft Teams, SharePoint Online, and OneDrive for Business. Exchange Online does not currently support Information Barriers. Communications and collaboration between selected groups are blocked or allowed through implementation of a Microsoft Purview Information Barriers policies.
The Blueprint recommends organisations review the Microsoft guidance on Information Barriers and assess the value of implementation in line with their risk appetite.
Design decisions
| Decision point | Design decision | Justification |
|---|---|---|
| Information Barriers | Organisation decision | Enables restriction of of two-way communications and collaboration to minimise data loss events |
Related information
Security & Governance
- None identified
Design
Configuration
- None identified