►
From YouTube: Security and compliance in SharePoint and OneDrive
Description
Safeguard your devices, personal information, and files from being compromised. This session explores the core tenets of platform security, secure access and sharing, information governance, and compliance across SharePoint, Microsoft OneDrive, and Microsoft 365. Presented by Sesha Mani
Learn more about security and compliance in Microsoft 365: https://docs.microsoft.com/microsoft-365/compliance/plan-for-security-and-compliance
Learn more about Microsoft 365: https://www.microsoft.com/microsoft-365
A
In
this
session,
I'm
going
to
cover
security
and
compliance
in
SharePoint,
onedrive
and
teams,
I'm
Statia
our
money,
I'm,
a
principle
group
product
manager
at
Microsoft.
In
this
session,
we
will
cover
the
agenda
under
four
major
topics.
I
will
start
with
trends
shaping
the
security
landscape.
Then
I
will
cover
the
new
security
controls
that
are
helping
you
to
to
your
unique
new
challenges
and
then
also
I'll
cover
the
new
compliance
controls
to
meet
your
Realtor
anneals.
And
then
we
will
finish
with
sharing
with
you,
the
road
map
and
a
Q&A
session
as
well.
A
Let's
start
with
the
trends
shaping
the
security
landscape.
As
we
all
working
from
home,
we
actually
expected
around
300
million
global
office
workers
are
to
be
working
from
home
actually
now
this
is
now
becoming
the
new
norm
and
when
we
asked
Cecil's
and
CEOs,
they
indicate
that
40%
of
them
indicate
that
information
security
is
a
primary
risk
from
this
Kovach
19.
However,
they
also
said
69
first
of
them
said:
employee
health
and
safety
is
the
key
consideration
for
them.
A
If
you
double-click
on
the
information
security,
the
threat
landscape
that
we
see
is
all
around
zero
trust
model.
So
what
is
zero
trust
model
gone
are
the
days
when
you
have
to
access
your
corporate
data,
VPN
a
link
to
your
IP
network,
having
firewall,
protecting
your
corporate
data
and
so
on.
Nowadays,
your
employees
expect
to
access
your
corporate
data
from
anywhere
from
any
devices
from
any
different
locations.
That's
their
expectation
with
that
particular
expectation
as
a
security
professionals.
We
do
have
challenges
ahead
of
us
in
the
context
of
identity.
A
We
do
have
to
start
embracing
the
strong
user
identity,
in
other
words,
multi-factor
authentication
in
lieu
off
devices.
You
need
to
start
managing
the
devices
because
there's
no
longer
firewall,
that's
going
to
protect
those
corporate
data,
so
you
need
to
start
managing
their
devices
that
the
users
are
using,
not
only
that
even
the
users
come
from
their
personal
devices
access
your
corporate
data.
You
want
to
make
them
productive,
but
at
the
same
time
ensure
that
your
business
critical
data
is
not
getting
late.
A
It's
all
boils
down
to
the
core
principle
least
privileged
access,
because
employees
expect
to
access
their
corporate
data
from
anywhere
from
any
devices.
That
means
when
they
access
the
data.
You
ensure
that
only
the
privileged
they
absolutely
need
is
what
given
in
order
to
access
the
data.
So
that's
in
nutshell,
what
a
zero
trust
model
is
now,
let
me
go
into
the
next
topic:
what
are
the
security
pivots
and
the
controls
that
we
have
in
SharePoint
when
drive
and
teams
I
would
put
them
in
four
major
security
pivots.
A
A
In
order
to
maintain
the
security
turbit,
you
really
need
to
embrace
the
multi-factor
authentication
and,
as
you
know,
office,
a
65
and
Azure
Active
Directory
already
supports
capability
for
enforcing
multi-factor
authentication
for
your
users,
be
it
internal
users
or
external
users.
The
another
key
policy
that
you
want
to
keep
in
mind
is
sharing
policies,
especially
when
you
are
bringing
in
external
collaborators.
You
want
to
make
sure
appropriate
external
sharing
policies
are
in
place
for
your
corporate
data.
A
Now,
let's
go
on
to
devices
now
in
this
case,
both
from
a
manageability
of
devices
and
personal
devices.
When
the
user
is
trying
to
access
the
corporate
data,
you
need
to
bring
in
appropriate
security
policies
to
manage
the
devices
mobile
device
management.
Solutions
such
as
Intune
is
the
perfect
match
there.
Here.
As
an
IT
administrator,
you
can
now
manage
I
tea
plastic
devices,
but
at
the
same
time,
using
fine-grained
conditional
access
in
SharePoint
and
onedrive.
A
You
can
now
also
allow
from
unmanaged
devices
access
for
those
users
but
at
the
same
time
ensure
if
it
is
very
business,
critical,
high
business,
critical
content
like
a
top
secure
content,
you
block
them
access
when
they
come
from
unmanaged
devices
and
then,
finally,
when
users
access
these
corporate
data
from
unmanaged
devices,
let's
imagine
somebody
is
accessing
your
corporate
data
from
airport
from
a
shared
device
and
they're
in
it
busy
to
catch
that
flight
and
they
forgot
to
sign
out
in
those
cases
where
I
don't
session.
Timeout
policy
comes
into
play.
A
If
the
session
is
left
idle
for
certain
minutes.
As
an
administrator,
you
can
configure
how
long
you
want
that
to
be,
then
it
will
automatically
sign
out
that
particular
session.
So
that
way
you
are
protecting.
You
were
corporate
data
access
from
unauthorized
hands.
Let's
go
to
the
third
pivot,
which
is
around
locations.
A
You
can
configure
IP
address
policy
in
SharePoint,
onedrive
and
teams
such
that
only
if
users
come
from
those
IP
addresses
you
allow
them
access
to
your
corporate
data,
not
only
within
this
services
in
Azure
Active
Directory.
We
have
now
integrated
such
that
you
can
provide
a
unified
IP
address
range
in
Azure,
Active
Directory
that
will
get
honored
across
all
the
Microsoft
365
services
as
well,
so
that,
in
a
nutshell,
across
three
pivots,
what
are
different
policies
and
controls
that
we
have
available
in
the
service?
A
The
last
pivot
I
want
to
focus
on
is
information
protection
itself
like
how
are
we
protecting
the
data
that
is
sitting
on
the
uneven
services?
This
one
I'm
going
to
actually
go
a
little
bit
more
deeper.
So
let
me
actually
go
into
the
first
topic
around
simplifying
the
information
protection
using
sensitivity,
labels
I'm
sure
many
of
you
are
already
aware
of
our
journey
in
Microsoft
information
protection.
A
We
want
to
help
you
easily
classify,
detect
and
label
you
our
ever-increasing
digital
data,
these
labels,
you
can
associate
richer
security
and
access
policies
to
them,
and
not
only
that
these
policies
are
consistent
across
files
teams,
SharePoint
sites
and
office.
Certified
groups
as
well.
In
other
words,
we
call
them.
You
define
the
labels
across
Microsoft
365,
you
define
them
in
one
location,
which
is
amplified
compliance
center
and
they
consistently
available.
A
For
your
end,
users
across
all
the
Microsoft
365
experiences
such
as
Office,
Word,
PowerPoint
and
Excel,
or
in
team's
experience
or
in
SharePoint
or
onedrive
experiences
as
well.
Let's
actually
take
a
look
at
it
in
the
hands-on
demo.
Here,
I
am
in
the
Microsoft
365
compliance
center
I'm
logged
in
as
a
compliance
admin
for
contoso
Bank
or
throughout
my
demos.
In
this
session,
I
am
going
to
act
as
the
compliance
administrator,
as
well
as
an
investment
banker
working
at
contoso
Bank
gap.
A
A
So
here,
if
I,
let
you
go
ahead
and
click
on
edit
label
and
I
have
selected
the
name
which
is
top
secret.
The
important
policy
that
I
have
configured
here
is
encryption
policy.
As
you
can
see,
this
top-secret
label
allows
only
the
contoso
bank
or
employees
to
be
able
to
access
the
files
that
are
labeled
as
top-secret
I
am
able
to
configure
that
right
here
in
the
encryption
policy.
A
Second
I
also
have
configured
a
Content
marking
policy
so
that
if
a
file
got
labeled
as
top-secret,
there
is
a
watermark
and
header
and
footer
saying
top
secret
is
getting
added
to
the
file
as
well.
Then
I
also
configured
sites
and
group
settings
such
that.
If
this
top-secret
label
gets
added
to
a
team
or
a
SharePoint
site,
these
three
policies
will
take
effect
on
privacy
setting
it
will
be
automatically
set
as
private
as
Vidya
Findo.
Their
choices
are
private
or
public,
or
none
so
I'm.
Setting
for
top
secret
label
is
always
private.
A
Second
of
all,
external
users,
access
I
have
this
turned
off.
That
means
opposite.
If
I
group
owners
cannot
add
people
from
outside
the
organization
for
the
top
secret
resources,
it
makes
sense
right,
but
then
also
from
a
device
policy
perspective
from
unmanaged
device
policy.
The
fine-grained
control
axes
that
I
mentioned
earlier
I
have
set
it
as
block
access.
A
That
means
top
secret
sites
or
teams
cannot
be
accessed
from
their
personal
devices,
makes
sense
to
also
I
can
choose
other
options
like
limited
access
mode,
which
means
people
can
access
these
sites
and
files
only
from
the
web
or
I
can
also
allow
full
access.
So
these
are
the
choices
based
on
the
sensitivity
nature
of
the
label.
I
can
select
for
the
unmanaged
devices
and
that's
it.
I
can
go
ahead
and
finish
this
setting
for
top
secret
and
similarly
I
have
the
confidential
label.
The
only
difference
here
is
for
sites
and
group
settings.
A
I
have
configured
it
as
private
and
allow
limited
access
for
web
on
the
access,
and
there
is
no
infection
policies.
I
have
configured
for
this
confidential,
so
these
are
the
two
labels
that
I
have
configured
as
a
compliance
admin.
Now,
let's
take
a
look
at
it
as
an
end
user.
Here
I
am
logged
in
to
my
team's
experience
as
an
investment
banker.
I
am
logged
into
my
investment
banking
chain
and
in
the
files
tab
I
can
see
all
the
files
that
are
available
for
me.
A
If
you
noticed
the
sensitivity,
column
is
actually
available
here
right
here
in
the
experience
as
well.
If
I
can
zoom
it
in
I
have
files
that
are
marked
as
top
secret
as
well
as
I
have
files
that
are
marked
as
confidential.
So
let
me
go
ahead
and
open
one
of
their
top-secret
file
within
the
team's
experience.
I
can
now
open
these
encrypted
files,
the
one
where
top
secret
had
encryption
policy
right.
A
So
it's
an
encrypted
file
now
I
can
be
able
to
open
it
right
here
in
the
experience
and
not
only
that
when
I
opened
it
I
also
noticed
that
Jeff
is
also
editing.
This
particular
file
you
can
see
at
the
top
that
Jeff
is
actually
also
in
this
document.
He
is
in
Activ
right
now,
but
he's
also
in
this
document
co-authoring
with
me.
So
what
it
shows
you
is
encrypted.
Files
are
now
getting
first-class
experience
in
James,
SharePoint
and
onedrive
and
I
know.
A
Many
of
you
have
been
waiting
for
this
feature
for
a
long
time,
I'm
glad
to
announce
now
it's
actually
available
as
the
general
availability
feature.
On
the
other
hand,
if
I
go
into
the
header,
they
go
up
here
and
then
open
the
header
for
this
particular
file.
You
can
see
that
top
secret
is
actually
embedded
as
the
header
for
this
particular
file.
A
Now,
let's
take
a
look
at
the
another
file
that
I
have
the
year
as
the
confidential,
you
can
see
it's
a
PowerPoint
file
I
see
confidential
available
as
the
head
as
the
watermark
in
the
file
itself.
Now,
let's
take
it
one
step
further.
Let's
say:
I
have
encrypted
file
that
is
having
the
codename
red
zone
and
I
want
to
be
able
to
search
for
that
file
because
I
don't
know
where
that
actual
file
is
located.
A
So
here
I'm
going
to
just
go
type
it
in
red
zone
and,
as
you
can
see,
it
pulled
me
up
a
results
that
included
that
particular
red
zone
code
name
and
if
I
go
ahead
and
open
up
that
particular
that
PowerPoint
file
and
you
can
see
that
this
file
is
also
labeled.
As
top-secret.
You
can
see
at
the
bottom
of
the
screen
here
that
we
need
zoom
it
in
for
you,
and
the
locked
icon
tells
me
that
is
an
encrypted
file
and
this
particular
file
is
having
that
watermark
top-secret
as
well.
A
A
Also,
my
admin
have
conveniently
published
the
material
ID
ins
on
which
one
labeled
to
choose
in
which
particular
projects.
So
this
is
completely
customizable.
So,
as
an
administrator,
you
can
decide
what
you
want
to
expose
to
your
end-users.
So
in
this
case
I'm
going
to
select
confidential
and
once
I
selected
as
you
notice,
the
privacy
option
gets
automatically
get
set
because
if
you
remember,
as
the
label
definition
I
said
that
as
a
private,
that's
why?
Here
it
automatically
selects
the
private
option.
The
moment
I
choose
the
sensitivity
label
now,
in
the
interest
of
time.
A
A
Would
you
like
to
try
these
sensitive
labels
in
SharePoint,
onedrive
and
teams?
I'm
sure?
All
of
you
I'm
happy
to
announce
that
we
may.
We
have
sensitive
labels
for
files
in
SharePoint,
onedrive
and
teams
generally
available,
as
of
May
4th
2020,
and
you
can
learn
more
at
a
kms
/m
365
files,
labels
ga
also.
A
Let's
get
into
the
next
topic,
I'm
pretty
sure.
As
an
administrator,
you
know
end
users
often
forget
or
neglect
to
label
their
sensitive
content.
No
worries
this
is
where
Auto
classification
with
sensitive
labels
comes
and
helps
you.
As
you
know,
we
have
over
100
sensitive
information
types
to
create
these
auto
labeling
policies,
and
you
can
also
use
policy
simulators
to
create
the
rule,
run
a
simulator
see
how
many
files
are
being
picked
up,
and
if
you
are
satisfied
with
that
policy,
you
can
tailor
them
or
tweak
them.
A
As
you
think
you
need,
and
then,
once
you
are
satisfied
with
the
results,
then
you
can
publish
the
policy
now.
Let's
actually
take
a
quick
look
at
how
to
configure
such
a
rule
and
how
does
it
end
users
come
to
see
them.
Here
I
am
again
in
the
M
365
compliance
Center
as
a
compliance
admin.
As
you
can
see,
we
have
a
new
tab,
auto
labeling,
and
this
is
the
tag
wherein
you
can
create
auto
labeling
policies
for
your
enterprise
in
this
control.
A
Bankcorp
tenant,
I
have
created
two
policies
and
they
are
in
the
simulation
mode
and
I
have
also
created
a
policy
and
published
them
as
US
Federal,
Trade
Commission
consumer
rules.
Let's
take
a
look
at
the
social
security
policy
and,
as
you
can
see
in
this
policy,
there
are
ten
items
that
are
matching.
Six
of
them
are
in
SharePoint,
and
four
of
them
are
in
exchange
and
I
have
actually
go
ahead
and
click
on
edit.
A
So
you
can
see
what
the
rules
of
this
policies
are,
so
you
create
a
name,
and
then
you
can
pick
specific
exchange
users
or
SharePoint
sites
or
a
specific
onedrive
accounts,
and
in
this
case
I
have
picked
it
just
for
demo
purposes,
one
specific
SharePoint
site
and
then
in
the
rules
for
exchange.
I
have
created
an
SSN
rule,
which
is
social
security
number
rules
in
the
case
of
SharePoint
files.
A
Would
you
like
to
try
out
Auto
classification
with
sensitivity
labels
I
am
glad
to
announce
that
available.
It
is
available
in
public
preview
and
you
can
learn
more
at
a
k8
or
MS
slash,
SPO,
Auto
classification
moving
on.
Let's
cover
the
labels
analytics
now
that
you
have
a
bate
to
label
the
files
or
the
site
collections
and
so
on.
A
You
probably
also
would
want
to
know
how
many
of
those
label
the
files
are
unlabeled
files
that
contain
sensitive
information
types
are
there
in
my
enterprise
corpus
and
that's
where
data
classification
insights
comes
into
play,
and
this
is
our
effort
to
give
you
a
full
visibility
into
your
enterprise
purpose
across
all
the
sensitive
labeled
suntanned
label,
the
content
and
the
site
collections
in
your
system,
not
only
in
this
space
but
also
in
office
expire
audit
logs.
You
can
see
a
full
detailed
view
of
labeled
items
as
well.
A
Now,
let's
take
a
look
at
it
in
a
demo,
Here
I
am
in
the
Microsoft
365
compliance
center
under
the
data
classification
tab.
In
this
overview,
it
immediately
tells
me
what
are
all
the
sensitive
information
types
used
mostly
in
my
content.
I
can
see
that
credit-card
numbers
are
used.
The
third
most
used
ones,
because
I
can
also
see
that
social
security
numbers
are
being
used
in
that
contents
as
well.
Also
I
can
see
that
top
sensitivity.
Labels
applied
in
the
content,
top
secret
seems
to
be
the
top
most
sensitive
label.
That's
being
applied.
A
I
can
also
see
the
activities
that
are
based
on
labels
that
are
detected
in
my
organization
as
well.
Now,
on
the
content
explorer
view,
I
can
see
all
the
files
that
are
labeled
based
on
sensitive
information,
types
or
sensitive
labels
or
attention
labels
and
on
the
activity
explorer
I
can
see
the
view
in
a
nice
visualization
view
across
the
days
how
many
files
are
being
labeled.
A
So,
for
example,
on
May
14th
I
see
there
are
four
files
being
labeled
and
on
the
May
16th
one
file,
Todd
labeled
as
well
and
I,
can
look
at
the
details
at
the
bottom,
specifically
on
which
sites
are
which
files
gets
labeled
or
which
emails
get
labeled
as
well.
So
it
gives
you
a
nice
view
across
your
enterprise
corpus.
If
I
look
at
the
office,
two
five
audit
class,
which
I'm
sure
many
of
you
are
already
aware
of,
you
can
also
see
the
detailed
audits
of
your
labeled
files.
A
For
example,
here
I
have
an
audit
log
for
apply
the
sense
of
the
label
to
site.
So
if
I
click
on
it,
it
tells
me
which
specific
site-
in
this
case
investment
bankers,
streamside,
got
labeled,
and
if
I
go
for
more
information,
it
will
tell
me
exactly
what
label
got
added
to
the
site
as
well.
So
that's
how
easy
it
is
as
a
compliance.
Admin
I
get
the
360
view
of
labeled
files.
A
Our
label
decides
in
my
organization,
but
there
was
a
quick
tour
of
data
classification
insights
for
the
compliance
admin
as
well
as
offices
five
audit
logs,
but
wait
there
is
actually
more
data.
Was
prevention
policies
DRP
for
the
short
term.
We
have
made
lots
of
improvements
in
that
aspect,
both
in
teams
as
well
as
in
SharePoint,
specifically
for
Schiffman
and
onedrive
files.
You
can
now
treat
all
the
files
are
being
uploaded
as
a
sensitive
file.
A
That
means
you
block
external
sharing
of
those
files
until
a
DLP
ones,
and
this
is
a
tenant
level
capability
that
you
can
turn
on
for
your
organization
also
for
sensitive
files.
You
can
now
block
on
animus
access
as
well.
So
imagine
a
scenario
where
you
share
the
file
anonymously
and
then,
as
you
are
co-authoring
and
adding
content
become,
the
file
became
sensitive.
The
DLP
scan
will
pick
up
the
file
and
then
now
mark
that
file
as
blocking
for
anonymous
access.
A
Furthermore,
so
that
way,
your
sensitive
files
are
not
leaking
from
your
organization
and
in
the
context
of
teams,
we
have
added
GOP
support,
such
that
when
you
are
in
the
chat
messages.
If
the
sensitive
content
is
getting
published,
then
it
will
block
receiving
sending
those
messages
to
that
to
the
receiver.
So
now
let
me
actually
take
a
look
at
it
from
a
data
loss
prevention
policy,
a
quick
demo
of
that
Here
I
am
in
the
m3
sphere.
Compliance
Center
under
data
loss,
prevention,
tab
and
I'm,
going
to
first
take
a
look
at
the
u.s.
A
personal
identifier
information
data.
As
you
can
see,
this
policy
is
targeting
the
team's
chart
and
channel
messages
and
is
looking
for
the
PII
information
and
then
accordingly,
it
will
block
the
chat
messages.
Also
I
have
another
DLP
policy
to
block
any
one
links
based
on
the
sensitivity
label
confidential.
Let's
actually
take
a
look
at
this
particular
policy,
so
here
I
have
the
locations
for
SharePoint
sites
and
onedrive
accounts
is
selected
and
for
policy
settings
I
have
configured
it
such
that.
A
A
Here
I
am
in
the
team's
experience
and,
as
you
can
see,
when
I
typed
in
the
social
security
number
I
get
an
alert
saying
this
message
was
plot,
and
this
is
because
this
matches
the
DLP
policy
that
has
configured
for
chat
messages
and
hence
the
message
is
removed
from
this
channel.
They
go
and
click
on
this
particular.
What
I
can
do
I
can,
as
a
user
override
and
provide
my
justification
or
I
can
inform
my
admin
that
this
is
naturally
not
a
sensitive
data
so
that
my
admin
can
tailor
the
DLP
policies.
A
Now,
let's
take
a
look
at
it
from
the
SharePoint
site
respector.
So
here
I
am
in
the
micro
packing
strategy
SharePoint
site.
One
of
my
file
has
this
top-secret
labeled
a
top-secret
labeled
excel
file.
Let
me
go
ahead
and
click
on
that
and
then
try
to
share
this
with
an
anonymous
user.
So
go
ahead
and
nonnamous.
As
you
can
see
right
here,
the
anonymous
option
is
actually
grayed
out,
and
this
is
because
the
DLP
policy
kicked
in
and
detected
that
the
file
has
top-secret
label
and
disabled
the
anonymous
sharing
or
even
anonymous
access
as
well.
A
So
then
that
shows
you.
The
DLP
policy
is
in
action.
There
was
a
quick
tool
of
data
loss
prevention
policy,
improvements
that
we
have
made
in
teams
and
SharePoint
and
onedrive.
So
to
recap,
what
we
have
shown
so
far
in
the
security
controls
is
sensitivity.
Labels
for
files
with
the
encrypted
labels
now
have
first-class
experience.
You
can
coop
at
them,
you
can
see
their
search.
Experience
also
worked.
Second
of
all,
as
the
SharePoint
sites
are
the
teams.
Now
you
can
apply
a
sensitivity
label
and
hence
the
corresponding
policies
such
as
privacy
will
automatically
get
applied.
A
Third
of
all,
I
showed
you
also
the
automatic
classification
with
sensitivity
labels
and
how
you
easy
to
create
an
auto
labeling
policy,
and
then
the
sensitive
files
are
now
automatically
labeled,
and
then
we
showed
the
labels
analytics
on
the
data
classification,
insights
experience
and
the
office
t5
audit
locks
and
then
finally,
we
also
showed
you
the
DLP
improvements
in
teams,
as
well
as
in
SharePoint
as
well,
so
that
wraps
up
our
security
controls
topic.
Now,
let's
move
on
to
compliance
controls
in
this
one
I'm
going
to
start
with
two
major
compliance
features.
One
is
communication.
A
Compliance
and
multi
geo
is
the
second
one.
In
the
context
of
communication
compliance,
as
you
know,
insider
risk
managing
is
becoming
a
top
of
the
concern
for
the
information
security
professionals.
This
requires
monitoring
the
communications
that
happens
in
your
organization
and
doing
it
manually
it's
a
very
resource,
intensive
and
expensive
operation.
A
This
is
where
communication
compliance
policies
will
embed
Microsoft
365
helps
you
to
automate
some
of
these
monitoring
capabilities.
As
you
can
see
in
this
screenshot
that
I
have,
on
the
right
hand,
side.
The
communication
part
communication.
Compliance
policy
automatically
detected
that
Jordan
was
provide
using
offensive
languages
in
the
communication
in
a
team's
chat.
Now
as
a
compliance
admin,
you
can
get
the
others
automatically
and
you
can
take
appropriate
actions.
A
Next,
one
is
on
n
365,
multi,
geo
and
I
know
many
of
your
organization's
have
the
need
for
data
residency
wherein
the
corresponding
users
data,
for
example,
Australian
employees
data
needs
to
be
in
the
Australian
data
center,
where
in
the
US
American
employees,
data
needs
to
live
in
the
North
America
data
centers.
This
is
where
at
least
five
multi
geo
can
help.
A
What
if
you
have
a
need
to
provide
segments
between
two
departments
in
your
organization,
for
example,
in
this
contour
Bank,
for
example-
I-
have
investment,
bankers
and
advisers
and
they
have
their
own
corresponding
teams
and
SharePoint
experiences
that
they
work
with
and
due
to
FINRA
like
compliance
needs,
I
need
to
ensure
there
is
no
insider
trading
happens
between
these
two
departments.
It
means
investment.
Bankers
should
not
be
able
to
share
or
collaborate
or
communicate
with
the
advisers.
Similarly,
advisers
cannot
should
not
be
able
to
communicate
and
collaborate
with
the
investment
matters.
A
This
is
very
highly
regulated.
Industries
such
as
financial
energy
government
agencies
really
need
this
kind
of
compliance
control,
and
this
is
where
of
our
information
barriers
scenario,
to
help
you
what
it
means
is.
You
can
now
create
segments
your
enterprises
in
your
enterprises,
segments
of
users,
and
then
you
can
create
information,
variate
policies
between
those
two
segments,
so,
for
example,
investment
bankers
are
not
allowed
to
communicate
and
collaborate
with
the
advisors.
Now,
let's
actually
take
a
look
at
it
in
that
quick
demo.
Here
I
am
in
the
anticipate
complaint,
Center
under
information
barrier
policy.
A
I
have
two
segments
created
investment,
banking
and
advisory.
Let's
take
a
look
at
them
for
investment,
banking
I
have
created,
the
location
is
New,
York
and
user.
Principal
names
must
match,
say
sure
Jeremy
are
Jeff.
You
can
pick
any
Azure
Active
Directory
attributes
as
part
of
creation
of
this
roles.
Now,
let's
take
a
look
at
the
advisory
segments
here,
the
same
rule
but
I
have
Nikita
as
part
of
this
segment.
Now,
let's
go
ahead
and
create
an
information
barrier
policy.
A
A
Here
I
am
in
the
team's
experience,
as
you
can
see,
I
am
in
the
investment
bankers
team,
and
this
is
one
I
created
as
an
investment
banker
and
I'm
going
to
try
to
add
more
people
to
this
particular
team.
So
if
I
go
and
type
in
Jeff,
as
you
can
see,
I
can
see
Jeff
McDowell
he's
also
an
investment
banker.
I
can
select
him.
However,
if
I
go
and
type
in
Nikita
who
happens
to
be
my
colleague,
but
she
works
in
advisors,
as
you
can
see,
I
can't
even
find
her
in
this
experience.
A
This
is
because
information
barrier
policy
is
in
enforcement.
It
knows
that
the
team
is
associated
for
investment,
bankers
and
hence
doesn't
let
me
add,
Nikita
who's-
the
advisors
in
this
particular
team.
Let's
take
a
look
at
it
from
SharePoint
site
perspective
here
at
the
SharePoint
site,
that
is,
banking.
The
investment
bankers
and
I
have
a
file
financial
forecast
that
I
wanted
to
share
and
if
I
click
on
share
and
then
type
in,
let's
say
just
McDowell
I
can
see
him.
A
I
can
sell
at
him,
but
if
I
try
to
share
with
Nikita
I
can't
even
see
her
in
this
particular
people,
XP
public
air
experience,
because
it
knows
that
the
site
SharePoint
site
is
associated
with
investment
bankers
and
there
is
an
information
variant
policy
in
place
and
hence
I
can't
see
her.
So
there
was
a
quick
tour
of
information
barriers
in
action.
You
see
how
easy
it
was
to
create
information
segments,
create
policies
between
them
and
then
your
end.
Users
are
now
protected
from
accidentally
sharing
the
highly
regulated
content,
with
an
inappropriate
presence.
A
Now,
let's
go
into
the
next
topic
roadmap
and
a
clearness
session
in
the
roadmap.
I
have
placed
them
in
two
major
categories.
What
are
the
features
are
available
now
to
summer
and
the
future
that
are
coming
towards
the
end
of
this
calendar
year?
2020
features
that
are
available
down
to
summer
sensitivity,
labels
for
teams
sites
it's
available,
as
preview
is
going
to
be
GM
this
summer,
sensitive
labels
with
protection
for
files.
A
It's
already
g8
on
May
4th,
as
I
mentioned,
Auto
classification
with
sensitive
labels
is
available
in
public
preview
is
going
to
go
into
GA
very
soon,
then
DLP
blog
external
access
by
default
files
is
also
g8
for
SharePoint.
Dlp
in
themes
is
also
available
as
a
cheer
from
a
compliance
point
of
view,
the
communication
compliance
multi
geo
capabilities
that
I
showed
you
are
available
as
GA.
The
information
barrier
policy
is
available
as
a
private
preview,
and
it
will
be
GA
in
this
summer,
Oh
one
additional
thing:
global
reader
wrote
in
SharePoint.
A
This
is
one
of
our
recent
announcements
we
made
as
the
general
available
feature,
meaning
you
can
now
have
global
admins
who
have
just
read
access
to
these
settings
in
SharePoint,
Eames
and
onedrive.
They
don't
have
full
access
to
everything.
This
is
one
of
the
maybe
asks
I
know.
Many
of
you
have
been
asking
for
this.
Now,
let's
switch
to
the
end
of
the
calendar
year
features
the
co-authoring
that
I
showed
you
works
for
the
office
online
and
we
are
working
with
the
office.
Rich
client
bring
the
co-authoring
to
support
to
that
as
well.
A
That's
plans
to
be
going
to
preview
by
end
of
the
year
also
the
multi-factor
authentication
policy
at
the
site,
collection
level.
For
example.
Imagine
you
can
have
a
top-secret
site
and
you
want
to
add.
You
want
to
require
multi-factor
authentication
for
those
sites
and
teams.
Those
are
capabilities
coming
to
us
the
end
of
the
year
as
a
preview,
and
also
we
have
another
advanced
feature
instant
session
revocations.
You
can
revoke
it
session
in
the
azure
active
directory.
Then
all
the
services
across
Microsoft
365
will
honor
that
particularly
vocation
expanding
permissions
for
external
users.
A
This
is
another
item
we
are
working
on
is
available
in
preview.
Now
we
are
looking
to
GA
badness
here
and
then.
Finally,
the
DLP
block
anonymous
access
for
sensitive
files,
it's
available
in
private
preview.
It's
going
to
be
available
as
GA
towards
the
end
of
the
year
now.
I
know
this
is
a
lot,
but
you
can
just
go
to
this
one:
URL
aka,
dot,
M
s,
slash
n,
365
security
corner,
and
we
have
all
this
information
captured
for
you
right
there
and
the
corresponding
articles
that
talks
about
individual
features
as
well.
A
So
I
want
to
finish
with
a
call
to
action.
Please
check
out
the
security
and
compliance
resources
for
sharepoint,
onedrive
and
teams
at
AKA
dot,
ms
/m
365
security
corner
and
also,
if
you
are
interested
in
the
previews
that
I
mentioned
intro
recession,
you
can
nominate
yourself
or
your
customers
at
akms,
slash
ODSP
security.
Previous
with
that
I
wanted
to.
Thank
you
for
your
time
today
for
listening
into
this
session
and
I
hope
you
really
enjoyed
it
stay
safe.
Thank
you.