Microsoft this week quietly made several security-related announcements. Most significant is Endpoint Data Loss Prevention, a new product that adds device-level data loss prevention to Microsoft's broader DLP offerings.
Like its counterpart, Endpoint DLP is integrated with Microsoft Information Protection, using the same classification system and ability to use MIP policies. It is enabled natively with Windows 10 deployments and is native to the new Microsoft Edge browser.
Endpoint DLP allows organizations to enforce policies on endpoints, such as copying, printing and uploading sensitive files to external devices, network shares or a cloud service. Users can choose between audit, block with override, or record and block activities without the ability to override. It is managed via the cloud and the Microsoft 365 compliance center.
The new offering is pretty interesting and will definitely be useful, said Dave Gruber, a senior analyst at Enterprise Strategy Group.
"The telemetry gets rolled into Microsoft security offerings, which is helpful because it enables things like detecting when unknown third-party apps try to access sensitive data. That's something security and risk teams would like to know about," he said.
Along with Endpoint DLP, Microsoft made several other security-related announcements. Double Key Encryption for Microsoft 365 helps organizations maintain full control of keys, experience a more consistent labeling experience and simplify deployment, according to Microsoft.
The company explained that it uses two keys to protect data—one in the organization's control and the second stored securely in Microsoft Azure. Viewing data protected with Double Key Encryption requires access to both keys. "Since Microsoft can access only one of these keys, your protected data remains inaccessible to Microsoft, ensuring that you have full control over its privacy and security," said Benjy Levin, a Microsoft information protection program manager, in a recent blog.
Microsoft also added new features to its insider risk management product, designed to be used with Microsoft Defender Advanced Threat Protection. Six new policy templates have been added to the three that shipped in February, with one focused on disgruntled users.
One new feature provides greater insight into "whether someone is trying to evade security controls by disabling multi-factor authentication or installing unwanted software, which may indicate potentially malicious behavior," said Talhar Mir, principal program manager at Microsoft.
Another new feature enhances the product's human resources connector so that organizations can choose whether they want to include additional HR insights that might indicate disgruntlement to initiate a policy.
In addition, users can now fully configure and define their own thresholds. New "priority user groups" can now be created to assign policies to high-risk or high-value user groups.
Communication compliance, part of the new insider risk solution set in Microsoft 365, now has three new feature groups. It now includes additional remediation actions through Teams integrations, including redaction capabilities and a new detection feature to recognize inappropriate images shared in a chat.
While it's unclear why a new product and several upgrades were announced under the radar, some experts believe it's because it highlights the fact that so many important features were missing in the first place.
Either way, the changes are welcome, Gruber said. While all of the new features add value, "I’m most excited about the addition of Endpoint DLP," he said.