Before we start, please not that if you want to see a table of contents for all the sections of this blog and their various Purview topics, you can locate the in the following link:
This document is not meant to replace any official documentation, including those found at docs.microsoft.com. Those documents are continually updated and maintained by Microsoft Corporation. If there is a discrepancy between this document and what you find in the Compliance User Interface (UI) or inside of a reference in docs.microsoft.com, you should always defer to that official documentation and contact your Microsoft Account team as needed. Links to the docs.microsoft.com data will be referenced both in the document steps as well as in the appendix.
All of the following steps should be done with test data, and where possible, testing should be performed in a test environment. Testing should never be performed against production data.
The Information Protection section of this blog series is aimed at Security and Compliance officers who need to properly label data, encrypt it where needed.
This document is meant to guide an administrator who is “net new” to Microsoft E5 Compliance through.
We will be covering the auto-labeling of data at rest.
It is presumed that you already have a Sensitive Information Type that you want to use in your Information Protection policy. For the purposes of this document, I will be using a previously created Data Classification called “Automatic_Label_Contoso_medical”. The keyword I am tracking within that data classifier is “Contoso_medical”. I am doing this to avoid labeling any files by accident by using an out-of-the-box classifier. For information on how you create your own data classifier, refer back to “Part 1 – Sensitivity Information Types” of this blog series.
This document is only meant to be an introduction to the topic of multiple Sensitivity labels. Always refer back to official Microsoft documentation or your Microsoft account team for the latest information.
This document does not cover any other aspect of Microsoft E5 Purview, including:
It is presumed that you have a pre-existing of understanding of what Microsoft E5 Compliance does and how to navigate the User Interface (UI).
For details on licensing (ie. which components and functions of Purview are in E3 vs E5) you will need to contact your Microsoft Security Specialist, Account Manager, or certified partner.
We will first set up our automatic label.
If at the “Create your automatic label section above”, you clicked, Automatically apply label to sensitive content, proceed to the test label on new file/email sections below.
If you did NOT click Automatically apply label to sensitive content above, then go to the “Publish your automatic policy” section below.
If you are not sure, if you policy was created, you can find that out by doing the following.
If needed, you can set up your automated labeling policy. You do this by doing the following:
Do the following to change from simulation mode to “enabled” mode or vice versa.
To know what files/emails would be labeled if your automatic labeling policy had actually run, you will need to go to the following location.
Note – Remember that it can take several days for your tenant to start reporting back on existing data matching your policy. This is due to back data processing and indexing that we will not discuss at this time.
Note #1 – You should pre-populate your test SharePoint sites, OneDrive sites with data that possess your SIT data (ex. “constoso_medical”).
Note #2 – For emails, you need to send those after your policy is created for them to be seen by your automatic labeling policy.
Before we start our file and email tests, remember that labels and policies can take a while to replicate throughout your tenant. One hour is usually a good amount of time to wait, but it might be quicker or slower to populate based on several variables in your tenant we will not cover at this time. With that understanding, let us move on to our testing.
We will now test this automatic label against a newly created email.
Note: This solution is a sample and may be used with Microsoft Compliance tools for dissemination of reference information only. This solution is not intended or made available for use as a replacement for professional and individualized technical advice from Microsoft or a Microsoft certified partner when it comes to the implementation of a compliance and/or advanced eDiscovery solution and no license or right is granted by Microsoft to use this solution for such purposes. This solution is not designed or intended to be a substitute for professional technical advice from Microsoft or a Microsoft certified partner when it comes to the design or implementation of a compliance and/or advanced eDiscovery solution and should not be used as such. Customer bears the sole risk and responsibility for any use. Microsoft does not warrant that the solution or any materials provided in connection therewith will be sufficient for any business purposes or meet the business requirements of any person or organization.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.