- Who We Serve
- How We Help
- Platform Features
- Why Orchestry
Updated June 2023
Compliance is a team sport and it is everyone’s responsibility in an organization.
We need to understand that it is more than a technical problem and must be tackled with more tools and processes than technical controls. So, it is time to go beyond the accountability of IT professionals and ensure end-users are also working in a compliant manner. It is pivotal to ensure that your digital workplace is equipped with governance, automation, training, in-the-moment help, and consistency, to adhere to long-term compliance policies.
Sensitivity labels are one great way to maintain protection and compliance in your Microsoft 365 environment and throughout the organization as well. Let us explore this further and understand how to put Sensitivity Labels to good use in Microsoft 365.
Microsoft Information Protection (MIP) is a construct for which data protection is rolled out across Microsoft 365 and central to this is a service called Data Classification Service. With data classification, you can build and identify your own sensitive information types. Part of that and your own organization’s data classification scheme is Sensitivity Labels.
Underneath all these layers there is a lot of groundwork that goes in before you can define your Sensitivity Labels. Conveniently, Sensitivity Labels can be applied across Microsoft 365 applications and services and numerous devices that use these apps.
There are some real security concerns that keep executives and business owners up at night, such as, is the data we are working with is protected? Discerning sensitive data from not sensitive data, ensuring data security at all times, and many others are all on the list. Sensitivity Labels, if implemented correctly, take care of these and thus, provide a more restful sleep, by:
If you are looking to articulate a path to compliance and what you want from it, then you need to communicate this four-step path with your compliance and risk teams:
1. Know Your Data –> 2. Protect Your Data –> 3. Prevent Data Loss –> 4. Govern Your Data
In this blog, we will be going over the first two stages of the compliance path and discussing how they tie into Sensitivity Labels.
It is important to understand your data landscape and identify important data across your hybrid environment.
You need to know what data your users are working within all of the collaboration tools that they are using. Out-of-the-box Microsoft tools can help identify sensitive information types in your environment.
The power of data identification is that you can define the data type once in a unified location and use it across a number of tools in the backend such as Sensitivity Label conditions, Retention Label Policy conditions, Data Loss Prevention (DLP) conditions, and Microsoft cloud app security.
Additionally, you can scale your identification by using trainable classifiers. These come with the option to create custom ones or use pre-built ones provided by Microsoft.
Knowing your data is not enough, you also must be able to monitor what you know. The Data Classification in Microsoft 365 compliance interface is an effective way to gain insight into your environment.
For a guided experience to understanding your data and the role of Sensitivity Labels, watch our webinar session recording featuring Joanne C. Klein:
Data protection keeps your data secure as it travels inside and outside your organization. Although there are many tools in the backend that would be considered compliance control options as part of the MIP solution, Sensitivity Labels play an integral role.
Let’s focus on the protection of your sensitive information wherever it lives and any exchange that takes place between these collaboration assets – Exchange, Microsoft Teams, SharePoint and OneDrive.
Tip: 5 -6 parent Sensitivity Labels are enough and you can add sub-labels, if required. If you are going over that then you need to regroup to define what are the distinguishing controls between all those labels.
Files/Emails: Sensitivity Labels can be applied to manage content markings, encryption, right management, client-side auto-apply, and service side auto-apply.
Auto-labeling client-side: This is based on sensitive types detected at the moment, and can be applied while using or editing documents, or while composing emails. This kind of label can be automatically applied or recommended to the user.
Auto-labelling service-side: These are based on sensitive types detected in content at rest, such as in SharePoint or OneDrive. It helps if users forget to set a label, and can be applied at scale.
Groups/Sites: In this case, Sensitivity Labels control privacy settings, guest access, device access, & external sharing.
Data: Sensitivity labels are used across Azure Purview, files in azure blob storage, files in azure lake data storage, and several database columns.
Once labels are applied you can see them across your Microsoft 365 applications.
Note: When you apply a sensitivity label to an MS Teams team, it is not automatically copied over to each file shared in that team, therefore, to get granular you need to apply Sensitivity Labels at the file level separately.
To make this process simpler for you, we have this wildly helpful checklist to guide you through the creation and implementation of a Sensitivity Labels:
Most organizations are not using Microsoft 365 to its full potential.
Orchestry makes Microsoft 365 simple for all users.
Orchestry is an adoption and governance platform that allows End Users, Workspace Owners, IT admins and organizations to take full advantage of Microsoft 365.
To see Orchestry in action, request a demo!