[co-authors: Jason Covey, Fawaad Khan⁺, Mike Caponigro⁺]

Editor’s Note: In a rapidly evolving technological landscape, understanding the capabilities and limitations of platforms like Microsoft 365 (M365) is crucial for law firms, especially in the realms of eDiscovery and cybersecurity. This transcript of a HaystackID webcast conducted on August 30, 2023, and led by industry experts delves into the intricate aspects of M365, an evergreen platform subject to constant changes. The discussion focuses on the challenges and opportunities that M365 presents in eDiscovery, security, and compliance. This transcript is particularly important for professionals in cybersecurity, information governance, and eDiscovery, as it addresses the who, what, when, where, why, and how of navigating M365’s complex ecosystem.

While the entire recorded presentation is available for on-demand viewing, dive into the complete webcast transcript* below to gain valuable insights from panelists on M365.

[Webcast Transcript] M365 for Law Firms and Lawyers: Purview Premium eDiscovery and Security, Capabilities and War Stories

Presenting Experts

+ Jason Covey
HaystackID – M365 eDiscovery Consultant, Global Advisory Services

+ Matthew L. Miller, Esq.
HaystackID – SVP of Information Governance and Data Privacy, and Global Information Governance Advisory Services Leader

+ Fawaad Khan
Founder and CEO, CyberMSI

+ Mike Caponigro
VP of Sales, CyberMSI

Presentation Transcript

Moderator and Presenter, Matt Miller

Hello, and welcome to another HaystackID webcast. We hope you’ve been having a fantastic week. My name is Matt Miller. I’ll be the moderator today. I’m leading today’s presentation and session called M365 for law firms and Lawyers Purview Premium. We’re going to delve into eDiscovery and security with capabilities and some war stories around this product line. This webcast, it’s part of an ongoing educational series designed to help you stay ahead of the curve when you’re trying to achieve your cybersecurity information, governance, and eDiscovery objectives. Today’s webcast, like she said, it’s being recorded. It will be available for future on-demand viewing, and we will make the recording and complete presentation transcript available on the HaystackID ID website shortly after today’s live presentation. Now I’m going to introduce you to our team of experts. Today we are going to provide an unbiased overview of M365’s Premium E-Discovery, E5 security and governance capabilities, and we’re going to talk about some firsthand stories, and case studies, illustrating where the Microsoft security solutions have been optimized, providing end-to-end coverage and resolution of security incidents.

So I myself am Matt Miller. I am the SVP and Information Governance and Data Privacy Global Advisory Services leader at HaystackID. I spent some time in my past as both a construction litigation associate and then many years inside of the Big Four, Ernst and Young, and their fraud investigations and dispute services practice. And I have more recently been handling a number of different consulting projects around M365 and optimizing eDiscovery and information governance using the Purview tools. Great. So meet you. And next, let me hand it off to Jason Covey from the HaystackID team.

Jason Covey

My name is Jason Covey. I am the lead M 365 consultant in the Global Advisory Services Practice Group HaystackID. I’m based in Atlanta, Georgia. My background is primarily on the law firm side and kind of got involved in M365 as a result of doing collections and assisting clients with handling data from M365. Little did I know that doing that, I was putting my career in a new trajectory, but for the last couple of years on the vendor side, I’ve now focusing exclusively on M365 and working with both law firms and corporate legal departments.

Matt Miller

Thanks Jason. And we are joined by one of our esteemed partners and actually a former colleague of mine in AWA from CyberMSI, Fawaad. Go ahead.

Fawaad Khan

Thanks, Matt, for the intro. So I am Fawaad Khan, founder and CEO at CyberMSI. We are a Microsoft partner, a security pure play focused on everything that Microsoft does from a security perspective. Just an abridged version of my background. I’ve been in the cybersecurity risk management space for a very long time. Prior to this, I was at EY for a number of years, actually started at North American Cloud security business, ran that for about seven plus years, and then prior to that, doing similar things at Accenture and looking forward to our discussion. Thanks fa.

Matt Miller

Excellent. Thanks, Fawaad and your colleague Mike, please go ahead.

Mike Caponigro

Hey Matt. Thank you. I’m Mike Caponigro, I’m the Vice President of Sales for CyberMSI. My background really has been almost the last 40 years in the technology space, leading sales organizations across multiple industries. And I can tell you as Fawaad had mentioned today, we are living and breathing Microsoft security, and we’re looking forward to a great session today. Thanks, Matt.

Matt Miller

Excellent. So here just real quick, we’ve got the agenda, but in the interest of time, let’s just jump right into things. So we are really here to talk about data and at the core we’ve got a logistical challenge of protecting the organization’s information, the business itself, and all the information assets and knowing that all these information assets are being created by people, they’re being managed by policies, they’re being handled by systems. You’re working inside applications while you’re sitting in a facility in your particular business unit. So you’ve got all of these processes and policies that need to handle the essential assets, which are critical and sensitive information. The most important data that is going to be within the law firm is the stuff that your lawyers are creating or the data that you’re holding on behalf of your clients.

Additionally, there are these new challenges within the network or pressures being applied to the network by third parties, contractors, vendors, and customers who are hitting your actual network. So in order to make sure that the data of the law firm of the clients remains safe, it needs to have controls wrapped around it and controls make up the foundation of your cybersecurity program and governance program. So it’s important to have a mapping of how are these information assets supported by the controls. So a control framework comes into play and there’s a number of different controls that are out there, guidelines, regulations, depending on what your industry that you’re in, depending on what type of data that you handle to help result in a balanced efficient way of managing your data and being able to still do business while being in compliance. Why are law firms so particularly important when it comes to having the right controls in place is because of all the valuable information that they hold.

It should not be something novel to everyone on this call, but for those of you who sit maybe in the IT side of the law firm and aren’t dealing with client data or sending things to court, things like that, the trade secrets, the intellectual property, the mergers and acquisition details before things hit the news, anything with personally identifiable information, personal health information, credit card information, other attorney-client privilege data that is all increasingly being targeted by bad actors from foreign nation states or criminal organizations or even insiders trying to breach the network and take data that doesn’t belong to them because it has value. Just some quick stats is that one out of every 40 attacks in the past quarter? Well this year, first quarter Q1, 2023, one out of every 40 attacks was against a law firm or an insurance provider like the two most key supporters of any business organization staying in business.

75% of the United Kingdom’s top 100 law firms have been affected by a cyber attack more, also in the first quarter of 2023, 10 major cyber-attacks against six major US law firms resulting in class actions. So clients are expecting that the law firms have to take care of their data better and that extends to the entire supply chain for third-party supporters of the firm. So Jason, let’s start getting directly into with that as a backdrop about how we’ve got all this data and it’s under attack now. Everyone’s got this platform M365, what’s going on with it?

Jason Covey

What’s going on with it is that it is in a state of constant change that’s almost unlike anything we’ve seen to this point. I was thinking this morning about a way to better communicate that, and I’m going to date myself, but I’m going to refer to Space Invaders. And if the history of eDiscovery is like the beginning stages of space invaders where the aliens are moving slowly, you’ve got some space between you and them, you’ve got the asteroids between them, what the last couple of years have felt like are the latter stages of space invaders where the aliens are on top of you, they’re moving quicker and quicker left and right across the screen and your asteroids that protect you are all getting blown up. That’s kind of what the pace of eDiscovery has felt like to me in the last couple of years, and that’s largely driven by M365.

So M365 is what Microsoft calls an evergreen platform and what that means is that the changes are constant and what’s true today may not be true tomorrow. In fact, that’s a virtual guarantee. So that’s created a scenario where keeping up is just the new normal in cloud eDiscovery. And with most of the world’s business data in M365, that’s what makes it so relevant to stay on top of this because law firms, that’s where the majority of your client’s data is the high-value data that are subject to litigation and investigations. A consultant I know once described M365 is the concept of working on the car while the customer is still driving it. I think that is accurate. And then lastly, M 365 has a real transparency problem in working with eDiscovery. There’s a lot of black box, there’s a lot of stuff going on that you have very little insight into and that poses a problem with regard to defensibility and being able to understand and communicate actions that were taken. If there’s an issue with data collection, if something was missed, there’s a real lack of transparency that creates a challenge in the discovery.

Matt Miller

Excellent. And Fawaad, tie a little bit of this to real life and what happened with the public schools in Baltimore.

Fawaad Khan

So this was really an interesting case study. If you look at all of the information that’s available, typically after some type of a ransomware attack, you get the highlights, you get the big numbers, but they don’t really break it down in as far as what were all the different areas that cost got allocated to. And in this case, this actually came from a FOIA request, so freedom of Information Act that was made by the press and with the Baltimore County Public School district. And given all the financial pressures that they had been experiencing for a number of years now, they had to provide this accounting, which is really fascinating. If you look at what basically the county said was that the actual ransomware paid was 11 and a half thousand dollars and then there was an additional $8 million in cost. And as far as all of the recovery things were concerned and some of the more proactive stuff and as far as getting those appropriate controls in place, which were clearly lacking at the time of this incident. And then there was another $2 million that got allocated. So all in all 10 million cost for a public entity that really could not afford that. And that is typically what we see with these types of attacks. The actual cost may be minuscule compared to all of the things that go along with it.

Matt Miller

[One cannot be too careful] because there’s all these new products that are coming out inside this platform, which is constantly under attack. How does that impact lawyers is there are things coming out every day that maybe people on this call who are probably half of us dealing with this as an end user, the other half of us dealing with Microsoft 365’s platform as administrators, we have to be up to date on what’s new, what’s next, Jason, just real quick, Copilot Loop Viva, what are they doing here? Why so much focus on collaboration and what’s that mean for the legal teams?

Jason Covey

Sure. So there’s absolutely an increasing focus on collaboration as well as AI-generated content analytics continually evolving in new data types and a lot of it is actually tailored to provide automated feedback to management. So you’ve got all these new technologies coming on board. And I said earlier my experience is primarily on the law firm side, which has led me into this. And what I started to see in the last couple of years I was on the law firm side was really a growing disconnect between what was kind of standard fair law firm technology and kind of a chasm between what was becoming the standard IT corporate IT environment technology and a disconnect between the two. What went on in the law firm was starting to look very, very different from the law firm’s clients and starting that puts lawyers litigators in the situation of trying to make use of that data.

Is it being collected? Where does it reside, how do we review it? So you’ve got technology like Microsoft Teams and Microsoft Loop and you’ve got this dynamic changing data. So it’s we’re no longer talking about a static document and stuff is evolving over time and it’s only becoming more and more complicated. So I think that’s one of the big takeaways from this session is focusing getting law firms and litigators understanding even though they’re not necessarily seeing this technology inside the law firm on a daily basis, they’re in the uncomfortable position of being understood that they understand it or on top of it or looking around the corner to make sure it’s handled properly in all of their matters.

Matt Miller

Yeah, I mean when this comes up in a case, I had to look it up, I hadn’t heard about copilot and then I was talking internally and they’re like, oh yeah, yeah, we’re going to be rolling that out internally here too. And I was, oh okay. Something new every day in Microsoft. Just understanding that M365 has multiple applications that sit within inside the E5 and E3 licensing. Maybe it’s a good time to ask the audience. I know that we might be able to do a poll, but out of curiosity from the audience, do we have anyone running the E5 licensing within the Microsoft stack? If we could get that pulled up, that would be great. Can you guys see that?

Jason Covey

Yes.

Fawaad Khan

Great. It’s about half and half.

Matt Miller

What’s half what?

Fawaad Khan

No, I was just saying the results have also started to come in, which is interesting.

Matt Miller

Perfect. Alright. I just can’t see it. Well if you can see those results, feel free to tell me what they say.

Fawaad Khan

Sure. Yeah. So it looks like 42% of the audience is saying that they are currently using Microsoft E5, which is a much higher number than I was personally expecting. And then 58% said no, they’re not using Microsoft E5 currently.

Matt Miller

Okay. So that does tell us that there is a significant portion of this audience that has the capabilities to get into the compliance center and the security center inside this Purview product. So we’re going to focus out of all these different suites of tools primarily today around the compliance manager and Purview eDiscovery. So let’s just jump right in. Jason, what is this front screen here when you enter the portal from this doesn’t look like what I see every day when I go into my M365.

Jason Covey 

That is correct. So this is behind the scenes IT admin fair here. This is the Microsoft Purview compliance portal, formerly the Security and compliance center. They rebranded it in April 2022 from the former security and compliance center. And Microsoft’s quoted at the time, their thinking behind their constant changes is that Purview brings together what was the former Azure Purview and then the former M365 compliance portfolio under one brand and create a more unified experience. So these are where all the powerful tools that we’re talking about that are the centerpiece of compliance within Microsoft Purview. This is kind of the high-level login screen where all of the tools can be accessed

Matt Miller

And it seems like it’s not just a tool anymore for writing documents, making spreadsheets and putting together beautiful PowerPoints like our marketing team. What else is it doing here from a compliance perspective?

Jason Covey

Yeah, so it’s added a very, very powerful variety of functions which we’ve outlined here in our slide. eDiscovery has one of those functions, but that’s central to what lawyers and law firms are having to deal with in getting data from their clients. But there’s also the data loss prevention to keep data from leaving the organization sensitive data lifecycle management principle of information governance inside a risk management records management. So all information protection and just the majority of handling the ways that a corporation is trying to both meet regulatory requirements for maintaining data as well as protect that data and be able to search and find data that’s relevant to whatever matters the legal department is working to address.

Matt Miller

Got it. So within those 250 different licenses that you can get from Microsoft, you can figure out the right components that work for your firm or maybe talk to one of our two firms to help guide you through that process because it is clearly complicated. Within eDiscovery there’s different products with different functionality. This is the electronic discovery reference model for those who don’t come from the world of everyday litigation. So when there is a lawsuit and internal investigation or a regulatory response, the lifecycle of that document getting from where it is on the network to being presented to a court or opposing counsel or a regulatory body goes through these main steps. You have to be able to find it on the network. You have to be able to preserve that data and collect it and then have attorneys make decisions on whether that data is responsive or not responsive or privileged or not privileged. In the past it’s been extremely challenging, especially related to unstructured data, but now Microsoft is starting to play and cover the primary portion of the eDiscovery reference model. Jason, before I flip the slide, any comment there on how they’re growing?

Jason Covey

Sure. The Premium E-Discovery is the focus of Microsoft’s development and most of the new features and moving the ball down the field and to the right side of the EDRM. That effort is going into Premium E-Discovery and there’s a lot of speculation of what that’s going to look like going forward, but in monitoring this over the last two years, it’s hard to look back and see how far they’ve come. So is it best in class technology at this point for what we’ve become accustomed to an eDiscovery? No, but it’s also progressed at a rate that’s kind of hard to comprehend because it has the resources of Microsoft behind it so they can catch up in a way that would be difficult for another developer to achieve. So it’s definitely moving forward and there are a number of interesting capabilities on the horizon and encourage everyone to monitor the M365 roadmap where you can dig into the details of where things are in their current state and what’s coming in the future.

Matt Miller

And so in the interest of time moving right along, there’s different mechanisms to be able to search and find and acquire data. Why do we have these ones outlined in yellow on the right-hand side here, Jason?

Jason Covey

Yeah, so we’ve just done that to emphasize what are the primary sources of the high-value data. In most litigation, it’s kind of the 80-20 rule, 80% of the relevant content that’s going to be at issue employee communications, documents that are created records, those are going to occur in those locations. We have identified, we’ve got Exchange and SharePoint are kind of the more legacy data sources. OneDrive has kind of replaced the home shares, so to speak of individual users. And then the big one in the post-COVID era is Microsoft Teams, which some say that Teams is the new email. Unfortunately, the way it works is a bit more complicated than that. And then we’ve got emphasized EVA Engage, which is the former Yammer, the internal social media platform. And then on the left, what we’ve done is just highlight what are essentially the three different eDiscovery tools that are available in Purview.

And that’s the more basic content search. That’s something that’s oftentimes more familiar to IT professionals and then the two that have a little more of a legal bent and provide some different capabilities, more focused on legal process and eDiscovery than content search. And that’s standard eDiscovery available via the non E5 licensing. And then Premium E-Discovery, which we discussed, that becomes available either with the E5 license or there’s two different options where you can add that via an add-on license, but then the focus here stays obviously on premium. And this slide just gives you a quick comparison of the starting point for each of them. It’s interesting how these are very unassuming technologies, everything is just kind of black and white. They look really simple. There aren’t a lot of buttons, and it can do more than you would think it can do, but it’s a difficult technology for some folks who are used to eDiscovery technology that looks a certain way and functions a certain way. It’s kind of stark. And this is in keeping with how this technology, Microsoft presents it in comparison to all the other myriad technologies that are part of M365. So they kind of provide a unified visual appearance and that can be a point of cognitive dissonance for eDiscovery veterans.

Matt Miller

Alright, so let’s delve a little bit further into this Premium E-Discovery. I feel like its name changes every day. I had just learned advanced eDiscovery suite and now it’s been rebranded again. It seems like that’s going on quite a bit, but as they are changing things, we’re getting more functionality, right Jason?

Jason Covey

Yeah, no, absolutely that it goes to the point of what I’m saying. It’s hard to, when we think about advanced eDiscovery or AED for insiders, what that looked like prior to April 22 versus where we now stand with premium ed discovery, EDP for Microsoft insiders of where that looks like today, they’ve been quite a bit of products. Is it industry-leading? No, but it does have some capabilities that delve into industry-leading and there’s a lot more of that on the horizon. But as we showed on the prior slide, this is just Microsoft attempting after the April 22 rebranding to Premium E-Discovery, just trying to integrate the farther right EDRM stages and the whole objective of this is control, security, risk compliance and privacy. The data, the reason Premium E-iscovery is relevant is because as I said earlier, it already has the vast majority of the world’s high-valued business data in it that particularly applies to both law firms and particularly the law firm’s clients is the relevance here. And that data is not coming out based on security risk, privacy and compliance. So the emphasis then becomes placed on reducing data volume at the source within the M365 tenant. And that’s what kind of has us at the precipice of a brave new world.

Matt Miller

But there area limitations from an eDiscovery perspective, correct?

Jason Covey

There absolutely are. I feel like I spend most of my time talking about what these are. So it doesn’t have full production capabilities. So you’ve got no image generation, no Bates numbering, they provide a litigation load file, but it is lacking, it’s not load ready so to speak. They don’t have document batching, so you can’t create a batch of documents for reviewers. Some very challenging issues with Team’s data and that particularly goes around the data collection side. I spent a lot of my time advising clients on the issues of gotchas with Teams data collection and understanding where it lives, the evolving data types, what it can and can’t do. It’s just kind of a myriad of technical limitations that you’ve got to have in mind because they can affect your planning. So I’m always trying to keep up with the latest changes that are a part of the evergreen platform. That’s a real challenge for eDiscovery practitioners both working in the law firm’s clients and then the law firm, eDiscovery practitioners, litigators, eDiscovery professionals that are trying to bridge that gap and stay on top of technology that they don’t necessarily have hands-on access to on the law firm side.

Matt Miller

Alright, that’s helpful. Also kind of makes me a little worried that we might be putting the cart before the horse, but is there’s some good stuff going on and tell us a little bit about what’s going on on the inside of this eDiscovery suite.

Jason Covey

Yeah, so I mean there are shifting sands features will be delayed. They will appear, they will disappear without warning, they might come back and eDiscovery is not Microsoft’s primary area of expertise and I think it’s fair to say that it’s not a priority for what they’re doing. Microsoft is in the business of providing innovative features and functionality and pushing it out to end users as quickly as possible. It’s always a catch-up game in determining the compliance capabilities because we think about email’s been static for 20, 20 plus years, but we’ve got new data types rolling out. Where is a Microsoft Loop file? What is it? How does it work? How do we view that in relativity? Where is it maintained? And it’s a dynamic data types, so how do we deal with the versions of it, how it evolves over time. And you think these things are relevant in the context of litigation, but the thing I kind of alluded to earlier, Microsoft does have tremendous resources and they can make up an unthinkable amount of ground versus even the largest developers.

So within its parameters and understanding what it can and can’t do, it generally does work. And to that point, I just want to mention I operate basically an ECA program making use of Premium E-Discovery for a large global organization and their wanting to leverage the Microsoft technology to make the reduce data volume in-house identified relevant content as early as possible in a matter. And we’re doing that in the real world. So I’m very confident in making that statement within its intended parameters. It generally works. Is it perfect? No. Does it have challenges? Absolutely, but those are all things that are kind of in play right now with premium media discovery.

Matt Miller

Alright, this is super helpful and there’s challenges going on here, but we’re solving problems. We’re using this to do things that were maybe harder to do before. There are obviously still gaps, there’s nuances around the product. The UI is different. It doesn’t look like what the most pretty interface, right? I mean let’s all be honest, but Microsoft has the resources, they have the technology. I mean they were, they’re the biggest investor in ChatGPT pouring billions of dollars into that development. They were the ones who bought that company 15 years ago. For those of us who come out of the eDiscovery space and integrated that first technology-assisted review capabilities into 365, they took it off the market before other eDiscovery companies could even use it. I definitely want to get into the security discussion because I think Mike and are chomping at the bit to get involved here. But any pros and cons that stand out for you that we haven’t already talked about?

Jason Covey

I think these are the biggest challenges for litigators to understand. We talked the lack of transparency both in process and technology with the toolset. We talked about the deceptive simplicity of the UI experience. There are absolutely capabilities, capabilities, gaps that have to be thought through and addressed of workflow planning, difficult to understand nuances, and data storage. That’s a big one and that’s one that’s particularly relevant to lawyers and the collection experience requires understanding of the various Microsoft workloads. There are pros and cons. Decisions early in the process have consequences later on and that’s something that’s got to be thought through. So if you’re dealing with a complex workflow, you’ve got to have that expertise available to you earlier in the process to prevent problems that come along later. One such example is the modern enactment question. That’s something I recently created an information paper for HaystackID on and one of the focuses of the paper is decisions made at the very earliest stages of the data collection can have some potentially catastrophic outcomes much later in the process that you’re not aware of at the time.

So I just used that as an example of that being part of the process, having that expertise at the farthest left stages of the EDRM and can save a lot of headaches later on in many cases where I’m kind of brought in after the fact to figure out what happened. And I’ve seen that a common theme and the last thing I’ll mention is that Microsoft’s their terminology, they operate in Microsoft’s world. They do not necessarily comply or conform to existing eDiscovery vernacular that we’ve all come accustomed to. They state things their own way. So that is another source of cognitive dissonance to experience eDiscovery practitioners. We communicate about things a certain way and have for a very long time and Microsoft calls it something different and they’re not really concerned about it. So that creates a gap in understanding. So that’s another part of the uniqueness of navigating the Microsoft world.

Now what does it have? These are important things and this is why I think you position it for future success, the stability and scalability of their global infrastructure. Microsoft is able to handle data of any volume. It’s already in use worldwide by millions of organizations. It does have the functionality for most common workflows, extremely powerful analytics capabilities and that’s specifically part of the acquisition of Equivio, I believe it was in 2015 that that was referring to. And it’s got really something that I think is a major difference between discovery, applying analytics to a million document review set, which I’ve seen dozens of times. It’s literally to run document and email analytics go and you’ve performed analytics processing. There’s nothing else in e eDiscovery that can be done that of that sophistication in literally two clicks within your own Microsoft environment. So if we, we told folks that in 2014, 2015, the reaction that would’ve been to that, obviously it’s arguably the global standard for IG and compliance at this point and the security and privacy of your data remaining inside your M365 tenant, which probably dovetails very well into the portion of the presentation by cyber inside.

Matt Miller

It absolutely does. And that was a really good overview. I think we could probably do a conference around just the Purview eDiscovery stuff. So if you guys have questions on the audience, some of you can drop ’em the chat, but if you want to get in touch with us afterwards, we obviously have our contact information, we’ll be at the end of the presentation and we can delve further into those topics. Let me hand it over to Mike and Fawad to talk a little bit more. Now these security products come with the same suite of services, so if you’ve got E5 and you’re using a free discovery, you can also use it for all these different security things, right guys?

Fawaad Khan

Yeah, that’s exactly right. Thanks, Matt. So just to be mindful of time, I am going to be covering a lot of different areas and I’m going to try to keep a quick pace, but obviously our information will be available, happy to talk to anyone afterwards. E5, it activates a number of different features across all the different product families that Microsoft has from a security perspective. So we spend quite a bit of time talking about the compliance specifically within that, the eDiscovery part. So Microsoft security touches on three kind of platforms if you will. So the first one being Microsoft Defender, think of it as anything that the users interact with or it has to do from an infrastructure perspective. So devices, apps, email, things that typically users have from an IT perspective that gets under the Microsoft Defender piece and E5 is what enables that.

Then there’s the other piece which is the Microsoft sent, which is the security information event management product that is the product that security teams use on the backend to gather and aggregate all of the security telemetry that’s coming in and being able to analyze that and respond to incidents and things like that. And by the way, everything that we look from eDiscovery perspective and the Purview perspective is also integrated into Central. So you can have that consolidated function of security working in a very closely in tandem with compliance, which has not been the case historically. So for those of us that have kind of grown up in these different silos, we can appreciate that. And then the last one is the Microsoft Entra platform, which was recently greened. So some of you might be actually familiar with it, but for most of you it’s the Azure Active Directory. So that’s the cloud version of the identity and access management platform that Microsoft has had for a number of years now. And it has been rebranded as of I believe as of September 1st. So we said we’ll just go with the new name. So those are the kind of three major families. Next slide please.

So let’s talk a little bit about continuing with the theme of what is Microsoft’s vision. So their vision when it comes to security is actually pretty comprehensive. It’s the only vendor that is currently able to cover all of the different aspects of how do you use this notion that’s been around for a while with zero trust security. So the idea is that organizations need to be in a position to verify everything explicitly. Nothing can be assumed. Organizations need to operate everything, every user, every device needs to be operating on the principle of least privilege. And then the last tenant of this approach is that you should assume breach, which has some very significant implications for how you actually manage your security. And this concept is not new, it’s not something that Microsoft came out with. This actually dates back a while, but Microsoft is the only vendor right now that is actually able to explain its vision. And if you look at it, it’s covering identities, devices on the left-hand side and then everything else including the apps, the data infrastructure and network and everything in between. Microsoft has the ability to bring that together. So the vision is comprehensive, but what about its ability to execute? So we’ve seen a lot of these messages being advertised in the past where somebody, they’ve got the next shiny thing, so to speak, Microsoft and actually proven that it’s got the ability to execute on this. So if you go to the next slide, Matt, please.

Three years ago what we basically had, if you said Microsoft security in the same sentence, that was considered an oxymoron. And what we have seen is that’s changed significantly. So right now, I mean according to Gartner, so I think all of the industry analysts are unanimous in this. Microsoft has really closed the gap and if you go look across all of the different areas of security, Microsoft has really positioned itself as the top two or three in the top two or three leadership position. And that’s a remarkable, and I think Matt’s point about that Microsoft has the ability to execute this is demonstrable, right? You can see this three years ago Microsoft was not in that position in any of these different quadrants and today they are, and that’s a testament to their execution. So vision is comprehensive strong execution and that I think opens up a lot of potential for Microsoft security. So if we go to the next slide please.

So E5, right? So coming back to our, what’s an E5 from a security perspective, E5, I mean this is an I chart, so I’m not going to go through this, but if you just look within the security piece, the ability to at least consolidate, if not altogether, rationalize a lot of the point solutions that exist in a typical organization saying an organization with few hundred employees is going to have maybe upwards of two to three dozen different security tools that they’re using for different things. E5 really gives you the opportunity to consolidate all that and that is what five’s promise is. So very complicated, but also at the same time very powerful in terms of the ability to consolidate. And there’s a piece that we haven’t talked about is typically the perception that E5 can be very expensive, it can be, but you really have to kind of do an apples-to-apples comparison in terms of what that offers and what you might be doing from a point solution perspective. And I think at that point the economics begin to make more sense. So with that, let’s go to the next slide please.

Matt Miller

And just to that last point, awa, I mean look at how many different point solutions have grown over time and now to be able to get those all in one package, even if it’s maybe not the best but it’s pretty darn good and it gets you there, it’s quite an improvement compared to what we’ve had

Fawaad Khan

And again, the only vendor that covers that much. Now the most exciting part I think for a lot of members of the audiences, this question that typically gets asked for the C-suite and the boards especially the risk and audit committees is right, how secure are we doing from a cybersecurity perspective? Microsoft has taken a very, what I would call a very unique approach to quantifying that. So these risk quantification tools have been around for forever, but Microsoft is somebody that has really taken the time and this is one of the things that they do extremely well. So in terms of just looking at the landscape of what the organization has from a controls perspective and then being able to analyze the configurations and the compliance of those things and with the policies and things like that and being able to summarize all that information, that’s actually a pretty remarkable tool. Mike, I know you have a lot of conversations with some of our clients. What are some of the observations and things that you’ve heard over the years as you’ve been talking about E5 and the cyber risk management piece?

Mike Caponigro

So as a business person, this is my very favorite tool to work with our customers on because, as Fawaad mentioned, there’s significant interest from leadership and the board as to what are we getting for our investment in cybersecurity because CIOs are always asking for budget and where our vulnerabilities. So we use this client or this tool to work very closely with our clients. So we start by with a new client, what is your current state? Where do you want to be? What does the end state look like? And then we map this entire process out for them in a format that they could present to the board investors senior leadership. Now the interesting thing about this, and it takes a true commitment from the customer because this is a marathon; you don’t just flick the switch and go from 40 to 90%. It takes time.

And here’s a good example and people always ask me, do the senior leadership really care about it and does it get their intention? But we have a situation last week with one of our global clients we’ve worked for with them for months to get their secure score above 90%. The board knew about it, their major private equity investor knew about it and they were praising the organization. Well fast forward a few months and last month Microsoft announced some patches. The client fell behind a little bit on our recommendations and their secure score fell below 90%. The next meeting, the CIO was on the call, our weekly call with us asking why this happened. Our board wants to know, our senior leadership wants to know our investors want it. So let me tell you that once the client embraces this, all stakeholders take an interest in it and it’s a great tool.

Matt Miller

Well, I would probably say that if I’m a law firm and I’m holding client data and I’ve got a 95% secure score, I wouldn’t mind having that on my screen when the new client walks in the door, right? Look, we take security seriously related to our data and your data, the most sensitive data on the networks. I mean if nothing else, it plays out well from the mindset of I’m worried about everything.

Mike Caponigro

Absolutely, Matt.

Fawaad Khan

Yeah, so again, just looking at the clock. So the biggest challenge, so that was kind of all the goodness stuff. I would say the biggest challenge is the E five implementation can be complex. For those of you that are familiar with enterprise resource planning software that tend to be very time consuming, it can be, but there are ways to manage that. We have invested significantly in terms of how to simplify the deployment and the operationalizing the whole suite. And that’s what it takes. A lot of times what we see is clients have going to purchase the E5 product and they think, well we’ve flipped the switch now it’s good to go, but they’re really not even scratching the surface of that. So you really need somebody that can help you navigate through all that complexity. And that’s going to be, and we have so many wall stories around that, but the idea is that it’s not something that just comes out of the box and then it’s done.

There’s a fair bit of complexity that you have to go through and you’re going to need help with that if you go to the next slide. And I believe that should be yes. Okay, so Matt said, let’s make sure that we synthesize some of these war stories into some very salient messages. So the first one is your E five is a very capable product, but you’re still going to need your security teams to have that deep and varied skills. And we’re not even talking about outside of Microsoft, even within Microsoft because if you recall the vision that they have across all of the different areas, that’s everything an organization has and that’s a lot. So you do still need that skillset in this market. Attracting, retaining all of those can be very, very challenging. So keep that in mind. Still need the skillset to be able to take benefit from that.

Designing the security architecture and the solution overall. And we even touched on some of these things around like data residency, regulatory and compliance requirements because E has got a lot of knobs that need to be fine-tuned, so that’s going to be a big piece of that. The next one we would say is also around identifying and prioritizing your high-value assets, whether it be users, devices. So we have a finance department that we know gets attacked quite a bit with business email compromise type of attacks, how do we secure ’em? Those are the types of things that you need to do upfront and they’re absolutely critical if you’re going to have success with E five security. The other pieces that typically within E5 they capable and some of the traditional areas that Microsoft has been focused for a while, but network security is something that is currently lagging and as far as vis-a-vis the competitor’s solutions.

So there’s some guidance and help that’s going to be needed if you’re going to use E5 to also consolidate that security from a network telemetry perspective. The other thing that I think often gets lost in all of this is the detection response capabilities of E5 as good as they are, are not going to be a substitute for what is basic security hygiene. So software patching has to take place. You have to have a good way to manage your identity access management framework with least privilege. You have to have, hopefully as an organization, you have an incident response plan and then you are actually exercising that IR plan through tabletop exercises with firms like HaystackID id. And you’re going through that exercise and because E5 again it is got 15,000 things and if your incident response plan isn’t getting exercised in that particular context, teams may not know what’s available or what’s not available and who to go to and where to get that information.

So it can become very, very, and that’s one of the painful lessons that we have learned working with one of our clients is that they just never went through that and the first time they had a major incident, this became a glaring gap for them. And then business continuity planning. So disaster recovery is not enough. Business continuity planning, again, not a substitute for doing all the things that E5 does. And these are things that are not in E5 because they’re more governance and process oriented and you need that. And last thing is, I think Mike touched on this, quantifying cybersecurity risk using tools like secure score is very helpful, but it’s got to be done in the proper context so that you can manage your stakeholder expectations and not follow victim to your own success. So those are I think, the major lessons With that, I want to turn back to you, Matt.

Matt Miller

That was great. Thank you guys for today. Let me try to sum it up and bring it together with a quick case study here, real life and how this stuff plays out. So we had a client that had about 350 gigabytes worth of data inside their HR folder. And you can see that here. The reason it’s circled in red is that within that folder, most of the data was over seven years old, and that’s about 82% of the data in that folder in exchange is on OneDrive. And also within that folder is duplicate data. There’s stuff that doesn’t even need to be in there. It should have been demised. And in using the classification tools to be able to figure out what’s actually inside there, we found more than 5.2 million social security numbers inside this folder. This is a real estate investment trust company and they’ve got all this PII sitting in there and had they taken some proactive steps to eliminate sensitive data that was over seven years old, it’s out there on the network.

They probably wouldn’t have been in the situation that they’re in today. So again, if you guys have any further questions, it would be great for you to reach out to us. I wanted to thank our expert panel for sharing their insights and all the information. Jason, Fawaad, Mike, I know you took time out of your schedules and to all the audience members who took time out of their busy schedules to attend, we really appreciate it. We value your time. And thank you for joining this educational series. You can learn more about this webcast, upcoming webcast and explore our extensive library of webcasts on HaystackID.com. You can check out our partner company, it’s CyberMSI.com. And once again, thank you for attending the webcast. We hope you have a great day. Thank you, Mike. Jason, thank you, everyone.

Lexology Host

Thank you everyone for attending. Just want to echo what Matt said. You can also access this masterclass on demand and we will be sharing a recording with you in the coming days. I hope you have a great rest of your day, and goodbye.

*AI-assisted non-verbatim transcription.

⁺CyberMSI