Describe the capabilities and benefits of Microsoft Priva-Describe security, compliance, privacy, and trust in Microsoft 365

As mentioned frequently in this book, an organization’s data is its most valuable commodity, and keeping that data secure is one of the primary functions of Microsoft 365. That company data frequently includes confidential information, however, and it is the responsibility of the IT department not only to keep the data secure but also to maintain its privacy.

Microsoft Priva is a tool that helps administrators establish and maintain the privacy of the company’s data in light of the many regulatory laws about data privacy now in place in the U.S. and other countries. Priva is not concerned with protecting data against outside attacks; other Microsoft 365 tools handle that. Regarding data privacy, Priva is concerned mainly with how the organization handles its sensitive data internally.

Microsoft Priva consists of two privacy solutions, as follows:

  • Priva Privacy Risk Management Uses built-in or custom policy templates to identify data that is subject to privacy risks, generates alerts when data conforming to a policy is detected, and provides administrators with the ability to investigate and remediate the alerts
  • Priva Subject Rights Requests Simplifies and automates the process of responding to legally submitted data subject requests by prioritizing data, implementing workflows, and generating reports

The first task undertaken by Priva is to identify the personal data stored by the company that is at risk. The Priva administration interface is included in the Microsoft Purview portal under the Privacy Management menu. The Overview dashboard, shown in Figure 3-55, specifies the number of items containing personal data and the number of outstanding rights requests. The Overview dashboard also displays key insights into the discovered personal data and a list of the current action policy alerts.

FIGURE 3-55 The Microsoft Priva Privacy Management: Overview page

Priva risk management

Once Priva has identified the data stored by an organization, administrators can select a template to create a policy that will govern the data handling. Priva includes templates to address the following privacy risks:

  • Data overexposure Data that is publicly available, shared too widely within the organization, or shared with individuals outside the organization. Prevalence of this type of risk should compel administrators to educate users about data-sharing policies.
  • Data transfers Creates policies that detect when data is transferred in an unsafe manner, as determined by the administrator. Depending on the type and sensitivity of the data, administrators can limit unencrypted transfers between departments, geographic locations, or individuals outside of the organization.
  • Data minimization Potentially sensitive data that has been stored unused for a long period of time can present unnecessary risks. This template can create policies that identify such data and notify its owners to use or delete it.

The Policies page in the Microsoft Purview portal allows administrators to create a new data transfers policy, as shown in Figure 3-56, or create a new custom policy from scratch.

FIGURE 3-56 Creating a data transfers policy in Microsoft Priva

Leave a Reply

Your email address will not be published. Required fields are marked *

Search

Popular Posts

  • Summary-Describe security, compliance, privacy, and trust in Microsoft 365
    Summary-Describe security, compliance, privacy, and trust in Microsoft 365

    Thought experiment In this thought experiment, demonstrate your skills and knowledge of the topics covered in this chapter. You can find the answers to this thought experiment in the next section. Ralph is the Director of the Brooklyn datacenter at Contoso Corp. The company currently has three office buildings in the New York area with…

  • Anticipating threats-Describe security, compliance, privacy, and trust in Microsoft 365
    Anticipating threats-Describe security, compliance, privacy, and trust in Microsoft 365

    Arguably, the most difficult part of the risk management planning process is trying to anticipate all the possible threats that could afflict the company’s data in the future. The three basic risk factors for the data—confidentiality, integrity, and availability—can be exploited in any number of specific ways, but the general threat categories are listed in…

  • Classifying users-Describe security, compliance, privacy, and trust in Microsoft 365
    Classifying users-Describe security, compliance, privacy, and trust in Microsoft 365

    The third element of the digital estate that must be considered when creating a risk management plan is the people who actually access the data. Whether deliberately or inadvertently, users are a constant vulnerability—if not an actual threat—to the organization’s data. After quantifying the organization’s information assets and their value and inventorying the hardware used…

Tags

There’s no content to show here yet.