Scanning Office 365 for sensitive PII information

Radim Řehůřek personal data, PII Tools, security

After PII Tools implemented scanning of on-prem Windows workstations, endpoints and file shares into PII Tools, the nr. 1 request has been to find personal, sensitive and intimate data inside Office 365 installations.

screenshot of UI for o365 batch scans

Office 365 storages can be scanned using either the web dashboard, or REST API for automation.

Since we listen to our customers, I have a happy announcement to make: Starting with release 1.6.0, PII Tools can automatically scans contents of Office 365 accounts!

This includes both structured and unstructured content in Microsoft OneDrive, Microsoft Exchange Online and Sharepoint Online, via four brand new Storage Connectors.

This is a blog post about PII Tools, our commercial product. PII Tools lets corporations perform personal and sensitive discovery with unprecedented accuracy, using context-aware detectors and secure cloud-free deployment. See our special introductory pricing.

What does “support Office 365” mean?

You can now find and review personal and sensitive information for documents, emails and tables shared within your company’s Office 365 account(s), directly from PII Tools. No need to export or copy the data to external locations. Since PII Tools runs on your own hardware, there’s no need to send any data into the cloud either.

“Scan across Office 365” can sound a little nebulous, and navigating Microsoft’s enterprise offerings not always straightforward (ha!). So here’s what this means specifically:

  • Office 365 is a suite of products and services, some of which may store personal information or sensitive data: names, addresses, credit cards, faces, passport scans, sexual preferences, religious views…
  • The most salient O365 services from the privacy and security perspective are:
    • OneDrive: file hosting service operated as part of Office Online; there are drives for users, user groups and entire sites
    • Exchange Online: hosted email, one mailbox per user
    • Sharepoint Online: cloud service to share and manage company data; some documents shared on OneDrive.
  • PII Tools lets you apply our context-aware personal data detectors to:
    • mailboxes of an individual user, or of all users in Exchange Online
    • drives of an individual user, or of all users in OneDrive
    • drives of a single group, or all groups in OneDrive
    • all drives for a given OneDrive site
  • Technically, programmatic access to Office 365 happens through an API called Microsoft Graph, mgraph
  • PII Tools comes with step-by-step instructions on how to set up and authorize Office 365 scans

Where next?

The pace at which PII Tools evolves these days is hectic. It was only last week we released our new on-prem web dashboard, to complement the existing REST APIs.

With Microsoft Azure Blob on our roadmap for July 2018, we’ll be able to offer our customers discovery across pretty much all major environments, whether streamed, local, endpoints, or cloud.

Sign up to receive PII Tools news from the intersection of data privacy & machine learning.

 Unsubscribe anytime. We send at most 2 posts per month.