Blog Post

Security, Compliance, and Identity Blog
5 MIN READ

Microsoft Information Protection: Announcing Enhanced Automatic Classification Capabilities!

Malli1580's avatar
Malli1580
Icon for Microsoft rankMicrosoft
Nov 02, 2021

Microsoft Information Protection: Announcing Enhanced Automatic Classification Capabilities!

Microsoft Information Protection is a built-in, intelligent, unified, and extensible solution to protect sensitive data across your enterprise – in Microsoft 365 cloud services, on-premises, third-party SaaS applications, and more. Microsoft Information Protection provides a unified set of capabilities to know your data, protect your data, and protect against data loss across Microsoft 365 apps (e.g. Word, PowerPoint, Excel, Outlook) and services (e.g. Microsoft Teams, SharePoint, and Exchange).

 

We are excited to announce several key enhancements to the intelligence & built-in capabilities of Microsoft Information Protection across Microsoft 365 applications and services. These capabilities help organizations reduce the number of false positives as they accurately classify ever-increasing amounts of data. These capabilities also increase the coverage of data that is classified as they go across Microsoft 365 services and workloads and will begin to rollout to tenants worldwide soon.

 

Trainable classifiers: With ‘Trainable Classifiers’ organizations can leverage the Microsoft Information Protection classification engine to recognize their unique data. Intelligent classifiers can help you increase coverage and accuracy and reduce false positives. Administrators can now see out-of-the-box classification within the Microsoft 365 Compliance Center’s “content explorer” for nine new trainable classifiers (see Table 1 below). These classifiers categorize data across finance, information technology, tax, contracts, legal, healthcare, human resources, business procurement, and intellectual property. These pre-trained classifiers can be used across information protection to automatically label office documents within Office client apps. They can also be used across Information Governance to apply retention and records management as well as across Communication Compliance to monitor for communication around these categories. 

 

Classifier

Description

Sample content detected by classifier

Business – Finance

Includes Corporate Finance, Accounting, Economy, Banking, Investment topics

Budget proposals, Business analyses, financial statements, proposals, and sales reports

Business – IT

IT and Cybersecurity topics (e.g. Network settings, Information Security, hardware, and software)

Cybersecurity assessments, Incident reports, IT admin documents, and Software specifications

Business – Tax

Tax-related content

Tax planning documents, tax forms, Tax filing, and regulation documents

Business – Contract

Contract-related content

Non-disclosure agreements, statements of work, loan and lease agreements, employment and non-compete agreements

Business – Healthcare

Medical and healthcare administration aspects (e.g. services, diagnoses, treatment, claims, and payment)

Medical records, Health benefit documents, Insurance forms, Prior authorizations, and referral forms

Business – Legal

Includes litigation, legal process, legal obligation, legal terminology, law and legislative issues

Court cases, Corporate bylaws, Legal advice, and documents with terms and conditions

Business - HR

Includes recruitment, interviewing, hiring, training, evaluating, warning, and termination

Job posts, hiring, onboarding and training documents, Payroll documents, and Employee discipline-related content

Business - Procurement

Includes bidding, quoting, purchasing and paying for suppliers and vendors

Quotations, purchase orders, sales orders, delivery orders, and invoices

Business - IP

Relates to confidential information that contains Intellectual Property and trade secrets

Patent applications, documents with non-disclosure content

Table 1: List of new out-of-the-box built-in trainable classifiers

 

Content classified using these new trainable classifiers is visible in the ‘Content Explorer’ tab (Figure 1 below):

 

Figure 1: Content classified using the new Trainable Classifiers in the ‘Content explorer’ tab of the Microsoft 365 Compliance Center

 

Named Entities: We are adding 52 new Sensitive Information Types (SITs) to help administrators classify documents, emails, and chats to look for named entities, which span person names, physical addresses, and medical terms. Examples of these new SITs include 38 country-specific addresses covering the US, EU, and other regions, 10 healthcare-specific entities (e.g. Surgical procedures, brand medication names). This will enable customers to better address several regulatory & compliance scenarios such as GDPR, HIPAA, FINRA, etc. across several countries and geographies. These new entities are available out of the box and provide a view of sensitive data matches against them in the content explorer. They can also be used across the unified policy experiences within Data loss prevention (DLP), Information protection (i.e., auto-labeling), Information governance, and Exact Data Match. Named entities will be supported in Teams chats, SharePoint online, One Drive for Business, Microsoft Defender for Cloud Apps (previously MCAS), and Office clients. In the coming months, this will extend to include support for Exchange emails and endpoint devices and other Microsoft 365 solutions. Content classified using these named entities will be available in the ‘Content explorer’ tab as well (Figure 2 below):

 

Figure 2: Content classified using the new named entities in the ‘Content explorer’ tab

 

Enhanced classification templates: We are introducing 10 enhanced classification templates, which can be used across our Data Loss Prevention, Auto-labeling, and Information governance solutions. These enhanced templates combine entities along with sensitive information types to make it simple to classify and protect data across categories such as financial, healthcare, and privacy.

 

We have also expanded the scope for service-side auto labeling to allow administrators to turn on policies for all SharePoint sites and OneDrive users within their tenants. This scope can be confidently tested within the ‘simulation mode’ before a policy is turned on for the entire tenant. With the recently released co-authoring of protected documents, administrators can even go ahead and confidently turn on encryption with auto labeling as this helps information workers continue to stay productive while the organization applies labels with encryption across their tenant.

  

We are continuously expanding the capabilities of Microsoft Information Protection. Microsoft Information Protection helps you get started in leveraging our solution with our default labels and policies. Explore how our features work and the new insights generated from the default policies. Expand upon these configurations to suit your organization’s needs. Learn more about our default labels and policies

 

Learn more about the required licensing for Microsoft Information Protection. Please note that auto-labeling individual documents stored in team or SharePoint sites require either Microsoft 365 E5 or Compliance E5 or the Information Protection & Governance E5 add-on SKU. If you are new to Microsoft 365, learn how to try or buy a subscription.

 

We are happy to share that there is now an easier way for you to try Microsoft compliance solutions directly in the Compliance Admin Center with a free trial. By enabling the trial in the Compliance center, you can quickly start using all capabilities of Microsoft Compliance, including Insider Risk Management, Records Management, Advanced Audit, Advanced eDiscovery, Communication Compliance, Microsoft Information Protection, Data Loss Prevention, and Compliance Manager.

 

This trial is currently rolling out to tenants worldwide and you can learn more about it here.

 

Maithili Dandige, Partner Group Program Manager, Microsoft 365 Security & Compliance

Updated Nov 03, 2021
Version 2.0
  • Hello Malli1580 

     

    Great news!

    I have one question do we have the list somewhere of the 52 new named entities and a date of availability in tenant?

     

    Thanks in advance

    Christophe

  • Dean_Gross's avatar
    Dean_Gross
    Silver Contributor

    I don't see any changes in the DLP templates. Where are these new Enhance templates?

  • Lazzykiller's avatar
    Lazzykiller
    Copper Contributor

    Hello Team,

     

    I am facing issue while applying AIP label to docx file. when I applied label to downloaded file from internet output file gets corrupted. 

    Can you please help me in this?

     

    Regards,

    Parag Acharekar