Microsoft’s 5 Latest Updates On Data Security

The company announces updates for its Purview data protection platform, including a new solution driven by machine learning that’s meant to help with battling insider threats.

ML-Powered Data Security

Since debuting the Microsoft Purview data security platform less than a year ago, the Redmond, Wash.-based tech giant has been building out the platform’s capabilities including in data protection and governance, as well as in compliance and risk management. On Monday, Microsoft announced the newest set of updates that are seeking to enhance data security for customers and partners, including through the use of machine learning (ML) advancements. The biggest of the updates is a new cybersecurity tool for the Purview platform, Adaptive Protection, which aims to help customers to be more effective at preventing insider threats with enhanced tailoring of data loss prevention (DLP) controls.

[Related: Microsoft Says 15,000 Partners Are Driving Its $20 Billion Security Business ]

Overall, Purview is aimed at freeing organizations from having to make a choice between security and productivity, which in reality is a “terrible choice,” said Rudy Mitra, corporate vice president for Microsoft Purview. The Adaptive Protection solution is a major step forward in this area, Mitra told CRN, because it leverages ML to help ensure that low-risk do not have their productivity curtailed while applying stricter data security controls to high-risk users.

Microsoft Purview, which has combined the solutions previously known as Azure Purview and Microsoft 365 Compliance, was initially introduced in April 2022. Microsoft has organized its security portfolio — which it says spans more than 50 product categories overall — into six product lines, one of which is Purview. In addition to securing data in the Microsoft cloud, Microsoft Purview also works with third-party services such as Box, Dropbox and Google Drive.

On Monday, Microsoft announced several other updates to its Purview capabilities, which follow a number of enhancements to the platform that were announced last fall at Microsoft’s Ignite conference.

What follows are the key details on Microsoft’s five latest updates on data security.

Adaptive Protection

The new Adaptive Protection solution for Microsoft Purview aims to address several issues in data security at once, including the issues of overly broad data loss prevention (DLP) controls and high levels of alert “noise” from risk detection tools. Ultimately, the goal is to ensure that organizations can better target their protections against insider threats such as data theft and tampering, according to Microsoft.

Adaptive Protection works by utilizing Purview’s Insider Risk Management machine learning (ML) technology, which is capable of understanding what constitutes normal and abnormal behaviors for users in terms of their interactions with data. The ML-powered tool is then capable of identifying high-risk actions that could lead to a data security issue, and can tailor DLP controls automatically in accordance with the detected level of risk, Microsoft said. As a result, organizations are able to make their DLP policies far more dynamic and ensure that only the riskiest users are blocked from sharing data, according to Microsoft. Low-risk users, on the other hand, are enabled to continue sharing data as normal, the company said.

Adaptive Protection is a unique solution for data security because it offers the “right protection for the right time” by adapting to user behavior, Mitra told CRN. The solution can interpret the context with which data is handled, and “the controls are informed by how the data is handled,” he said.

That includes by tracking behavioral signals to determine what is normal and what is not, which is what enables the adaptability of the solution, Mitra said. “So you’re not trying to predict for an organization, ‘Do I protect the data at the highest level or the lowest level?’ You set it where you want, and then it changes as it learns more over time about what normal handling for the data is, and what abnormal starts to look like.”

The user behavioral signals are anonymized in order to protect user privacy, Mitra noted.

Purview Insider Risk Management

On Monday, Microsoft disclosed that its Purview Insider Risk Management solution — which uses machine learning for detection of high-priority insider threats, in order to prevent data theft and leaks — has recently been updated with enhancements. Those include sequence detection and a policy condition that will exclude bulk emails from among the Purview Communication Compliance policies as a way to reduce noise in the detection tool. Microsoft said it’s also added a new capability to visually display a user’s overall data exfiltration activity in a chart format.

At the Microsoft Ignite conference in October, the company announced that the Purview Insider Risk Management solution had been updated with triaging enhancements, improved analytics assessment insights and new insights about the activity of potential high-impact users.

Purview Data Loss Prevention

Microsoft announced Monday that it has extended the capabilities of Purview Data Loss Prevention, which blocks unauthorized sharing of data and monitors the use of sensitive data. The Purview Data Loss Prevention controls can now be used with macOS devices, as well as with non-Microsoft apps (via Microsoft Defender for Cloud Apps) and with the Google Chrome web browser. Data loss prevention capabilities are now available for the Firefox web browser, and for the Purview Extension for Firefox, as a public preview. The Purview Data Loss Prevention migration assistant is now generally available, as well, enabling users to detect current policy configurations automatically and more easily generate equivalent policies, according to Microsoft.

Purview Data Lifecycle Management

Microsoft on Monday announced a preview for a new capability in Purview Data Lifecycle Management, the company’s solution that unifies data governance across data in on-premises environments, multi-cloud environments and SaaS. The new feature now in preview is a “simulation mode” for data retention labels, which aims to help users with testing and fine-tuning of automatic labeling, in advance of deploying the automatic labeling more broadly.

In October, Microsoft announced updates in preview for Purview Data Lifecycle Management including retain shared versions, which enables users to keep an exact version of a file they’ve shared as an email link or a Teams message.

Purview Information Protection

At Ignite in October, Microsoft unveiled several updates for Purview Information Protection, which provides built-in sensitivity labeling, customized data protection policies and data protection capabilities for Microsoft 365 applications. The recent updates included the introduction of more than 20 trainable data classifiers, which can be used to automate the classification of more than 30 types of sensitive data. Microsoft also launched Purview Information Protection for Adobe Document Cloud into general availability and unveiled previews of built-in Office features.