The new MDM features in Office 365 work by managing devices that connect to Office 365, these can include phones, tablets and PCs. The features include:
- The ability to set and manage security policies such as device level pin lock and jailbreak detection, which can keep unauthorized users from getting in
- Selective wipes of Office 365 data on mobile devices while leaving personal data (such as photos) intact
- Administration of the necessary policies from within the Office 365 administration portal.
These MDM features can go a long way to making sure that unauthorized users do not access important organizational documents on employees’ mobile devices. But what about mistakes by authorized users? For that, Microsoft is expanding Office 365’s DLP.
Data loss prevention (DLP) identifies sensitive information in an organization’s documents and then prevents users from distributing the information without special authorization. For example, it can automatically detect patterns of numbers in a spreadsheet that have the characteristics of credit card numbers, or an administrator can “fingerprint” a form, such as a patent application form, so that any time that form is shared, the sharing can be prevented or managed. Users have their actions prevented, and they are notified about what is going on. This gives them a chance to appeal for an override to the policy.
Microsoft already has DLP in Outlook and OWA, but it is now expanding it to Excel, Word and PowerPoint documents in OneDrive for Business and SharePoint. Given the move from sending attachments to sharing links to documents, this is keeping up with how users share documents. The service is expected to be active in 2015, starting with Excel.
DLP can be particularly useful to avoid sending out unauthorized medical information. The technology can help organizations comply with data protection requirements in this area.