This document will walk you through the install/setup of the Microsoft Advanced Threat Protection software.  ATP is replacing the BitDefender antivirus software you may currently have installed on your Mac. If you still have BitDefender installed on your computer, we will need to remove that first.  If not, proceed to Section II (Install ATP). I - Uninstall BitDefender (DMU issued Macbooks) Open Applications folder: Go > Applications Open BitDefender Folder Double-click EndpointSecurityforMacUninstaller When prompted click Uninstall When finished click Close Restart the computer II - Download Needed Files Download each of the files listed below and Save them to your Desktop. ATP Installer- https://dmu365-my.sharepoint.com/:u:/g/personal/helpdesk_dmu_edu/ERrELeQvcpZFpS8V2vTUltwBCjawiu-buGOMyD6aKLjBAg?e=sW0OSa  DMU.py - https://dmu365-my.sharepoint.com/:u:/g/personal/helpdesk_dmu_edu/EUDqjqpktJVGgQ3gSAzVOvABAIwX2I5PfhtMm80Y8XqxIg?e=CEpNhp III - Install MS ATP Double-click the wdav.pkg file Continue through the installer. You will be prompted to allow a driver from Microsoft to be installed (either "System Exception Blocked" or "Installation is on hold" or both.) The driver must be allowed to be installed. If you don’t see this, skip to step 7. Select Open Security Preferences or Open System Preferences > Security & Privacy. Select Allow Installation will proceed on its own. When completed you may see prompts about updates.  Allow it to check for updates and install, this may go through multiple updates and take 10 to 15 minutes to complete. However you can use your computer while this works in the background IV. Configure ATP Ensure the DMU.py file is downloaded and on your Desktop Open Terminal Type the following python ./desktop/dmu.py and press Enter Enter your Password when prompted and press Enter Reboot you computer Delete the files you downloaded Microsoft Defender ATP should now be on your top Menu Bar

Sensitivity Labels are a part of Microsoft Unified Labeling, which is a cloud-based solution that enables our organization to discover, classify, and protect Microsoft documents and emails by applying labels to content.  This document will be a guide towards understanding how you can use Sensitivity Labels to protect your documents and emails and get you up to speed on how to use it. The simplest way to get started is to look for the Sensitivity button in any Office App ribbon (Word, Excel, Powerpoint, Online, Etc.).  The Button is located on the Home tab, and typically in the upper right-hand corner of the ribbon.  From the dropdown you can choose the appropriate classification; “Confidential”, “Sensitive”, “Internal,” or “Public”, as defined in our Data Classification Policy. Sensitivity Labels Sensitivity labels are aligned with DMU data classifications.  Below are the labels, definitions, how data and information are handled when the label is applied, and a few examples for each label.  See the Data Classification Policy and Information Security and Privacy Overview Policy for more examples. Label Definition Handling Examples  Confidential Email (Encrypted) Confidential data pose a high risk of significant financial loss, legal liability, public distrust, or harm if this data is disclosed.  Confidential data include any information developed, maintained or managed by or on behalf of the University, or within the scope of university activities that are subject to specific protections under federal or state law or regulations or industry standards, such as HIPAA, HITECH, FERPA, the Iowa Personal Information Security Breach Protection Act, similar state laws and PCI-DSS.   Email: Encrypts email and attachments.  Label shows at top of email. Document: Label not available for documents. SSN Student Grades Patient Information   See Information Security and Privacy Overview Policy for more examples Sensitive Email (Encrypted) Sensitive data pose a moderate risk of significant financial loss, legal liability, public distrust, or harm if this data are disclosed.  Sensitive data include any information that are not deemed Confidential but are contractually protected by contract or law and any other information that is considered by the University appropriate for sensitive treatment.   Email: Encrypts email and attachments.  Label shows at top of email. Document: Label not available for documents. Salary and employee benefit information Financial data about donors Unpublished research data University financial information   See Data Classification Policy for more examples Confidential Document (Unencrypted) Confidential data pose a high risk of significant financial loss, legal liability, public distrust, or harm if this data is disclosed.  Confidential data include any information developed, maintained or managed by or on behalf of the University, or within the scope of university activities that are subject to specific protections under federal or state law or regulations or industry standards, such as HIPAA, HITECH, FERPA, the Iowa Personal Information Security Breach Protection Act, similar state laws and PCI-DSS.   Email: NOT recommended for emails.   Use “Sensitive email (Encrypted): instead. Document: Label shows at bottom ribbon of document. Document not encrypted, but protected if stored on DMU network, Office 365 or DMU-issued laptop SSN Student Grades Patient Information See Information Security and Privacy Overview Policy for more examples Sensitive Document (Unencrypted) Sensitive data pose a moderate risk of significant financial loss, legal liability, public distrust, or harm if this data are disclosed.  Sensitive data include any information that are not deemed Confidential but are contractually protected by contract or law and any other information that is considered by the University appropriate for sensitive treatment.   Email: NOT recommended for emails.   Use “Sensitive email (Encrypted): instead.  Label shows at top of email. Email NOT encrypted. Document: Label shows at bottom ribbon of document. Document not encrypted, but protected if stored on DMU network, Office 365 or DMU-issued laptop. HR Employee Benefit Information Unpublished Research Data Strategy Documents Non-Public Intellectual Property See Information Security and Privacy Overview Policy for more examples Internal Internal data pose a low risk of significant financial loss, legal liability, public distrust, or harm if this data is disclosed.  Internal data are intended for internal University business use only, do not rise to the level of Confidential or Sensitive, but should not be made available to the general public.   Email: Label shows at top of email. Document: Label shows in bottom ribbon of document. Memos Correspondence Meeting Minutes See Data Classification Policy for more examples Public Public data does not fall into any of the other data classifications and poses no risk to the organization. This data and information may be made generally available without specific Data Steward's designee or delegate approval.  This is the default Email: Label shows at top of email. Document: Label shows in bottom ribbon of document. Advertisements Job Opening Announcements University Catalogs Getting Started Microsoft has created some simple documentation that will quickly get you up to speed on how to apply labels.  This online documentation will walk you through applying labels for any platform including; Office 365, Online, IOS, Android, and Mac. How do I apply sensitivity labels? Known issues when you apply sensitivity labels to your Office files. How to remove hidden data and personal information by inspecting documents, presentations or workbooks? Frequently Asked Questions How do I classify a file or an email? Use the sensitivity button in any Office app (Word, Excel, Powerpoint, Online, Etc.) ribbon. The Button is located on the Home tab and typically in the upper right hand corner of the ribbon. From the dropdown you can choose the appropriate classification. Email Document   How do I send an encrypted email? Using Sensitivity Labels, you can encrypt a message by using the “Confidential Email (Encrypted)” or "Sensitive Email (Encrypted)" label.  All you need to do is select the label and hit send.  Users receiving the encrypted message will either use a one-time passcode or log in with Microsoft credentials.  Encrypted email can also be accomplished by using “dmusecureemail” in the subject line of an email.  Can confidential or sensitive emails be forwarded? Messages that are labeled "Confidential" or "Sensitive" can be forwarded once opened.  Since documents, such as Word documents and Spreadsheets cannot be encrypted with Sensitivity labels, are they at risk? The DMU network, Office 365 (including OneDrive and Sharepoint) and your DMU-issued laptop are all highly secure and protect our Confidential and Sensitive information.  Do not move such documents to other media or cloud solutions, such as box, dropbox, or unencrypted external drives. Can I change a label once applied? Yes, when you change the classification of a label you will be required to select a justification.  Simply choose a justification radio button that is appropriate for the required change. Do sensitivity labels apply to calendar invites and items? No, calendar items and invites are not applicable and cannot have a label applied. What is the difference between using dmusecureemail in the subject line of an email and using the “Confidential” or “Sensitive” Labels? “dmusecureemail” in subject line: Encrypts the email and sends an initial message with an attachment. In order to open the message, the recipient  saves and opens the attachment.  They can authenticate with a Microsoft work or school account or a one time passcode.   Once opened, the message can be copied, printed, or forwarded as an encrypted email. “Confidential Email (Encrypted)”/”Sensitive Email (Encrypted)” Label: Encrypts your message and sends a message with a link to allow the user to authenticate with a one-time passcode or their Microsoft work or school account. Are documents with “Confidential” and “Sensitive” information secure on Sharepoint and OneDrive? Yes. The DMU Information Security teams has completed a thorough security review of Microsoft 365 online and approved it for storing all DMU data, including “Confidential” and “Sensitive” data. Can Sensitivity Labels be used in the Microsoft 365 online as well as the desktop client? Yes.  Sensitivity Labels are available in Microsoft 365 online apps as well as Microsoft Office desktop apps.