Posted in Endpoint Administrator, Microsoft 365 Administrator, MS 365 Enterprise Administrator, MS 365 Modern Desktop Administrator, MS 365 Security Administrator

Microsoft 365 Data Loss Prevention (DLP) Sensitivity Label Policies

   October 9, 2023

Microsoft 365 Data Loss Prevention (DLP) Sensitivity Label policies are a comprehensive feature that allows organizations to classify and protect sensitive information within documents and emails. These policies provide a robust set of features and functions to safeguard data while ensuring compliance with data protection regulations. Below, I’ll explain in detail the features, functions, and steps for creating and configuring Sensitivity Label policies, along with usage examples.

Features and Functions of Sensitivity Label Policies:

  1. Content Classification: Sensitivity Label policies enable organizations to classify content based on its sensitivity, confidentiality, or importance.
  2. Protection Settings: You can apply protection settings to content, including encryption, rights management, and access controls, ensuring that sensitive data is safeguarded against unauthorized access or sharing.
  3. Visibility and Label Assignment: Sensitivity Label policies provide a clear indicator of the sensitivity level, making it easy for users to recognize and handle sensitive content appropriately. Labels can be automatically applied or manually selected by users.
  4. Auditing and Reporting: Microsoft 365 offers auditing and reporting capabilities to track the usage and enforcement of Sensitivity Label policies, providing insights into how they are applied and accessed.
  5. Integration with Office Apps: Sensitivity Label policies are integrated with Microsoft Office apps, such as Word, Excel, PowerPoint, and Outlook, allowing users to apply labels when creating or editing documents and emails.
  6. Automatic Detection and Protection: DLP policies can be configured to automatically detect and protect content labeled with sensitivity labels, enforcing actions based on policy settings.

Creation and Configuration of Sensitivity Label Policies:

Step 1: Enable Sensitivity Labels:

  • In the Microsoft 365 admin center, navigate to “Settings” and select “Services & add-ins.”
  • Click on “Microsoft Azure Information Protection.”
  • Enable sensitivity labels and configure settings according to your organization’s needs.

Step 2: Create Sensitivity Labels:

  • Access the Microsoft 365 Compliance Center.
  • Go to “Classifications” and select “Sensitivity labels.”
  • Create sensitivity labels, specifying names, descriptions, visual markings, protection settings, and content marking settings.
  • Customize labels to align with your organization’s classification requirements.

Step 3: Create a Sensitivity Label Policy:

  • In the Microsoft 365 Compliance Center, go to “Classifications” and select “Sensitivity label policies.”
  • Create a new Sensitivity Label policy.
  • Specify the labels included in the policy and their settings.
  • Define the scope of the policy (e.g., SharePoint, OneDrive, Exchange Online).
  • Configure actions for detected sensitivity labels (e.g., block sharing, encrypt content).

Step 4: Apply the Policy:

  • After creating the Sensitivity Label policy, apply it to specific users, groups, or locations within your organization.

Usage Example:

Scenario: Protecting Financial Reports

  1. Create Sensitivity Label:
    • Create a Sensitivity Label called “Confidential Financial” with the following settings:
      • Protection: Encrypt content
      • Visual Marking: Add “Confidential” watermark
  2. Create Sensitivity Label Policy:
    • Create a Sensitivity Label policy named “Financial Data Protection” that includes the “Confidential Financial” label.
    • Configure the policy to apply to SharePoint Online sites and OneDrive accounts.
  3. Apply the Policy:
    • Apply the “Financial Data Protection” policy to specific SharePoint sites and OneDrive accounts where financial reports are stored.
  4. Usage:
    • Users create or upload financial reports to SharePoint or OneDrive.
    • When financial reports are labeled as “Confidential Financial,” the Sensitivity Label policy automatically encrypts the content and adds a “Confidential” watermark.
    • Attempted sharing of these reports with external users is blocked, ensuring data protection and compliance.

By creating and configuring Sensitivity Label policies, organizations can effectively classify and protect sensitive data, enhancing data security and compliance efforts while providing users with a straightforward way to handle sensitive content.

Share: TwitterFacebookPinterestLinkedin
Author: tonyhughes