A new era in data security with dynamic controls to manage data access and mitigate risks

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.

Recent research highlights a concerning trend: insider risks are surging. A majority of organizations encountered data breaches in the past year, with 63% of these breaches stemming from inadvertent or malicious insiders who had access to sensitive information. These internal threats pose a significant challenge to enterprise security.


Traditionally, organizations have struggled to handle the fragmented tooling landscape and one-size-fits-all controls they many times rely on to safeguard their data. However, this approach presents many challenges. The employment of multiple disconnected solutions complicates integration and efficacy of investigations, while standardized controls may either hinder legitimate business operations with their stringency or increase the risk of data breaches with looser restrictions. Striking the right balance is crucial. Enterprises are now seeking an automated approach that dynamically adjusts data security controls based on constantly evolving insider risk levels. Customers want a solution that adapts seamlessly, dialing up protection when needed and easing restrictions to enable legitimate business operations.


That’s where Adaptive Protection in Microsoft Purview comes in. Adaptive Protection helps you protect your organization’s data by integrating dynamic insider risk levels, determined by data related activities, with various policy engines to automatically move users in and out of policies as their risk levels change over time.


Back in March, we announced Adaptive Protection is now integrated with Conditional Access. This enables organizations to create Conditional Access polices to automatically add users to policies in response to insider risks levels.


Today, we are excited to announce the general availability of Adaptive Protection integration with Data Loss Prevention, which enables users to be automatically included in the scope of certain data loss policies based on insider risk levels.


Additionally, we are announcing the public preview of Adaptive Protection integration with Data Lifecycle Management, to protect against data sabotage scenarios by preserving deleted emails and files based on a user’s insider risk level.


Adaptive Protection integrated with Data Loss Prevention

Data security risk is dynamic and complex to manage in today's modern workplace with various constantly changing factors, including types of content, the people who interact with data, and the activities surrounding the data. Often, attempting to find the sweet spot between data protection and productivity can be a tedious balancing act. If controls are too strict, it could overload the security teams with an overwhelming number of DLP alerts and block legitimate business activities. Security teams that prefer less restrictive controls to minimize impact on productivity may leave themselves susceptible to the risk of data loss. And finetuning broad and static policies can often become a never-ending project that overwhelms security teams.


Leveraging Adaptive Protection and a user’s insider risk levels, Microsoft Purview DLP can automatically apply the right level of preventative controls as configured by admins – such as block, block with override, or audit with a warning. Admins, who are granted access to change, create, update and/or delete policies, can create more sophisticated and adaptive DLP policies across Exchange, Teams, and endpoints. For example, with Adaptive Protection, DLP can allow users in the minor or moderate risk level to receive policy tips for handling sensitive data, influencing positive behavior changes over time to reduce organizational data risks. For users in the elevated risk level, admins can use the stricter protection controls, such as blocking users from saving or sharing sensitive data, to minimize the impact of potential data incidents. By integrating Adaptive Protection with Data Loss Prevention, you can implement scalable, intelligent, and adaptable DLP policies without significant manual overhead and policy fine tuning.


Figure 1: Configure a DLP policy with ‘insider risk level’ in Adaptive ProtectionFigure 1: Configure a DLP policy with ‘insider risk level’ in Adaptive Protection

Adaptive Protection integrated with Conditional Access
Organizations often struggle with implementing effective data security and access management measures due to their reliance on fragmented and siloed solutions. These approaches make it challenging to consistently roll out new security controls and can create gaps that insiders might exploit. However, Microsoft’s integration of Adaptive Protection and Conditional Access offers a streamlined solution. It enables automatic access controls for users based on their insider risk levels, eliminating the need for managing multiple separate solutions.


Conditional Access, a key component of this integrated approach, enhances security by enforcing access controls for applications, data, and infrastructure. It evaluates user identity, location, and device signals to determine resource access. Depending on the risk level, it applies various controls, such as Multi-Factor Authentication (MFA) or outright blocking of application access.


Consider a scenario where a once-trusted employee becomes a high-risk user. By integrating Adaptive Protection with Conditional Access, organizations can automatically add the employee to a policy and block access to critical applications like Salesforce, providing an additional layer of defense against data exfiltration.


The synergy between compromised user risk and insider risk provides your organization with a more comprehensive solution to safeguarding your data against both external threats and internal risks. This comprehensive and multi-layered approach protects your organization against unauthorized access, data leaks, and data theft - ultimately strengthening your overall data security. With a united front against both external and insider risks, your data remains safe, reinforcing your organization’s resilience in the face of evolving cyber threats.


Figure 2: New ‘insider risk’ condition in Conditional AccessFigure 2: New ‘insider risk’ condition in Conditional Access

Adaptive Protection integration with Data Lifecycle Management
Data sabotage attacks are on the rise. They now are one of the most common types of cybersecurity attacks and one of the most expensive, with an average cost of $5.25M per attack. And organizations using security AI and automation identified and contained a data breach 108 days faster than organizations with no use*.


Today, we are announcing the public preview of Adaptive Protection integration with Data Lifecycle Management. Data Lifecycle Management (DLM) manages retention and deletion of files and emails in Microsoft 365. This integration leverages DLM features to introduce an additional control that automatically preserves items deleted by a user account with an elevated risk level, so they can be restored if needed.


Let’s look at a scenario where a user has resigned from your organization. Due to deviations from their baseline behavior, Adaptive Protection has designated them as having an elevated risk level. Now the user decides to mass delete content to “burn down the house” before they leave. Fortunately, Adaptive Protection in DLM automatically preserved a copy of the deleted content and provides a log of the activity, so the admin can recover from the incident.


Figure 3: Enable Adaptive Protection in Data Lifecycle ManagementFigure 3: Enable Adaptive Protection in Data Lifecycle Management

Learn more about Adaptive Protection integration with Data Lifecycle Management in our blog: https://aka.ms/DLM/RSA-2024


Watch our Mechanics video


Read our ”Rethinking Security from the Inside Out” Report

We recently surveyed more than 500 data security and identity and access management professionals to gain deep insights into the data security landscape, the challenges organizations face with existing tools, and best practices for protecting against data breaches. Download our report!


Get started

Thank you,

Erin Miyake, Principal Product Manager, Microsoft Purview


*IBM Cost of a Data Breach Report 2023

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.