Blog Post

Healthcare and Life Sciences Blog
7 MIN READ

Microsoft Purview and Modern Work (Part 2c) - Teams Sites and Files

James_Havens's avatar
James_Havens
Icon for Microsoft rankMicrosoft
Dec 08, 2022

 

 

 

Before we start, please note that if you want to see a table of contents for all the sections of this blog, you can locate them at the following URL:

Microsoft Purview and Modern Work (Part 1) - Overview

 

 

Disclaimer

This document is not meant to replace any official documentation, including those found at docs.microsoft.com.  Those documents are continually updated and maintained by Microsoft Corporation.  If there is a discrepancy between this document and what you find in the Compliance User Interface (UI) or inside of a reference in docs.microsoft.com, you should always defer to that official documentation and contact your Microsoft Account team as needed.  Links to the docs.microsoft.com data will be referenced both in the document steps as well as in the appendix.

 

All of the following steps should be done with test data, and where possible, testing should be performed in a test environment.  Testing should never be performed against production data.

 

Target Audience

The Information Life Cycle Management section of this blog series is aimed at Security and Compliance and Modern Work officers who need to properly label data, encrypt it where needed.

 

Document Scope

This blog and document are meant to help an IT administrator who is looking to secure their data throughout the lifecycle of the data.

It is presumed that you already have a basic understanding of the Purview tools and the Modern Work tools (including Exchange, Teams, SharePoint and OneDrive).

 

Out-of-Scope

This document does not cover configuring any of the below, ie. Holding your hand through the process of configuration”, as that is covered via other blogs, official Microsoft documents, or through the aid of Microsoft implementation teams or Microsoft partners:

  • Audit
  • Communications Compliance
  • Compliance Manager
  • Data Classification (Sensitive Information Types)
  • Data Classification (Exact Data Matching)
  • Data Classification (Trainable Classifiers)
  • Data Lifecycle Management (retention and disposal)
  • Data Protection Loss (DLP) for Exchange, OneDrive, Devices, etc
  • Information Barriers
  • Information Protection (labeling, encrypting, watermarking, etc of files)
  • Insider Risk Management
  • Microsoft Defender for Cloud Apps (MDCA)
  • Privacy Management (Priva)
  • Records Management (retention and disposal)
  • Standard or Premium eDiscovery

 

Notes

After each section of this blog, I will make a note of which of the 3 parts of the CIA Triad that Microsoft tool will help you meet.  Here are a few examples.

 

Example #1 –

 CIA component – Integrity & Availability

 

Example #2 –

 CIA component – Confidentiality & Availability

 

Example #3 –

 CIA component – Integrity

 

 

Mapping Purview to Teams Files and Sites

For this part of the blog, I have broken down the Purview workloads, mapped them to the Teams File/Site activity, and then mapped those to the corresponding stage of the Information Lifecycle.

Here is the high-level view of this mapping.

 

 

 

 

Please note I’ve added a new stage to the Information Lifecycle and called it Pre-data creation.  This was done to help show that Microsoft Auditing is always enabled within your Microsoft tenant.

 

After each Purview workload, you will find a CIA triad “indicator” to show which part of the triad Purview is supported.  In addition, you will also find assorted links to assorted Microsoft documents or blog postings that can help you enable that functionality in your environment, presuming you are appropriately licensed.

 

Pre-data Creation

  1. Premium Audit (email/file) – It is recommended that this be enable before all functionality to watch all data activity in your environment.

Microsoft Purview Audit (Premium) - Microsoft Purview (compliance) | Microsoft Learn

 CIA component – Confidentiality & Integrity

 

 

 

Create (data)

  1. Premium Audit (email/file) – This watches the creation, user, searching, labeling (sensitivity and Retention labels), etc. of all data in your tenant.

Microsoft Purview Audit (Premium) - Microsoft Purview (compliance) | Microsoft Learn

 CIA component – Confidentiality & Integrity

 

  1. Information Protection (Sensitivity Label) (email/file/site) – This tool applies encryption, watermarking, access, editing, etc. based on a user’s credentials either in your tenant or associated with your tenant.  There are two ways that this tool can apply labels:
    1. Automatic Sensitivity labeling – This is done by the tool reasoning over data that exists or being created and applies a sensitivity label based on what it finds.
    2. Manual Sensitivity labeling – This is done by the user who applies a sensitivity label based what they see or have placed in that file/email.

Learn about sensitivity labels - Microsoft Purview (compliance) | Microsoft Learn

 

Microsoft Purview- Paint By Numbers Series (Part 2)- Information Protection - Microsoft Community Hub

 CIA component – Confidentiality & Integrity

 

  1. Data Lifecycle Management / Records Management (Retention Label) (email/file) – This tool applies retention based on what is inside of an email/file.  There are two ways that this tool can apply labels:
    1. Automatic Retention labeling - This is done by the tool reasoning over data that exists or being created and applies a retention label based on what it finds.
    2. Manual Retention labeling – This is done by the user who applies a retention label based what they see or have placed in that file/email.

Learn about Microsoft Purview Data Lifecycle Management - Microsoft Purview (compliance) | Microsoft Learn

 

Records management for documents and emails in Microsoft 365 - Microsoft Purview (compliance) | Microsoft Learn

 

Microsoft Purview - Paint By Numbers Series (Part 4) - Records Management - Microsoft Community Hub

 CIA component – Integrity

 

 

 

 

Use & Retain (data)

  1. Premium Audit (email/file) – This is always logging interactions with files/emails.

Microsoft Purview Audit (Premium) - Microsoft Purview (compliance) | Microsoft Learn

 

 CIA component – Confidentiality & Integrity

 

  1. Data Loss Prevention (email/file) – This blocks sending emails/chats/data/files to the wrong individuals or organizations. 
    1. Example - your organization and your organization’s primary competitor.

Learn about data loss prevention - Microsoft Purview (compliance) | Microsoft Learn

 

Microsoft Purview - Paint By Numbers Series (Part 3) - Data Loss Protection for Exchange - Microsoft Community Hub

 

 CIA component – Confidentiality &Integrity

 

  1. Information Protection (Sensitivity Labels) – This allows for manual/automatic sensitivity labeling of existing data OR changing sensitivity label of an existing label.
    1. An example of this would be encrypting files so only your Business partners can read the files using a user profile associated with your Azure Active Directory.  All other credentials, personal, competitor, etc. would be blocked from accessing the data.

Learn about sensitivity labels - Microsoft Purview (compliance) | Microsoft Learn

 

Microsoft Purview- Paint By Numbers Series (Part 2)- Information Protection - Microsoft Community Hub

 CIA component – Confidentiality & Integrity

 

  1. Data Lifecycle Management / Records Management (Retention label) (file/email) – These tools provide for either manual or automatic retention labeling of existing unlabeled data OR change the retention label of existing labels.
    1. Examples include applying a 7 year retention to PHI for HIPAA regulations, or changing a 7 year retention label to a 3 year retention when data within a file has been changed.

Learn about Microsoft Purview Data Lifecycle Management - Microsoft Purview (compliance) | Microsoft Learn

 

Records management for documents and emails in Microsoft 365 - Microsoft Purview (compliance) | Microsoft Learn

 

Microsoft Purview - Paint By Numbers Series (Part 4) - Records Management - Microsoft Community Hub

 CIA component – Integrity

 

  1. Insider Risk Management (email/file) – This tool tracks data movement, deletion, changes in labels, exfiltration, etc  and maps it to user behavior.  If needed, this tool can hand collected information (emails, files, users name, etc) to eDiscovery as a case.
    1. An example of this would be a user tendering their resignation, and you see a sudden spike in their downloading corporate data to a USB stick.

Learn about insider risk management - Microsoft Purview (compliance) | Microsoft Learn

 

Microsoft Purview - Paint By Numbers Series (Part 6) – Insider Risk Management - Overview - Microsoft Community Hub

 CIA component – Confidentiality

 

  1. eDiscovery (email/file) – With this tool you can search, collect, sift, hold, review, and export data for legal/compliance/HR/forensics investigations.

Microsoft Purview eDiscovery solutions - Microsoft Purview (compliance) | Microsoft Learn

 

Microsoft Purview - Paint By Numbers Series (Part 5) - Advanced eDiscovery - Microsoft Community Hub

 CIA component – Integrity

 

 

Destroy (data)

  1. Premium Audit (email/file) – This watches the deletion of emails/files.

Microsoft Purview Audit (Premium) - Microsoft Purview (compliance) | Microsoft Learn

 CIA component – Confidentiality & Integrity

 

  1. Insider Risk Management (email/file) – This tool tracks data movement, deletion, changes in labels, exfiltration, etc. and maps it to user behavior.  If needed, this tool can hand collected information (emails, files, users name, etc) to eDiscovery as a case.

 

Learn about insider risk management - Microsoft Purview (compliance) | Microsoft Learn

 CIA component – Confidentiality

 

  1. Data Lifecycle Management / Records Management (Retention label) (file/email) – These tools provide for either manual or automatic retention labeling of existing unlabeled data OR change the retention label of existing labels.

Learn about Microsoft Purview Data Lifecycle Management - Microsoft Purview (compliance) | Microsoft Learn

 

Records management for documents and emails in Microsoft 365 - Microsoft Purview (compliance) | Microsoft Learn

 

Microsoft Purview - Paint By Numbers Series (Part 4) - Records Management - Microsoft Community Hub

 CIA component – Integrity

 

 

 

 

Next Steps

We will now move to look at Communications as a whole before looking at specific Purview workloads that can be mapped to data within the platforms of Exchange emails and Teams Messaging and Streams.

 

 

Appendix and Links

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Updated Dec 05, 2022
Version 1.0
No CommentsBe the first to comment