ASD's Blueprint for Secure Cloud

Data Security

This section describes the design decisions associated with managing data security for system(s) built using ASD's Blueprint for Secure Cloud.

Estimated reading time: 5 minutes

Microsoft Purview Compliance Manager

Microsoft Purview Compliance Manager is a solution in the Microsoft Purview compliance portal that helps organisations automatically assess and manage compliance across an environment. Compliance Manager can help identify and monitor protection risks, manage complexities associated with controls implementation, remain current with relevant regulations and certifications, and provide reporting capabilities to stakeholders.

Compliance Manager provides a Compliance score based on the Microsoft 365 data protection baseline. This baseline is a set of controls that includes key regulations and standards for data protection and general data governance.

Compliance Manager includes assessments which help organisations implement data protection controls specified by compliance, security, privacy and data protection standards, regulations, and laws. Assessments include actions that have been taken by Microsoft to protect organisational data, and they’re completed when taking action to implement the controls included in the assessment. Microsoft E5 licensing includes the capability to utilise up to 3 regulation licenses (additional assessments can be purchased from Microsoft). Those of relevance within the Blueprint include ASD Essential 8, ASD Essential 8 Maturity Level 1, ASD Essential 8 Maturity Level 2, ASD Essential 8 Maturity Level 3, ASD Essential 8 Maturity Level 3 for Microsoft 365, Australia Privacy Act, Australia Public Record Act, and Infosec Registered Assessors Program (IRAP).

Microsoft Purview Data Loss Prevention

In Microsoft Purview, organisations implement data loss prevention (DLP) by defining and applying DLP policies. DLP policies enable organisations to identify, monitor, and automatically protect sensitive items across:

  • Microsoft 365 services such as Teams, Exchange, SharePoint, and OneDrive accounts
  • Office applications such as Word, Excel, and PowerPoint
  • Windows 10, Windows 11 and macOS (three latest released versions) endpoints
  • Non-Microsoft cloud apps
  • On-premises file shares and on-premises SharePoint
  • Power BI

Microsoft Purview Endpoint data loss prevention

Endpoint data loss prevention extends the activity monitoring and protection capabilities of DLP to sensitive items that are physically stored on Windows 10, Windows 11, and macOS devices. Once devices are onboarded into Microsoft Purview solutions, the information about user actions with sensitive items is made visible in Activity Explorer. Organisations can enforce protective actions on those items via DLP policies.

Microsoft provides a full list of endpoint activities that can be monitored and actioned.

Microsoft Purview eDiscovery

Microsoft Purview provides eDiscovery tools to search for content in Exchange Online, OneDrive for Business, SharePoint Online, Microsoft Teams, Microsoft 365 Groups, and Yammer teams.

eDiscovery can search mailboxes and sites in the same eDiscovery search, and export the search results. Organisations can use Microsoft Purview eDiscovery (Standard) cases to identify, hold, and export content found in mailboxes and sites, and can further manage custodians and analyse content by using the extended Microsoft Purview eDiscovery (Premium) solution.

Microsoft Purview Communication Compliance

Microsoft Purview Communication Compliance is an insider risk solution that helps organisations detect, capture, and act on inappropriate messages that can lead to potential data security or compliance incidents within the organisation. Communication compliance evaluates text and image-based messages in Microsoft and third-party apps (Teams, Yammer, Outlook, WhatsApp, etc.) for potential business policy violations including inappropriate sharing of sensitive information, threatening or harassing language as well as potential regulatory violations (such as stock and capital manipulations).

Microsoft Purview Insider Risk Management

Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as theft of intellectual property, data leakage, and other security violations. Insider risk management enables customers to create policies to manage security and compliance. Built with privacy by design, user data undergoes pseudonymisation by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

Microsoft Purview Information Barriers

Microsoft 365 natively supports communication and collaboration across internal user groups and external organisations. It also provides the ability to restrict communication and collaboration between specified user groups as necessary through use of Information Barriers (IB) to avoid scenarios such as a conflict of interest.

Microsoft Purview Information Barriers is supported within Microsoft Teams, SharePoint Online, and OneDrive for Business. Exchange Online does not currently support Information Barriers. Communications and collaboration between selected groups are blocked or allowed through implementation of a Microsoft Purview Information Barriers policies.

The Blueprint recommends organisations review the Microsoft guidance on Information Barriers and assess the value of implementation in line with their risk appetite.

Security & Governance

  • None identified

Design

References

Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at blueprint@asd.gov.au

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra