Before we start, please not that if you want to see a table of contents for all the sections of this blog and their various Purview topics, you can locate the in the following link:
Microsoft Purview- Paint By Numbers Series (Part 0) - Overview - Microsoft Tech Community
This document is not meant to replace any official documentation, including those found at docs.microsoft.com. Those documents are continually updated and maintained by Microsoft Corporation. If there is a discrepancy between this document and what you find in the Compliance User Interface (UI) or inside of a reference in docs.microsoft.com, you should always defer to that official documentation and contact your Microsoft Account team as needed. Links to the docs.microsoft.com data will be referenced both in the document steps as well as in the appendix.
All of the following steps should be done with test data, and where possible, testing should be performed in a test environment. Testing should never be performed against production data.
The Information Protection section of this blog series is aimed at Security and Compliance officers who need to properly label data, encrypt it where needed.
This document is meant to guide an administrator who is “net new” to Microsoft E5 Compliance through.
We will be running PowerShell scripts to allow the Secirity and Compliance portal to access labeling in SharePoint Sites and Teams Containers.
It is presumed that you already have a Sensitive Information Type that you want to use in your Information Protection policy. For the purposes of this document, I will use a copy of the U.S. Social Security Number (SSN) called “U.S. SSN – Numbers Only” that I created in Part 1 of this blog series.
This document does not cover any other aspect of Microsoft E5 Compliance, including:
It is presumed that you have a pre-existing of understanding of what Microsoft E5 Compliance does and how to navigate the User Interface (UI).
It is also presumed you are using an existing Information Types (SIT) or a Exact Data Match (EDM) you have created for your testing.
We will not be working with pre-existing Teams sites.
At this stage, we will not be creating, publishing or adding labels to a SharePoint Site or Teams Containr. That will be done in Part 2b of this blog series “Adding a Sensitivity Label to a Container and/or Site”
If you wish to set up and test any of the other aspects of Microsoft E5 Compliance, please refer to Part 1 of this blog series (listed in the link below) for the latest entries to this blog. That webpage will be updated with any new walk throughs or Compliance relevant information, as time allows.
Create a Sensitivity Label and apply it to a Microsoft Team. This will apply the protection of a Sensitivity Label to protect the files within a Microsoft Team.
a. Install-Module AzureADPreview
b. Import-Module AzureADPreview
c. Connect-AzureAD (this last command will ask for an administrative account
a. $setting = (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ)
b. $template = Get-AzureADDirectorySettingTemplate -Id 62375ab9-6b52-47ed-826b-58e47e0e304b
c. $setting = $template.CreateDirectorySetting()
d. note - you might need to run these individually as compared to being part of PS script
a. In a Command Prompt, check your settings with this command. It should look like the following with 3 Falses at the top and then 3 Trues at the bottom.
b. $Setting.Values
a. $Setting["EnableMIPLabels"] = "True
a. $Setting.Values
a. New-AzureADDirectorySetting -DirectorySetting $setting
a. Install-Module ExchangeOnlineManagement
a. Import-Module ExchangeOnlineManagement
b. Note – you will need to allow for scripts to be run.
a. Get-ExecutionPolicy -List
a. Set-ExecutionPolicy Unrestricted
a. Get-ExecutionPolicy -List
b. Note – documentation on the Get0ExecutionPolicy PowerShell script is in the Appendix and Links section below.
a. Connect-IPPSSession -UserPrincipalName username UPN. <UPN> is your account in user principal name format (ex admin@companyx.com )
a. Execute-AzureAdLabelSync
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.