Before we start, please note that if you want to see a table of contents for all the sections of this blog, you can locate them at the following URL:
Microsoft Purview and Modern Work (Part 1) - Overview
This document is not meant to replace any official documentation, including those found at docs.microsoft.com. Those documents are continually updated and maintained by Microsoft Corporation. If there is a discrepancy between this document and what you find in the Compliance User Interface (UI) or inside of a reference in docs.microsoft.com, you should always defer to that official documentation and contact your Microsoft Account team as needed. Links to the docs.microsoft.com data will be referenced both in the document steps as well as in the appendix.
All of the following steps should be done with test data, and where possible, testing should be performed in a test environment. Testing should never be performed against production data.
The Information Life Cycle Management section of this blog series is aimed at Security and Compliance and Modern Work officers who need to properly label data, encrypt it where needed.
This blog and document are meant to help an IT administrator who is looking to secure their data throughout the lifecycle of the data.
It is presumed that you already have a basic understanding of the Purview tools and the Modern Work tools (including Exchange, Teams, SharePoint and OneDrive).
This document does not cover configuring any of the below, ie. Holding your hand through the process of configuration”, as that is covered via other blogs, official Microsoft documents, or through the aid of Microsoft implementation teams or Microsoft partners:
This blog entry is only addressing Collaboration (creation, usage, sharing of files and SharePoint/Teams Sites), not Communication (emails, teams chats, etc).
After each section of this blog, I will make a note of which of the 3 parts of the CIA Triad that Microsoft tool will help you meet. Here are a few examples.
Example #1 –
CIA component – Integrity & Availability
Example #2 –
CIA component – Confidentiality & Availability
Example #3 –
CIA component – Integrity
First, when it comes to protected data, we need to take a moment to make sure that SharePoint specific data controls are enabled. Although we will not go into use cases or configuration on these, you should be aware that where to find these controls.
Go to sharepoint.com. Click on Polices - Sharing
On the right side, you will see sliders that control content sharing.
Below that you will see More External Sharing Settings.
Below that, you will see controls around Link Sharing and other seetings.
Access Controls
Go to sharepoint.com. Click on Polices – Access Controls
On the right side, you will see various options for controlling access to your SharePoint data. Navigate these controls and investigation what options are available to your organization.
Move to the next section where we will address the Purview Specific workloads with your SharePoint, Teams, and OneDrive platform.
Here we will map the Lifecycle of the data (Create -> Use -> Retain -> Delete) of files and data to OneDrive, SharePoint Sites and Team Sites.
When looking at the Information Lifecycle, it is important to understand which Purview tools map to which collaboration activities within that Information Lifecycle. Here is a high-level map.
As this is a bit of an eye chart, we will look at each stage of the Information Lifecycle individually.
Please note that Use & Retain are placed together as these tend to be interchangeable.
Create (data)
In the Create phase of ILM, here are the recommended Purview Tools.
In the Create phase of ILM, here are the SharePoint-based workloads.
Use & Retain (data)
In the Use & Create phase of ILM, here are the recommended Purview Tools.
In the Use & Create phase of ILM, here are the SharePoint-based workloads.
Destroy (data)
In the Delete phase of ILM, here are the recommended Purview Tools.
In the Delete phase of ILM, here are the SharePoint-based workloads.
We will now move to look at SharePoint Sites and specific Purview workloads that can be mapped to data within that platform.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.