Azure Data, Services and Workloads DLP Assessment - NOT O365

Raju Golla 41 Reputation points
2020-11-23T17:53:03.11+00:00

Hi,

Appreciate relevant resourcess and tools that can be used for

Assessing the Azure Data, Services and Workloads for DLP (Please note the request is for Azure PaaS services, Data and Workloads against DLP Controls, - NOT OFFICE 365

  • Identity and Access Management
  • Platform Protection
  • Security Operations
  • Data and Applications DLP

As part of the "Azure DLP Assessment" we want to assess the Azure PaaS services, Data and Workloads, - NOT OFFICE 365 against Azure DLP Benchmarks, summarise the gap, risk apetite with risk remediation report.

After multiple failed attemps of obtain the help via Twitter @AzureSupport like to seek help here.

Questions - Help sought

  1. Please share Azure DLP resources that help in assessing Azure hosted Data, Serivces and Workloads for Data Loss Prevention.
  2. What are Azure DLP benchmarks that can be used for the DLP Assessment?
  3. Are there any tools to carryout the DLP Assessment in Azure for the above (1)? Please inform

Thanks

Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
{count} votes

1 answer

Sort by: Most helpful
  1. JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator
    2020-12-01T21:15:50.577+00:00

    @Raju Golla
    Thank you for your time and patience throughout this issue, I received a response from our engineering team and will post their update below.

    Update:
    For our benchmark recommendations we only recommend services/features/capabilities which are in GA, and we arrive on our guidance with partners who are subject matter experts in those areas. To my knowledge, there aren’t any first party Azure PaaS specific services that support DLP currently, most of our support for DLP is around O365 and office files. There is some functionality to monitor unauthorized transfer of data with Azure ATP for supported technologies like Azure SQL ATP or Azure Storage ATP, we also mention locking down storage resources with proper role-based access controls and tagging properly based on data classification. In the Azure Security Benchmark we recommend monitoring supported Azure services with Azure ATP, and AIP for your office files, otherwise to use host-based DLP solution where applicable.

    Thank you again for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.