Introduction: If your organization uses forms to collect sensitive information, Document Fingerprint makes it easier for you to protect this information by identifying standard forms that are used throughout your organization. Document Fingerprint is a feature of Data Loss Prevention that converts a standard form into a sensitive information type which you can use to define DLP Policies. Working: Documents have unique word patterns. When you upload a file, the DLP agent identifies the unique word pattern in the document and creates a document fingerprint based on that pattern and uses that document fingerprint to detect outbound documents containing the same pattern. Limitation: Document Fingerprint DLP agent will not detect sensitive information in the following cases: Password protected files Files that contain only images Documents that don’t contain all the text from the original form used to create document fingerprint. To upload a blank form: Go to Exchange Admin Center > Compliance Management > Data Loss Prevention. Click Manage document fingerprints. Click + New, provide a Name and Description. The name you choose will appear in the sensitive information types list. Click Add + to upload a form. Choose a Form and click Open. Click Save. The Document Fingerprint is now part of your sensitive information types, and you can add it to a DLP policy . Creating a rule in DLP policy: Go to Compliance Management > Data Loss Prevention. Click + New, choose custom DLP policy. Provide a Name and Description for DLP policy, Enable the state of the DLP policy and Enforce the policy. Click Save. New created DLP policy will be shown. Click Edit and go to Rules > Create a new rule. Add a Condition, so that if this (Employee Information Form) sensitive info type is sent to the external Recipient. Depending upon your organization requirement add an Action, that it will block the message, but sender can override and can send the documents to external recipient if there is a business requirement. Fill out the other properties of this rule as per your requirements and Save. So, whenever a user will try to send a form which has been managed by Document Fingerprint to external contacts the results will be as below. Conclusion: In this way you can secure and monitor the sensitive information from leaking outside your organization.

Introduction: Email can fill your Outlook Inbox quickly – new messages, replies, and forwards. Before you know it, you could have thousands of messages. Keep your Outlook inbox and its folders under control by moving older items you want to keep to an archive. Email archiving helps in saving and preserving data contained in email messages so it can be searched and accessed later. An archive mailbox is a specialized mailbox that appears alongside the users’ primary mailbox folders in Outlook or Outlook Web App. Users can access the archive in the same way that they access their primary mailboxes. Enabling In-Place Archive: For moving the mailbox items to Archive, firstly we need to enable In-place archive for that mailbox. Go to Exchange Admin Center > Recipients > Mailboxes. Select user for whom you want to enable In-place archive. You will be getting the option to enable archiving as shown in below image. After In-place archive is enabled, in the mailbox type you can see Archive in brackets (as shown in below image). Within 15 minutes, user will be able to see In-place archive folder in their mailbox which is a secondary mailbox and can be accessed as primary mailbox is accessed. Creating Retention Tag and Retention Policy: Retention Tag – Retention tags define and apply retention settings to messages and folders in a user’s mailbox. Retention tags specify how long a message is kept and the action taken when the message reaches the specified retention age. After enabling In-Place Archive, we need to move the items to archive. We can move the items by – 1. Moving the mailbox items manually. 2. Move messages using Inbox rules. 3. Move messages using retention policies. Here, we will see how to create retention tag and policy so that the mailbox items will be moved to Archive. Go to Exchange Admin Center > Compliance Management. To create a Retention Policy, firstly we need to create Retention tag and then attach that tag with a policy which is called retention policy. You will be getting 3 options to create a Retention tag – a. Default policy tag which will be applied to entire mailbox. Note – DPT will be applied to all items in the mailbox that don’t have a retention tag already applied to it. b. Retention policy tags which will be applied to a default folder, such as Inbox (Does not support Archive action). c. Personal tags which can be applied by users to items and folders. Select default policy tag. Provide a name to tag and choose the retention action which will be taken after the items reaches retention age which also needs to be mentioned in no. of days (see below image). In this case I have created a retention tag so that when the items will reach 90 days it will be moved to archive. After creating Retention tag, we need to create retention policy, provide a name to the policy and add the retention tag. After the Retention Policy is created, it needs to be assigned to the users. For the same, go to Recipients > Mailboxes. Select User and click on edit. Go to Mailbox features and apply  Retention Policy to user. It may take some time for the retention tag to appear in the mail settings > retention policies (see below image). After the Retention Policy is applied to the mailbox, the items which has reached their retention age of 90 days will start moving to In-place Archive. Note – It can take up to 7 days for the items to be moved in to In-Place Archive depending upon the number of items. Conclusion: In this way we can create Retention tag and policy for Email Archiving which will keep Outlook inbox and its folders managed by moving the older items to archive.

Introduction: Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive information outside the corporate network. You can set up policies to help make sure information in email and docs isn’t shared with the wrong people. With a DLP policy, you can identify, track, and protect sensitive information across Office 365. Create a DLP Policy in Office 365 Security & Compliance center: Go to Office 365 Admin Center > Security & Compliance > Data Loss Prevention. You can choose to create a policy from a template or create a custom policy. In the next step, you need to name your policy. The next step is to choose location, whether it should be for all locations or for specific. If you select, Let me choose specific location you will getting option in below image. Under policy settings, you can choose base setting (Find content that contains) or you can Use advanced settings. If you choose advanced settings then you can customize a New Rule. By clicking New Rule, you will get options to create a rule. Provide the conditions and actions. In conditions you can add sensitive information types which is available or you can select Label which has been applied to the document for data classifcation.Labels need to be created and published first in order to use it in a DLP Policy. You can create Labels from Office 365 Security & Compliance. Labels can be applied to the documents in OneDrive and SharePoint Online. You can also configure other settings like User Notification, User overrides and incident reports. After creating a Rule, Save the changes. In the Conditions option you can see the Label (see below image) which has been applied to the DLP rule “Cloud Sensitive Information”, which has been published first and then applied to the document. In the below image, showing Label which has been applied to the Cloud DLP Policy. After creating the policy, it may take upto 24hrs for the changes to take effect. Testing DLP Policy: After creating policy, if user will try to share the document with external users he will be getting policy tips (as shown in below image). Also, if you try to send the sensitive information of your organization on an email outside your organization, policy tips will be shown (see below image). If the user will override the policy tip, then he has to enter a business justification or report it as a false positive. Conclusion: This is how you can create DLP Policies and prevent your organisations classified data from leaking.

Introduction: It is important that you have your organization hierarchy setup in order to use advance features. To setup Manager for User in Office 365, there’s a couple of ways how you can make that happen. Manager setup in Exchange Online. Manager setup in Azure AD. Manager setup in Exchange Online: 1. You need to login as administrator to your Office 365 and then choose ‘Admin Centers’, and ‘Exchange’. 2. Then go to ‘Recipients’ left menu item, search for the person that you want to manage, highlight the person and choose details. 3. Navigate down to Organization and then browse their manager. Manager Setup in Azure AD: Alternative is to set user’s manager in Azure Active Directory directly. To do that, you need to login as administrator to your Azure portal, Users and Group > All User. In order to set Manager in Azure AD, You will need to know manager’s person object ID to set it as a Manager ID for user (which you can look up by checking manager’s profile)’ Manager’s Profile – User’s Profile – After filling Manager ID and saving user profile, Manager will also be shown after few minutes in Mailboxes (Exchange Online). Manager setup can also be done in Dynamics 365, for doing so login to Dynamics 365. And, go to Settings > Users > Organization information and search for Manager of that user. Conclusion: In this way you can setup hierarchy in your Organization which is important in order to use full and advance features, you can also setup manager form Dynamics 365. Setting Manager information between Exchange Online and Azure AD will be synced.

Introduction: Many of the organizations are using  SharePoint Online in Office 365 as their content management system and it is essential to protect data so that the sensitive data does not slip into false hands. It is here we can use Multi-Factor Authentication and we can do this through Azure AD for that tenant by creating a Dynamics group for ‘External users’ and then create a conditional access policy and apply it to SharePoint Online. Creating a Group for External Users: Login to Azure AD Portal, and go to Azure AD > Users and Groups > All Groups and click New Group. Provide a name and description to this group and  select membership type (Dynamic User). Click Add query -> Create to make the group dynamic. It will take some time for the group to populate. After Group is created, you need to provide Conditional access to this Group. Create a Conditional Access Policy for SharePoint Online: Login to Azure AD Portal, go to Enterprise Application > Conditional Access and click on New Policy. Provide the name to the policy. Under Assignment > Users and Groups, select Include > Select Users and groups > Select, and then chose the group whom you want to provide the policy (External users). Under Assignment, go to Cloud Apps >Include > Select, and then choose the application (Office 365 SharePoint Application). Under Condition, select Condition if you want. Under Access Control, go to Grant and select Grant access and then choose Require multi-factor authentication. At last, toggle the Enable policy switch to ON and click Create. To verify if the policy is created, navigate to Conditional Access and check the policy name and if it is enabled. Wait for few minutes for the policy to take effect, after that you can check by sharing a document from SharePoint to external user. It will ask for authentication (see below image). Conclusion: In this way, you can create a conditional access policy and protect the sensitive data in your SharePoint Online. Hope this will be useful.

Introduction: You can use alert features in Office 365 to view and manage alerts for your Office 365 organization, including managing advanced alerts as part of Advanced Security Management. Advanced Security Management is available with Office 365 Enterprise E5, if your organization is using another Office 365 subscription, Advanced Security Management can be purchased as an add-on. After purchasing this add-on, you will be able to see Manages Advance Alerts under Alerts in office 365 security and compliance. In Office 365 Security & Compliance, go to Alerts > Manage advance alerts. Choose Go to Advance Security Management.In Advance Security Management portal, you can: Define policies and set up alerts and actions. Know about cloud usage across your organization through reports. Manage third party apps that people in your organization are using with Office 365. Create a new activity policy: From the Control menu of Advance Security management portal, select Policies. Click Create policy, and then select Activity policy. On the Create activity policypage, type the Policy name and Description. You can base a new policy on one of the default templates, if you like, by choosing one in the Policy template drop-down menu. Choose a policy severity and category for this policy. This can help you filter and sort alerts that have been triggered. Choose Activity filtersto set up other actions that will trigger an alert based on this policy. Check Create alert to receive notifications from this policy. Choose Actionsthat should be taken when an alert is triggered to suspend the user or require the user to sign in again to Office 365. When an activity matches a policy, alerts will be generate and notification will be sent to the mail ID enabled for getting alerts (see below screen shot) Email will be coming from this mail id. You can also receive SMS, for the same you must provide contact number. After you got the email notification, you can also view the details and take necessary actions on alert in Portal. You will able to see all the alerts under Alert By clicking on Alert which you got, you can see the details, activity log and take necessary actions on the alert. Conclusion: It is a good practice to set advance alerts which helps in monitoring the user activities by getting alert notifications.  

Introduction: When content reaches the end of its retention period, there are many reasons that you might want to review that content. You might need to assign a different retention period, suspend the deletion, etc. A disposition review includes only content in SharePoint sites, OneDrive accounts, and sites for Office 365 groups. A disposition review can’t include content in Exchange Online, Skype, public folders, or mailboxes for Office 365 groups. Sign in with Office 365 credentials, go to Admin Center > Security & Compliance > Data Governance > Disposition. Permission for Disposition: Reviewers must be the member of Disposition Management role and the View-only Audit Logs role. Setting up the Disposition review by creating a Label: Disposition review option is only available when you create a Label with retention settings. This option is not available in a retention policy. For creating a Label, navigate to Office 365 Security & Compliance, go to Classification > Labels. With Labels, you can classify data across your organization for governance, and enforce retention rules based on that classification. Switch toggle button to ON for applying Retention. Tick Trigger a Disposition review for setting up Disposition. When a content (to which this label is applied) reached retention period, reviewer is notified by email that content is ready to review. Reviewer can then go to Disposition page and select one or more item. The reviewer can: Apply a different Label. Extend the retention period. Permanently delete the item Export the Disposition item: In addition, you can export the items in .csv file that you can open in excel. Conclusion: It is important to review content when it reaches it’s retention period so if it requires you can assign different retention tag or label.

Introduction: Supervision lets you define policies that capture email and 3rd-party communications in your organization so they can be examined by internal or external reviewers. For creating Supervision policy, one must made add himself to the Supervision review role group so that they can set up policies. Go to Office 365 admin center > Security & Compliance > Permissions. Or Sign in to https://protection.office.com with your Office 365 credentials. Create Policy for Supervision: Go to Office 365 Security & Compliance > Data governance > Supervision. Click Create and then follow the wizard to set up the following pages of the policy. Enter a name and description for your policy. Choose users to supervise, here you can provide list of users or you can make Group in Office 365 and provide the Group name. If you provide Group, then you can exclude any user from Supervision by providing that user name under Exclude these users. Choose communications to review. If you want to scope the review further, click Add a condition. You can specify multiple conditions. Specify percentage to review. If you want to reduce the amount of content to review, specify a percentage. If you want reviewers to review all items, enter 100%. The users and groups you choose will use the Supervision app in Outlook web app to examine the communications that are returned by this policy. You can include email addresses for internal and external reviewers. After you have completed all sections of Supervision policy, review your settings and click Finish. Reviewers will use the Supervision add-in for Outlook web app to review communications. The add-in is installed automatically in Outlook web app for all reviewers you specified in the policy. Conclusion: It is good practice to create Supervision policy to capture email communication in your organization.

Introduction: Auditing in Exchange Admin Center means troubleshooting the configuration issues by tracking specific changes made by administrators and to help you meet regulatory, compliance, and litigation requirements. Exchange provides two types of audit logging: Administrator audit logging. Mailbox audit logging. Note: You must enable mailbox audit logging for each mailbox so that audited events are saved to the audit log for that mailbox. Enabling Mailbox Audit Logging You need to use Remote PowerShell connected to your exchange, you can’t use EAC. Connect to Exchange Online using PowerShell. Open Windows PowerShell and run command. $UserCredential = Get-Credential In Windows PowerShell credential request, enter your Office 365 global admin account username and password. Run the following command. $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection Run the following command. Import-PSSession $Session To verify that you’re connected to your Exchange Online organization, run the following command to get a list of all the mailboxes in your organization. Get-Mailbox This command enables mailbox audit logging for all user mailboxes in your organization. Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq “UserMailbox”} | Set-Mailbox -AuditEnabled $true You can see in above image AuditEnable is showing True, means mailbox audit logging has been enables for the mailboxes. Run a non-owner mailbox access report. In the EAC, go to Compliance Management> Auditing. Click Run a non-owner mailbox access report. Click Run a non-owner mailbox access report, you can specify dates and select mailbox for whom you want to view edit log. Run the admin audit log report – Administrator auditing logging is enabled by default. In the EAC, go to Compliance Management > Auditing and choose Run the admin audit log report. Choose Start date and End date. And then choose Search. All configuration changes made during the specified time are displayed. Similarly, you can run audit report for In-Place eDiscovery & hold, Litigation hold report, administrator role group report & external admin audit log report. Also, you can export the log report for Mailbox and the admin. Exporting the admin audit log report In the EAC, go to Compliance Management > Auditing > Export the admin audit log. Mention Start date and End date and select the User  whom you want to send the audit log. Click OK and Export. Audit log entries are saved to an XML file that is attached to a message and sent to the specified recipients within 24 hours. Conclusion: You can enable mailbox audit logging, generating reports and audit logs in Exchange Online using Exchange Admin Center.  

Introduction: Encryption is the process by which information is encoded so that only an authorized recipient can decode and consume the information. Steps: The process to setup and enable Office 365 Message Encryption is easy. There are three main steps that need to be followed: Activate Azure Rights Management. Setup Azure Rights Management for Exchange Online. Setup transport rules to enforce message encryption in Exchange Online. Step 1: Activate Azure Rights Management for O365 Message Encryption. Sign in to Office 365. In O365 Admin Center, go to Settings > Services & Add-ins and select Microsoft Azure Information Protection. Click on Manage Microsoft Azure Information Protection settings and you will be redirected rights management Activate the Rights Management. Step 2: Set up Azure Rights Management for O365 Message Encryption. In this step we will use PowerShell to connect to Exchange Online, Open PowerShell as Administrator and enter the following commands to connect and import the session Set-ExecutionPolicy RemoteSigned $cred = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic –AllowRedirection Import-PSSession $Session Verify your IRM is not already configured Get-IRMConfiguration Configure RMS with the online key-sharing locationfor Exchange Online with PowerShell (locations below). Set-IRMConfiguration -RMSOnlineKeySharingLocation https://sprms.ap.aadrm.com/TenantManagement/ServicePartner.svc  Location RMS key sharing location North America https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc European Union https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc Asia https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc South America https://sp-rms.sa.aadrm.com/TenantManagement/ServicePartner.svc Office 365 for Government https://sp-rms.govus.aadrm.com/TenantManagement/ServicePartner.svc Import the Trusted Publishing Domain(TPD) from RMS Online Import-RMSTrustedPublishingDomain -RMSOnline -name “RMS Online” Verify successful setup of IRM in Exchange Online. Test-IRMConfiguration –sender admin@domain.com Disable IRM templates in OWA and Outlook.  Set-IRMConfiguration -ClientAccessServerEnabled $false Enable IRM for Office 365 Message Encryption. Set-IRMConfiguration -InternalLicensingEnabled $true Viewthe IRM Configuration. Get-IRMConfiguration Step 3: Create transport rule to encrypt message. In Office 365 Admin Center, go to Exchange Online Admin Center. Go to Mail Flow > Rules. Click the + and create your transport rule. This rule will encrypt anything that is sent external. Make sure the rules are active. Testing that the transport rule applies Office 365 Message Encryption. Conclusion: Its easy to encrypt your mail and secure it in Office 365.