Before we start, please not that if you want to see a table of contents for all the sections of this blog and their various Purview topics, you can locate the in the following link:
Microsoft Purview- Paint By Numbers Series (Part 0) - Overview - Microsoft Tech Community
This document is not meant to replace any official documentation, including those found at docs.microsoft.com. Those documents are continually updated and maintained by Microsoft Corporation. If there is a discrepancy between this document and what you find in the Compliance User Interface (UI) or inside of a reference in docs.microsoft.com, you should always defer to that official documentation and contact your Microsoft Account team as needed. Links to the docs.microsoft.com data will be referenced both in the document steps as well as in the appendix.
All of the following steps should be done with test data, and where possible, testing should be performed in a test environment. Testing should never be performed against production data.
The Information Protection section of this blog series is aimed at Security and Compliance officers who need to properly label data, encrypt it where needed.
This document is meant to guide an administrator who is “net new” to Microsoft E5 Compliance through.
We will be discussing multiple Sensitivity Labels and how they work.
It is presumed that you already have a Sensitive Information Type that you want to use in your Information Protection policy. For the purposes of this document, I will use a copy of the U.S. Social Security Number (SSN) called “U.S. SSN – Numbers Only” that I created in Part 1 of this blog series.
It is presumed that you already have multiple Sensitivity labels created for your testing.
This document is only meant to be an introduction to the topic of multiple Sensitivity labels. Always refer back to official Microsoft documentation or your Microsoft account team for the latest information.
This document does not cover any other aspect of Microsoft E5 Compliance, including:
It is presumed that you have a pre-existing of understanding of what Microsoft E5 Compliance does and how to navigate the User Interface (UI).
It is also presumed you are using an existing Information Types (SIT) or an Exact Data Match (EDM) that you have created for your testing.
We will not be covering the auto-labeling of data at rest. That will be covered in another blog post and those auto-labeling policies should not be done until after you have locked down your Sensitivity labeling of all “net new” data.
If you wish to set up and test any of the other aspects of Microsoft E5 Compliance, please refer to Part 1 of this blog series (listed in the link below) for the latest entries to this blog. That webpage will be updated with any new walk throughs or Compliance relevant information, as time allows.
Here is an example of how you might lay out 4 Sensitivity labels from the least restrictive to the most restrictive Sensitivity label.
Note – These applications labels will be based on which Sensitive Information Types (SITs) are associated with each. We will not be covering these at this time because we are presuming you have configured your labels previously.
Look at the following screenshot of 4 Sensitivity label policies and their order
Order |
Label name |
Priority of Sensitivity Label policy |
0 |
Public Document Policy |
Least Restrictive |
1 |
Internal Document Policy |
Second Least Restrictive |
2 |
Secret Document Policy |
Second Most Restrictive |
3 |
Top Secret Document Policy |
Most Restrictive |
Here is an example of how you might lay out a “default” Sensitivity label policy and then layer on stricter Sensitivity labels policies based on the amount of Sensitive Information Types (SITs) found in a file/email.
Regard the following screenshot of 3 Sensitivity label policies and their order
Order |
Label |
Numbers pieces of PHI data |
0 |
Default |
0 |
1 |
Sensitive |
1 |
2 |
Highly Confidential |
2 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.