Microsoft announces data loss prevention, mobile device management for Office 365

Microsoft made a slew of Office 365 announcements at TechEd Europe this week. Taken collectively, they’re clear evidence of how Microsoft is executing their strategy of cross-linking capabilities across Windows, the Office suite, and Office 365.

Let’s start with data loss prevention (DLP), a feature first introduced in Exchange 2013. (Side note: I love it that yet another marquee feature in Office 365 was first shipped as part of Exchange.) The idea behind DLP is that you can have an automated system that will detect when users send out sensitive information (for certain selected values of “sensitive”) and take appropriate action, ranging from warning the user through a Policy Tip to journaling the message to notifying a person or group to blocking the message. DLP shipped with a template engine that allows Microsoft and its partners to build templates for different policies, along with a set of templates for common policies such as US HIPAA and PCI. However, Exchange 2013 DLP suffered from some limitations, chiefly that it only worked with messages sent through Exchange. Users only get Policy Tip warnings in OWA 2013 and Outlook 2013, and the template system seems primarily intended for use by a few specialized partners and not the general population.

Microsoft is addressing these problems by extending DLP into SharePoint Online and OneDrive for Business. While they haven’t discussed the specifics of how this will work, it seems reasonable that both SharePoint and ODB will consume the same policy templates used in Exchange, so that you can apply a consistent set of policies across the three products. Conspicuously absent from the announcement was any mention of bringing this capability to on-prem SharePoint. Maybe that was just an oversight.

The OneDrive for Business capability will be of huge interest to several of my large customers. Microsoft’s messaging around large, low-cost personal storage for business users is getting a lot of traction, with both users and enterprises eager to take advantage of it, but organizations have a reasonable concern that users will, accidentally or on purpose, put stuff in their ODB libraries that they shouldn’t. Assuming that you can define a DLP policy that covers what you don’t want stored in ODB, having this enforcement mechanism could potentially be very valuable.

In addition to these DLP extensions, Microsoft is giving Office 365 DLP the ability to recognize and act on tags created in the Windows Server file classification infrastructure (FCI). With this support, the automated metadata tags generated by FCI can be recognized by Exchange Online, SharePoint Online, and OneDrive for Business—so if you have, say, an Excel spreadsheet that’s classified as protected health information (PHI), the DLP infrastructure will recognize and treat it as such. I don’t have a good feel for how pervasive FCI is in the enterprise, since I don’t normally deal with file/print deployments, but I suspect that this is a nice 2-for-1 play for Microsoft: they can sell the benefits of FCI to cloud customers and sell the benefits of DLP that’s driven by FCI to entrenched on-prem customers.

Another major DLP improvement is coming in Office: Word, PowerPoint, and Excel will get support for Policy Tips. While it would be technically possible to roll this out into Office 2013, it wouldn’t surprise me at all to see this offered as a feature only in Office 16.

I’ll have a lot more to say about the details of these features once Microsoft releases more public details. While I’ll look forward to picking the collective brains of the Office 365 PM team at the MVP Summit, I don’t expect them to share any public details beyond what they’re showing in Barcelona. In the meantime, though, Microsoft is clearly trying to reinforce the ties between their core Office and Windows Server customers and Office 365, while at the same time providing some more tasty cloud-only features in an attempt to entice customers into drinking the 365 Kool-aid.

For another day, a more detailed analysis of Microsoft’s announcement that mobile device management (MDM) capabilities are being added to almost all of the existing Office 365 plans.

Advertisements

3 Comments

Filed under Office 365, UC&C

3 responses to “Microsoft announces data loss prevention, mobile device management for Office 365

  1. Pingback: Microsoft announces data loss prevention, mobile device management for Office 365 | Paul’s Down-Home Page | JC's Blog-O-Gibberish

  2. Pingback: Weekly IT Newsletter – October 27-31, 2014 | Just a Lync Guy

  3. Pingback: NeWay Technologies – Weekly Newsletter #119 – October 30, 2014 | NeWay

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s