Microsoft Information Protection: Announcing Enhanced Automatic Classification Capabilities!
Microsoft Information Protection is a built-in, intelligent, unified, and extensible solution to protect sensitive data across your enterprise – in Microsoft 365 cloud services, on-premises, third-party SaaS applications, and more. Microsoft Information Protection provides a unified set of capabilities to know your data, protect your data, and protect against data loss across Microsoft 365 apps (e.g. Word, PowerPoint, Excel, Outlook) and services (e.g. Microsoft Teams, SharePoint, and Exchange).
We are excited to announce several key enhancements to the intelligence & built-in capabilities of Microsoft Information Protection across Microsoft 365 applications and services. These capabilities help organizations reduce the number of false positives as they accurately classify ever-increasing amounts of data. These capabilities also increase the coverage of data that is classified as they go across Microsoft 365 services and workloads and will begin to rollout to tenants worldwide soon.
Trainable classifiers: With ‘Trainable Classifiers’ organizations can leverage the Microsoft Information Protection classification engine to recognize their unique data. Intelligent classifiers can help you increase coverage and accuracy and reduce false positives. Administrators can now see out-of-the-box classification within the Microsoft 365 Compliance Center’s “content explorer” for nine new trainable classifiers (see Table 1 below). These classifiers categorize data across finance, information technology, tax, contracts, legal, healthcare, human resources, business procurement, and intellectual property. These pre-trained classifiers can be used across information protection to automatically label office documents within Office client apps. They can also be used across Information Governance to apply retention and records management as well as across Communication Compliance to monitor for communication around these categories.
|
Classifier |
Description |
Sample content detected by classifier |
|
Business – Finance |
Includes Corporate Finance, Accounting, Economy, Banking, Investment topics |
Budget proposals, Business analyses, financial statements, proposals, and sales reports |
|
Business – IT |
IT and Cybersecurity topics (e.g. Network settings, Information Security, hardware, and software) |
Cybersecurity assessments, Incident reports, IT admin documents, and Software specifications |
|
Business – Tax |
Tax-related content |
Tax planning documents, tax forms, Tax filing, and regulation documents |
|
Business – Contract |
Contract-related content |
Non-disclosure agreements, statements of work, loan and lease agreements, employment and non-compete agreements |
|
Business – Healthcare |
Medical and healthcare administration aspects (e.g. services, diagnoses, treatment, claims, and payment) |
Medical records, Health benefit documents, Insurance forms, Prior authorizations, and referral forms |
|
Business – Legal |
Includes litigation, legal process, legal obligation, legal terminology, law and legislative issues |
Court cases, Corporate bylaws, Legal advice, and documents with terms and conditions |
|
Business - HR |
Includes recruitment, interviewing, hiring, training, evaluating, warning, and termination |
Job posts, hiring, onboarding and training documents, Payroll documents, and Employee discipline-related content |
|
Business - Procurement |
Includes bidding, quoting, purchasing and paying for suppliers and vendors |
Quotations, purchase orders, sales orders, delivery orders, and invoices |
|
Business - IP |
Relates to confidential information that contains Intellectual Property and trade secrets |
Patent applications, documents with non-disclosure content |
Table 1: List of new out-of-the-box built-in trainable classifiers
Content classified using these new trainable classifiers is visible in the ‘Content Explorer’ tab (Figure 1 below):
Figure 1: Content classified using the new Trainable Classifiers in the ‘Content explorer’ tab of the Microsoft 365 Compliance Center
Named Entities: We are adding 52 new Sensitive Information Types (SITs) to help administrators classify documents, emails, and chats to look for named entities, which span person names, physical addresses, and medical terms. Examples of these new SITs include 38 country-specific addresses covering the US, EU, and other regions, 10 healthcare-specific entities (e.g. Surgical procedures, brand medication names). This will enable customers to better address several regulatory & compliance scenarios such as GDPR, HIPAA, FINRA, etc. across several countries and geographies. These new entities are available out of the box and provide a view of sensitive data matches against them in the content explorer. They can also be used across the unified policy experiences within Data loss prevention (DLP), Information protection (i.e., auto-labeling), Information governance, and Exact Data Match. Named entities will be supported in Teams chats, SharePoint online, One Drive for Business, Microsoft Defender for Cloud Apps (previously MCAS), and Office clients. In the coming months, this will extend to include support for Exchange emails and endpoint devices and other Microsoft 365 solutions. Content classified using these named entities will be available in the ‘Content explorer’ tab as well (Figure 2 below):
Figure 2: Content classified using the new named entities in the ‘Content explorer’ tab
Enhanced classification templates: We are introducing 10 enhanced classification templates, which can be used across our Data Loss Prevention, Auto-labeling, and Information governance solutions. These enhanced templates combine entities along with sensitive information types to make it simple to classify and protect data across categories such as financial, healthcare, and privacy.
We have also expanded the scope for service-side auto labeling to allow administrators to turn on policies for all SharePoint sites and OneDrive users within their tenants. This scope can be confidently tested within the ‘simulation mode’ before a policy is turned on for the entire tenant. With the recently released co-authoring of protected documents, administrators can even go ahead and confidently turn on encryption with auto labeling as this helps information workers continue to stay productive while the organization applies labels with encryption across their tenant.
We are continuously expanding the capabilities of Microsoft Information Protection. Microsoft Information Protection helps you get started in leveraging our solution with our default labels and policies. Explore how our features work and the new insights generated from the default policies. Expand upon these configurations to suit your organization’s needs. Learn more about our default labels and policies
Learn more about the required licensing for Microsoft Information Protection. Please note that auto-labeling individual documents stored in team or SharePoint sites require either Microsoft 365 E5 or Compliance E5 or the Information Protection & Governance E5 add-on SKU. If you are new to Microsoft 365, learn how to try or buy a subscription.
We are happy to share that there is now an easier way for you to try Microsoft compliance solutions directly in the Compliance Admin Center with a free trial. By enabling the trial in the Compliance center, you can quickly start using all capabilities of Microsoft Compliance, including Insider Risk Management, Records Management, Advanced Audit, Advanced eDiscovery, Communication Compliance, Microsoft Information Protection, Data Loss Prevention, and Compliance Manager.
This trial is currently rolling out to tenants worldwide and you can learn more about it here.
Maithili Dandige, Partner Group Program Manager, Microsoft 365 Security & Compliance