Month: September 2022

On-Premises File Servers – Implementing Microsoft Purview data loss prevention (DLP)

Posted on by Adriana Guarin

Despite the high rate of adoption for cloud services and infrastructure, many organizations still have

a lot of data stored in on-premises repositories such as SharePoint Server or Windows-based file servers. While cloud-based solutions are great for content stored in the cloud, what options are there for applying those same protections to data that hasn’t been migrated?

The answer is easy: Microsoft Purview Data Loss Prevention!

AIP Scanner
Originally branded as the Azure Information Protection scanner in 2018 to help identify sensitive information on-premises, the software has continuously been upgraded with more features. The newest iteration can help support your information protection goals.

Protecting on-premises repositories requires the following tasks to be completed:

• Configuring service accounts
• Deploying the AIP Unified Labeling (UL) client to an on-premises server
• Configuring the scanner settings
• Creating content scan jobs
• Creating an Azure app registration
• Deploying the AIP scanner to an on-premises server
• Configuring a DLP policy that includes on-premises repositories

As you can see, there are several pieces involved. Figure 11.9 shows the components in the on-premises DLP deployment:

Figure 11.9 – On-premises DLP architecture

The DLP architecture utilizes one or more on -premises servers configured with the AIP UL client and the AIP scanner. These servers query the DLP policies from the Microsoft Purview compliance portal, store service information in an on -premises SQL database, and are used to discover content in on-premises file shares and SharePoint sites.

Note
For production deployments, Microsoft recommends using a full version of SQL Server. For lab environments, you can use SQL Express. To download SQL Express, see https://www. microsoft.com/en-us/Download/details.aspx?id=101064.

Configuring a Service Account
For the scanner deployment, you’ll need two accounts—an on-premises account that has access to the file shares and SharePoint document libraries containing content to protect, and either a synchronized or cloud identity that will be used to access the Microsoft 365 service. They can be the same account (this may even make it easier from a deployment perspective). The AIP service does not currently support using a Managed Service Account (MSA) or group Managed Service Account (gMSA).

Deploying the AIP UL client
The first step in deploying the Microsoft Purview compliance solution on-premises is to ensure the server(s) you’ll be using have the most recent AIP UL client. Follow these steps to deploy the client:

  1. On the server(s) where you will configure the Microsoft Purview Information Protection Scanner cluster, navigate to https://aka.ms/aipclient to download the client. Either the .msi or .exe download is suitable.
  2. Once it has downloaded, launch the installer.
  3. Select I agree to proceed with the installation. Setup begins, as shown in Figure 11.10.

Figure 11.10 – AIP UL client installation

  1. Click Close to exit the installer.

Next, it’s time to move on to the scanner cluster installation.

Teamwork habits– Monitoring Microsoft 365 Tenant Health

Posted on by Adriana Guarin

Viva Insights Teamwork habits, part of the premium Viva Insights experience, allows managers to gain additional recommendations for managing people. Teamwork habits helps managers identify regular after-hours work, meeting overload conditions, and a lack of dedicated focus time.

Managers can set up their teams by manually adding users, though they can use the suggested list if the manager property has been configured in Active Directory or Azure Active Directory:

Figure 2.25 – Confirming team members

Three additional core features of Teamwork habits are as follows:

  • Scheduling recurring 1:1 time with managed employees
  • Gathering quiet hours impact to determine how work habits impact employees outside of their configured working hours
  • Shared plans for no-meeting days and shared focus times

Organizations that have the Teamwork habits tools available can improve their employees’ well-being and work-life balance. The Teamwork habits feature requires a separate Microsoft Viva Insights license.

Organization trends

The Organization trends tab shows business leader and manager insights to help understand how to effectively manage your teams, such as identifying work patterns:

Figure 2.26 – Organization trends

Organization trend data is privacy-oriented, requiring a minimum of 10 people (including the manager) to be in the management chain, either directly or indirectly. In addition, access to organization trends requires granting access to manager insights through the Viva setup.

Advanced insights

Microsoft Viva Advanced Insights is a reporting tool that provides research-based behavioral insights into organizational work patterns, such as hybrid work, work-life balance, and employee well-being.

The Advanced Insights reporting tool comes with several built-in templates and analysis tools to help organizations understand everything, from meeting effectiveness to employee performance trends correlated to manager 1:1 meetings:

Figure 2.27 – Viva Insights manager coaching report

With large organizational changes such as hybrid and remote work scenarios, it can be important to understand how those work patterns affect performance, including interesting data points such as how much time is spent during meetings multitasking, or how much work is getting done outside normal business hours:

Figure 2.28 – Advanced insights working hours details

The Advanced Insights Power BI report templates provide an analysis of employee engagement and work patterns. Here are the reports:

  • Business resilience: Overall business report highlighting performance and employee well-being
  • Hybrid workforce experience: This report highlights how different work modes (onsite, hybrid, and remote) affect workers
  • Manager effectiveness: This report provides insight into patterns for people managers
  • Meeting effectiveness: This report captures and displays information on meeting statistics such as how many meetings happen at short notice or how much multitasking occurs during meetings
  • Ways of working: This data helps answer questions such as, “Are employees receiving enough 1:1 coaching time?” and “Who generates the most work by organizing meetings?”
  • Wellbeing – balance and flexibility: This reporting data is used to identify whether employees have enough time to focus on core priorities and balance that with breaks and time away from work

For more information on the advanced insights templates and their reporting capabilities, see https://learn.microsoft.com/en-us/viva/insights/advanced/analyst/templates/introduction-to-templates.