Microsoft end-to-end Security – Microsoft Priva

Cloud Posted: 3 January 2024

Back in August, I released an article about why you should consider Microsoft for your IT Security. I talked about how Microsoft’s solution has matured and how it can help organisations do more with less. Now I would like to talk about what that solution could look like as an end-to-end suite of tools that can help protect your identities, endpoints, data, applications, and infrastructure.

To do this, I aim to release a series of articles that introduce each pillar of the Microsoft Security Suite, with an overview of its capabilities, features, and what role it performs in the solution.

The Microsoft Security suite of products contains the following:

Microsoft Defender 365 – Defend across the Attack Chain to protect against external threats.
Microsoft Sentinel – Collect, analyse, and respond to alerts and incidents picked up by your security tools, such as Defender, Entra and Purview.
Microsoft Entra – Identity and Access Management platform that can protect your identities and access to your corporate resources.
Microsoft Intune – Endpoint Management platform that manages and secures all endpoints in your estate.
Microsoft Purview – Secure your sensitive data and protect against internal threats.
Microsoft Priva – Manage the risks of handling sensitive information within Microsoft 365.

The final pillar of the suite is Microsoft Priva. It is the newest member of the suite, although was released in January 2022. It is a privacy management solution that works alongside Microsoft Purview to protect your personal data and manage the identified risks.

Personal data is one of the most valuable assets in the digital age. It can reveal insights about our preferences, behaviours, and identities. However, it can also expose us to various risks such as identity theft, fraud, and cyberattacks. That’s why it is essential to protect and manage our personal data with care and respect.

Protect and Govern Sensitive Data

Sensitive data is any data that contains personal, confidential, or proprietary information that can be used to identify, harm, or exploit an individual or an organization. Examples of sensitive data include names, addresses, phone numbers, email addresses, social security numbers, credit card numbers, health records, financial records, trade secrets, and intellectual property.

Protecting and governing sensitive data is crucial for ensuring the privacy, security, and compliance of individuals and organizations. However, it can also be challenging, especially in a complex and dynamic environment where data is constantly collected, stored, and shared across multiple platforms and devices.

Microsoft Priva can help organisations protect and govern sensitive data at scale. Risks such as data hoarding and data oversharing can be identified and protected against. It also helps organizations gain visibility into the storage and movement of sensitive data, empower employees to make smart data handling decisions, and enable users to effectively manage data and take steps to comply with evolving privacy regulations.

Microsoft Priva protects and governs sensitive data through the following methods:

Data Assessment: Microsoft Priva can be used to assess your Microsoft 365 environment to discover what types of sensitive data you hold and where they are stored. You can run an assessment when the service is available, and it will then continuously keep the dashboard up to date thereafter.
Data Classification: Microsoft Priva can help classify sensitive data across various data sources, such as databases, files, emails, and cloud services. It uses machine learning and natural language processing to automatically detect and label sensitive data based on predefined or custom rules and policies. Users can also manually review and edit the data classifications as needed.

Priva relies heavily on the services provided through Microsoft Purview to perform the assessment and classification. For example, Sensitivity Labels are used for the classification of documents containing sensitive information.

Reduce Privacy Risks

Privacy risks are the potential harms or losses that may result from the unauthorized or inappropriate collection, use, disclosure, or disposal of personal data. Privacy risks can affect individuals, organizations, and society at large. Some examples of privacy risks are identity theft, fraud, discrimination, reputational damage, legal liability, and regulatory sanctions.

Microsoft Priva can help to reduce privacy risks by using various features and services, such as:

Privacy risk assessment and remediation: Microsoft Priva helps organizations assess their privacy posture and identify potential privacy risks across their data sources. Microsoft Priva can automatically detect, and flag privacy risks based on predefined or custom rules and policies using similar detection methods as used with Microsoft Purview for DLP. Microsoft Priva also provides recommendations and guidance to help users remediate the privacy risks and improve their privacy practices.
Privacy by design and default: Microsoft Priva helps organizations embed privacy principles and practices into their data lifecycle and business processes. Microsoft Priva enables users to define and enforce privacy by design and default policies and workflows, such as data minimization, purpose limitation, consent management, and data quality. It also supports various privacy enhancing techniques, such as anonymization, aggregation, and differential privacy, to reduce the identifiability and sensitivity of personal data.

The tools available within Priva allow for easy assessment and remediation of identified privacy risks and all can be managed within the Microsoft Compliance portal.

Subject Rights Management

Subject rights management is the process of handling requests from individuals who want to exercise their rights over their personal data that is collected and processed by an organization. These rights may include accessing, deleting, correcting, or transferring their data, depending on the applicable privacy laws and regulations.

Microsoft Priva helps organizations with subject rights management in the following ways:

Automating data discovery and collection: Priva enables organizations to locate and collect personal data across Microsoft 365 and other data sources, such as Azure, Dynamics 365, and third-party applications quickly and accurately. It can use advanced search capabilities, such as trainable classifiers, to identify items that contain personal data and filter out irrelevant or duplicate data. Priva also supports automated data collection for different types of requests, such as access, deletion, or portability.
Streamlining data review and redaction: Priva provides tools for in-place data review and redaction, allowing organizations to verify the accuracy and completeness of the data collected and remove any sensitive or unnecessary information. Priva also offers assisted redaction and search and redact features, which use artificial intelligence to automatically detect and redact personal data in documents, emails, and images.
Facilitating data delivery and collaboration: Priva helps organizations securely deliver the data to the requestor or a third-party service provider, using encryption, authentication, and expiration policies. Priva also enables collaboration among different stakeholders, such as privacy officers, legal teams, and data owners, by providing a centralized dashboard, task management, and audit logs.

Being able to manage Subject Rights Requests from within one console from discovery to delivery of the data provides a much more streamlined process and can help save time if your organisation has many of these types of requests to manage.

Summary

Microsoft Priva enhances the management of personal data within your organisation and helps identify potential risks that could cause you financial harm from potential misuse. It’s integration with Purview extends the protection of this data across your endpoints and helps identify users who may be a high risk.

There are two add-on licenses required to use the Priva features:

Microsoft Priva Privacy Risk Management add-on license provides the ability to protect and govern your sensitive data and reduce your privacy risks.
Microsoft Priva Subject Rights Requests add-on license provides the ability to manage your subject rights requests.

Customers with an Office 365 or Microsoft 365 subscription (excluding F plans) can purchase the add-ons to provide the functionality.

That concludes my introduction to the Microsoft 365 end-to-end Security suite of products. Combined they provide a full security solution to help protect your files, endpoints, users, and applications. Please read my other articles linked at the beginning of this one and feel free to get in touch should you have any questions on what I have discussed.

Related Insights

Security

ClubCISO AI Report: AI cyber-attacks a critical threat, but CISO priorities are not changing yet

A new cybersecurity report by ClubCISO in collaboration with Telstra Purple finds that despite significant concerns around the impending impact of AI cyberattacks on respondent organisations, many have not seen their priorities or investment plans change.

Learn more

Cloud

Link your Enterprise to your Public Cloud

Managing connectivity from traditional networks up to public cloud is becoming increasingly important in the world of Enterprise IT.

Learn more

Security

Telstra Thought Leadership – Positioning Statements / Pitch Angles

The AI revolution opens exciting new possibilities but as frontiers expand, so do the associated security risks.

Learn more

Cookie	Description
cookielawinfo-checkbox-advertisement	This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given their consent to the usage of cookies under the category 'Advertisement'.
cookielawinfo-checkbox-analytics	This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given the consent to the usage of cookies under the category 'Analytics'.
cookielawinfo-checkbox-necessary	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-non-necessary	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Non Necessary".
cookielawinfo-checkbox-performance	This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given the consent to the usage of cookies under the category 'Performance'.
viewed_cookie_policy	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Description
_ga	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, camapign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assigns a randoly generated number to identify unique visitors.
_gat_gtag_UA_11390492_5	Google uses this cookie to distinguish users.
_gid	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.
ELOQUA	Eloqua Business Marketing platform - this cookie collects and transfers contact info from webforms to internal databases.
ELQSTATUS	Eloqua Business Marketing platform - this cookie is used to recognise unique visitors to website pages and to track the pages they visit.
GPS	This cookie is set by Youtube and registers a unique ID for tracking users based on their geographical location

Cookie	Description
IDE	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
NID	This cookie is used to a profile based on user's interest and display personalized ads to the users.
test_cookie	This cookie is set by DoubleClick (which is owned by Google) to determine if the website visitor's browser supports cookies.
VISITOR_INFO1_LIVE	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.

Microsoft end-to-end Security – Microsoft Priva

Matthew Clarke

Protect and Govern Sensitive Data

Reduce Privacy Risks

Subject Rights Management

Summary

Related Insights

ClubCISO AI Report: AI cyber-attacks a critical threat, but CISO priorities are not changing yet

Link your Enterprise to your Public Cloud

Telstra Thought Leadership – Positioning Statements / Pitch Angles

Let's create, together.

Help

Other Telstra Sites