Microsoft runs on trust. With digital data growing exponentially, online threats becoming very sophisticated, and remote work necessary, it is more important than ever to safeguard your corporate data.
At Microsoft, our goal is to provide a built-in, intelligent, unified, and extensible solution to protect sensitive data across your enterprise – in Microsoft 365 cloud services, on-premises, third-party SaaS applications, and more. With Microsoft Information Protection, we are building a unified set of capabilities for classification, labeling, and protection across Microsoft 365 apps (Word, PowerPoint, Excel, Outlook) and productivity services like OneDrive, SharePoint, Teams, and Exchange.
Sensitivity labels are central to how your business-critical data can be protected using Microsoft Information Protection. You can create a sensitivity label and associate it with protection like encryption and visual marking. Label-applied protection will persist with the file wherever it goes.
You can start by empowering your users to manually label documents and emails in Office apps across a wide range of platforms (e.g. Windows, Mac, iOS, Android and online). Learn more here on how to enable this manual classification. However, users may forget to label manually or label sensitive data inaccurately. Relying on users alone to manually classify corporate data using labels is not sufficient. The scalable approach is to automatically discover, label, and protect sensitive data. To help you achieve that, we are excited to announce the general availability of automatic classification with sensitivity labels in SharePoint, OneDrive, and Exchange.
You can create an auto-labeling policy with rules tailored for your organization’s sensitive data, targeting specific locations in your enterprise. A policy can either be in simulation or active mode. You can run the policy first in simulation mode and if the results satisfy your organization’s needs then you can proceed and publish the policy.
Figure 1. Auto label policy across two modes: simulation and active modes
With our 100+ out-of-the-box sensitive information types and ability to create custom ones, you have the flexibility to tailor the auto-labelling policy to specific sensitive information types. You can also scope the policy to a specific SharePoint site or OneDrive account or Exchange mailbox.
Policy Simulator provides insight into policy effectiveness and enables you to simulate in your production environment with real data with no impact on end users until the policy is published.
Figure 2. Auto labelling policy simulation mode results
Auto classification with sensitivity labels, along with Policy Simulator, is a powerful capability that enable organizations to automatically designate eligible Excel, PowerPoint, Word files, and emails as sensitive in a scalable way.
Your users can search for content within these protected documents, coauthor using Office web apps and be assured that the protection will persist even after the documents are downloaded. This way your security needs are in harmony with your user’s productivity needs.
As a Microsoft 365 customer, you can turn on this feature in Microsoft 365 compliance center. To learn more about this feature, please read our online documentation. This advanced capability is included with Microsoft 365 SKUs (E5, E5 Compliance and E5 Information Protection & Governance) and Office 365 E5 SKU. You can learn more about our licensing here.
As you navigate this challenging time, we have additional resources to help. For more information about securing your organization in this time of crisis, visit our Remote Work site. We’re here to help in any way we can.
Sesha Mani, Principal Group Product Manager, Microsoft