Here is a brief overview of this month's updates around governance, compliance and data protection offered through Microsoft PurView (MIP, etc.).
These include in particular:
General
- Updated reports, white papers and artifactsin the services trust portal with a new category of AI resources.
Sensitivity Labels
- General Availability (GA): Teams mobile applications now support calendar items corresponding to protected meetings.
-
Preview: sensitivity labels for
groups and sites have new options deployed to support visibility of private teams and channel sharing
controls for invitations to other teams.
- Deployment: The Encryption page during the configuration of a sensitivity label is renamed Access Control. No changes are made to the existing settings for encryption.
Records and Retention Management
- During deployment, you can now modify the retention period of an existing retention label when the retention period is based on when items were labeled.
Internal risk management
- Insider Risk Management extends its detection to multicloud environments by offering ready-to-use risk indicators in Azure, AWS and SaaS applications, including Box, Dropbox and Google Drive. Organizations can use these new indicators in their data theft and leakage policies. Microsoft Purview Insider Risk Management correlates various signals to identify potential insider risks, whether malicious or unintentional, such as intellectual property theft, data leaks and security breaches. Insider Risk Management allows customers to create policies based on their own internal policies, governance and organizational requirements. Users are pseudonymized by default, role-based access controls and audit logs are in place to ensure privacy at the user level. The Preview is scheduled for March 2024.
- Update to clarify than internal risk management creates a single aggregated alert per user.
- Update: Create and manage internal risk management strategies to clarify that you must have the Insider Risk Management or the Insider Risk Management Admins role to access the policy health status.
Communication Compliance
Update: Create and manage communication compliance policies to clarify that correction of team messages is not supported if a user reports a message that was sent before they were added to a chat.
Compliance Management
Update of the list of Compliance Manager regulations with the following recent additions:
- India Digital Personal Data Protection Act
- ISO/IEC 27001:2022
- Microsoft Cloud Security Benchmark v1
- NATO Directive AC/322-D(2021)0032
- NIS2 Directive (EU) 2022/2555 of the European Parliament and of the Council.
Data Map & Data Catalog
The labeling with Data Map supports 3 additional data sources : Dataverse, Azure Databricks and Snowflake.
(Preview) The types of sensitive information can now be applied at the column level in structured Azure or third-party data resources.
More information on:What's new in Microsoft 365 compliance - Microsoft 365 Compliance | Microsoft Docs
Read also:
Your dynamic snippet will be displayed here... This message is shown because you have not defined the filter and template to use.