cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Best Praticies for Implementing Permissions

voneil
Copper Contributor

‎Aug 21 2020 07:53 AM

‎Aug 21 2020 07:53 AM

Best Praticies for Implementing Permissions

Greetings,

 

I'm looking for best practices in implementing Permissions in SharePoint that allows us to ensure we have protocols in place to secure PII and other confidential information. 

746 Views
0 Likes
3 Replies
Reply
3 Replies
PeterRising

‎Aug 21 2020 12:26 PM

‎Aug 21 2020 12:26 PM

Re: Best Praticies for Implementing Permissions

@voneil 

 

Hi, I would suggest beginning with DLP policies in the Security and Compliance Center at https://protection.office,com 

 

You can configure based on built in sensitive information types including PII.  I'd recommend starting with a small pilot groups of users and also set some policies in test mode with notifications to get going.

1 Like
Reply
Chris Webb

‎Aug 21 2020 02:52 PM

‎Aug 21 2020 02:52 PM

Re: Best Praticies for Implementing Permissions

DLP policies are good for catching data in documents or preventing data from being shared with PII with others in the company or outside your company etc. but not really prevent people from seeing the data in documents etc.

If you want to keep documents secured to certain groups at rest etc. you will want to look into the direction of sensitivity labels. You can apply labels to to documents and if you have the proper licensing can also apply these labels automatically based on logic. But these labels can have policies applied to them to prevent access etc. to these documents.

More about labels can be found here: https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-with-sensitivity-labels?view=o...
1 Like
Reply
PeterRising

‎Aug 21 2020 11:41 PM

‎Aug 21 2020 11:41 PM

Re: Best Praticies for Implementing Permissions

@Chris Webb 

 

Yes, absolutely agree on Sensitivity Labels.  I always begin with DLP, then look at Sensitivity labels next.

 

@voneil - if you want to look into Sensitivity Labels in addition to DLP, you will need to ensure that you have additional licensing for it.  You will need either AIP P1, EM+S E3, or M365 E3 to implement Sensitivity labelling, or if you wanted the more advanced features - which include auto labelling, and the availability of the AIP scanner to protect on-premises content, then you will need EM+S E5 or M365 E5.  There was previously a separate AIP P2 subscription for this, but Microsoft have recently discontinued this one.

0 Likes
Reply