Figure 1: Our default labels we recommend you use
The second tip, Create sub-labels for your key departments , is also quite important. It’s the ‘pressure release valve’ for all those folks who gave you a hard time with your inflexible stance on Tip #1! Here, you create sub-labels for those departments that are special. For example, HR, Legal, and Finance are all quite special in that they handle very sensitive materials. Give them a sub-label. This makes it trivial for someone to classify data as Finance \ Highly Confidential.
Figure 2: Use sub-labels for key departments
If you’re a large company, you may find yourself with a lot of special people; it generally comes with the territory. That’s perfectly fine. For those teams who are less mainstream than the above trio of HR/Legal/Finance, you can support them with the capabilities we call out in our third tip, Use scoped policies for the needs of specialized teams . Scope policies enable you to control who can see what sub-labels (recall that we’re asking you to maintain a consistent set of labels!) and they also let you offer specialty behaviors. For example, using scoped labels for HR lets you set their default to be Confidential whereas you can maintain General as the default classification for the more normal people in your organization. Here’s an example of my view given I was part of a special secret team called ‘Project Samos’.
Figure 3: Use scoped policies for specialized teams
As shown in the video, no one but those who are part of the Project Samos user group would see this template. Here’s the administrative user interface where you specify the group membership filter:
Figure 4: The admin view of scoped policies
Tip four is a simple one: Encourage the right behavior . This tip is really about enabling you to take risk with very low cost if you make mistakes. Let’s explain what that means. Automatic classification is always wonderful but in complex systems rarely does automatic work the way you’d expect. Over use of automatic classification can frustrate your users. Instead, rely on recommendations so that you can make mistakes.
Figure 5: Encourage the right behaviors with recommendations
Learn the system, review the Azure Information Protection (AIP) application logs and when you get a really high percentage of accuracy, then – and only then – should you consider using automatic. We’d also suggest that a ‘really high percentage’ is better than 98 of 100 accurate classification. Recommendations are your friend! When ready, simply change the setting at the bottom of figure 6.
Figure 6: Conditions are content detection rules and can be either recommended or automatic
The fifth tip is to Safeguard Email Communications . We’re going to save that for another post. Turns out that those of you stuck on S/MIME will have a much harder time migrating and we’ll have a lot to write about that.
With the above said, let’s cover those second order considerations:
Consideration #1 – How can I perform a scoped deployment of the above?
This one is easy. Simply do the following:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.