Microsoft resources for GDPR

The page below is a (growing) overview of resources for GDPR info and compliance by Microsoft. The page is updated with other sources I find on my quest for GDPR.

General Resources

Trust Center

Microsoft 365 Enterprise

Online

Assess your readiness for GDPR now

MS partner network

https://partner.microsoft.com/en-us/marketing/details/gdpr#/

Compliance manager

Learn more about Compliance Manager.  Read the Tech Community blog

Sign up for the Compliance Manager public preview program

Blogs

Videos

Tools

Downloads

Advertisements

Note-to-self: ISO27001 & ISO27002 downloads & tools

Just a quick note if you are looking in to ISO27001 documents, to implement IT security in a best-practices-way, bookmark these:

ISO27001 specific material

BTW, if you’re looking for the ISO27005 (on the responsibility/accountibility of the publisher): http://mahdi.hashemitabar.com/cms/images/Download/ISO/iso-iec-27005-2011-english.pdf

And as a surplus, have a read of the PCI-DSS, aka the ISO27001 for Banks

I’m speaking at the #HIPConf Hybrid Identity Protection Conference in New York

Next week, I have the honor of participating as speaker at the Hybrid Identity Protection Conference in New York, NY.

Let me quote Sander Berkouwer:For those who attended The Experts Conference (TEC) and NetPro’s Directory Experts Conference (DEC) events previously, the Hybrid Identity Protection Conference promises to be at least as much fun as these events, where you’ve seen the likes of Gil Kirkpatrick, Sean Deuby, Darren Mar-Elia, Brian Desmond, Joe Kaplan, “, of course Sander Berkhouwer,   and not to forget Tomasz Onysko.

For quite a while, the TEC/DEC conference has been the landmark for the MS Identity & Security community, and I would be happy to let the HIPConf take that place.

HIPConf

About the Hybrid Identity Protection Conference

The Hybrid Identity Protection Conference is Semperis Inc.’s event in the spirit of The Expert Conference (TEC) to bring together the leading experts in the field of Identity and Access Management. The event offers a unique opportunity to spend two days on-site in New York with peers, whose day-to-day job is to architect, manage, and protect identity management in the hybrid enterprise.

Attendees are able to meet face-to-face with the leading experts of their field, acquire in-depth technical knowledge, and be exposed to the latest innovation.

(And that’s where the TEC/DEC and HIPConf make the difference with other conferences, which not always allow to meet with the presenters/experts.)

The 2017 Hybrid Identity Protection Conference takes place on November 6th and November 7th at the famous 7 World Trade Center in New York City’s Tribeca neighborhood. Just minutes’ walk from famous landmarks, attractions, museums, and famous restaurants in Manhattan, and with astounding views of the New York skyline.

About my session

As you might notice, my session is taking a bit of a different view on Hybrid Identity, but as important as the technical view.

Tuesday 7/nov: “04:00-05:00 pm – Forget about compliance! Only the GDP mindset will keep you alive”

“With the 2018 GDPR deadline in focus, many businesses with EU customers are feeling like a rabbit frozen in the GDPR headlights… But it’s not the ‘R (regulation) that matters, the GDP does. In this fast moving era of cloud and data centers, information is flowing like water, and perimeter security is so Y2000. Join this presentation to learn how you can leverage best practices to build an end-to-end, layered security, and avoid information spills. “

Join the HIPConf!

There is still time to register.

And as Sander mentioned,  with the Global MVP Summit moved from the November timeframe to March, this is the opportunity to hang out with a group of people and MVPs that have built the Microsoft community for Identity & Security for years…

And I’m looking forward to see them again, after all these years!

Thanks Semperis Inc. to offer this opportunity!

GDPR: direct marketing vs natural/legal persons

Just a quick hint if you want to contain legal spam under GDPR.

Recital (14) “The protection afforded by this Regulation should apply to natural persons, whatever their nationality or place of residence, in relation to the processing of their personal data. This Regulation does not cover the processing of personal data which concerns legal persons and in particular undertakings established as legal persons, including the name and the form of the legal person and the contact details of the legal person. ”

Recital (26) “The principles of data protection should apply to any information concerning an identified or identifiable natural person. ”

In short, GDPR only applies to natural persons (people breathing), not to legal person (like, the thing with a VAT number or company registration nr).

So: Companies/legal persons can be legally contacted or spammed.

Conclusion: use a general mail address (like info@ or company@) in all non-personal company registrations and contact details, white pages, yellow pages, VAT or government paperwork…

Make sure your official company registration DOES NOT refer to a personal address.

And as owner or delegate, keep your mail address for your personal professional communication, eg signature with personally identifiable contact details (mail, phone, mobile, skype, IM, …).

Because then your personal mail account is related to an identified and identifiable natural person, and covered by GDPR, protected from direct marketing violations. Should be.

Note-to-self: MVA Learning Path – Security for the Chief Security Officer (CSO)

From a LinkedIn connection (thx Jeff and congratz on the achievement) I received an interesting pointer to a set of courses on MVA, Microsoft Virtual Academy.

An MVA ‘learning path’ is a combination of learning courses.
Just recently MVA published the ‘Security for the Chief Security Officer (CSO)’ learning path.

Check it out at : https://mva.microsoft.com/learning-path/security-for-the-chief-security-officer-cso-21

It combines 6 courses (better make sure to access them from the learning path):

  1. How to Harden Your Enterprise in Today’s Threat Landscape
  2. Cybersecurity Reference Architecture
  3. Cloud Security from the Field

BTW: have a look on the ‘security’ based content on Microsoft Virtual Academy, you’ll be surprised how much you can (continue to) learn.

See: https://mva.microsoft.com/search/SearchResults.aspx#!q=security

Note-to-self: #MIM2016 & #FIM2010 Config documenter released on GitHub

Source: Announcement on MIM 2016 Group on LinkedIn by  Jef Kazimer

Source Code: https://github.com/Microsoft/MIMConfigDocumenter

Jef announced that the Identity Community Projects team has published the MIM Config Documenter tool to the Microsoft GitHub Organization as an open source community project.

The MIM configuration documenter is a very nice and easy tool to generate documentation of a MIM / FIM synchronization or service installation.

It allows to: 

  • Document deployment configuration details for the MIM / FIM solution, including MIMWAL Workflow definitions
  • Track any configuration changes you have made since a specific baseline
  • Build confidence in getting things right when making changes to the deployed solution

You can find the project code, releases, and documentation at https://github.com/Microsoft/MIMConfigDocumenter

 

Note-to-self: Short URL for app password in Azure MFA

When you enable MFA (Multifactor Authentication) in Azure, you can configure app passwords for applications that cannot work with the code generators, applications, phone apps to logon with MFA…

The source URL for it is: https://account.activedirectory.windowsazure.com/AppPasswords.aspx

But it’s very likely you can’t remember it anymore after a while, so train your brain for these bookmarks:

Also, these point to the same URL.