Scanning Office 365 for sensitive PII information

RadimPersonal Data, Security

PII Tools has been able to analyze PII in Windows file shares and workstations for a while now. The new #1 request has been to discover personal & sensitive data inside Office 365 accounts (Sharepoint Online, Exchange Online, OneDrive).

Screenshot of UI for o365 batch scans

Office 365 storages can be scanned using either the web dashboard, or REST API for automation.

Since we listen to our customers, I have a happy announcement to make: Starting with release 1.6.0, PII Tools can automatically scans contents of Office 365 accounts.

This includes both structured and unstructured content in Microsoft OneDrive, Microsoft Exchange Online and Sharepoint Online, via four brand new Storage Connectors.

What does “support Office 365” mean?

You can now find and review personal and sensitive information for documents, emails and tables shared within your company’s Office 365 account(s), directly from PII Tools. No need to export or copy the data to external locations. Since PII Tools runs on your own hardware, there’s no need to send any data into the cloud either.

“Scan across Office 365” can sound a little nebulous, and navigating Microsoft’s enterprise offerings not always straightforward (ha!). So here’s what we mean specifically:

  • Office 365 is a suite of products and services, some of which may store personal information or sensitive data: names, addresses, credit cards, faces, passport scans, sexual preferences, religious views… Microsoft’s PII protection built into O365 is generally considered rubbish.
  • The main services within Office 365 are:
    • OneDrive: file hosting service operated as part of Office Online; there are drives for users, user groups and entire sites.
    • Exchange Online: hosted email, one mailbox per user. There’s also a separate (separately licenced) “In-place Archive Mailbox” service.
    • Sharepoint Online: cloud service to share and manage company data; some documents shared on OneDrive.
  • PII Tools lets you apply our context-aware personal data detectors to:
    • Mailboxes of an individual user, Archive mailboxes, or all users in Exchange Online.
    • Drives and sharepoint sites of an individual user, or of all users.
    • Drives of a single group, or all groups in OneDrive.
    • All drives and subsites for a given OneDrive or Sharepoint site.
  • Technically, programmatic access to Office 365 happens through an API called Microsoft Graph, mgraph
  • PII Tools comes with step-by-step instructions on how to set up and authorize Office 365 scans in PII Tools.

Where next?

The pace at which PII Tools evolves these days is hectic. It was only last week we released our new on-prem web dashboard, to complement the existing REST APIs.

With Microsoft Azure Blob on our roadmap for July 2018, we’ll be able to offer our customers discovery across pretty much all major environments, whether local, cloud or database.

This is an article about PII Tools, our on-prem (self-hosted) software for accurate personal and sensitive data discovery. PII Tools uses proprietary context-aware AI technology to make the life of CISO, Security, Legal & Privacy teams easier.


Questions? Want to see a live demo? Contact us.