Posted in Endpoint Administrator, Microsoft 365 Administrator, MS 365 Enterprise Administrator, MS 365 Modern Desktop Administrator, MS 365 Security Administrator

Microsoft 365 Data Loss Prevention (DLP) Sensitivity Labels

   October 9, 2023

Microsoft 365 Data Loss Prevention (DLP) sensitivity labels in more detail, including their functions, features, configuration steps, and usage examples.

Functions and Features:

  1. Classification: Sensitivity labels allow organizations to classify content based on its sensitivity or confidentiality level. This classification helps users and DLP policies understand how to handle data appropriately.
  2. Protection: Sensitivity labels can apply protection actions to content. These actions include encryption, rights management, and watermarking, ensuring that sensitive data is safeguarded from unauthorized access and sharing.
  3. Visual Marking: Labels can include visual markings on documents and emails, making it visually clear to users that the content is sensitive. Visual markings can include watermarks, headers, and footers, which help users recognize and handle sensitive information appropriately.
  4. Content Inspection: Sensitivity labels can trigger DLP policies, allowing content inspection for sensitive information. When content is classified with a label, DLP policies can enforce actions such as blocking sharing or sending notifications based on label settings.
  5. Consistency Across Services: Sensitivity labels are consistent across various Microsoft 365 services, ensuring that the classification and protection policies are applied consistently in Microsoft Office apps, SharePoint Online, OneDrive for Business, Exchange Online, and Teams.
  6. User-Friendly: Microsoft has designed sensitivity labels to be user-friendly. Users can easily select the appropriate label when creating or editing documents or emails, making it intuitive to classify content.
  7. Audit and Reporting: Sensitivity labels provide auditing and reporting capabilities, allowing administrators to track label usage and policy enforcement. This helps in monitoring and maintaining data protection and compliance.

Configuration Steps:

Step 1: Enable Sensitivity Labels:

  • Log in to the Microsoft 365 admin center.
  • Navigate to “Settings” and select “Services & add-ins.”
  • Click on “Microsoft Azure Information Protection.”
  • Enable sensitivity labels and configure settings according to your organization’s needs.

Step 2: Create Sensitivity Labels:

  • Access the Microsoft 365 Compliance Center.
  • Go to “Classifications” and select “Sensitivity labels.”
  • Create sensitivity labels, defining names, descriptions, visual markings, protection settings, and content marking settings.
  • Customize labels to align with your organization’s classification requirements.

Step 3: Publish Labels:

  • After creating sensitivity labels, publish them to make them available to users.

Step 4: Apply Labels to Content:

  • Users can apply sensitivity labels to documents and emails during content creation or editing. They select the appropriate label from a dropdown menu.

Usage Examples:

Example 1: Protecting Confidential Documents

Imagine an organization wants to protect confidential financial reports containing sensitive financial data. They create a sensitivity label called “Confidential” with these settings:

  • Protection: Encrypt content
  • Visual Marking: Add “Confidential” watermark

Users apply the “Confidential” label to financial reports. When someone tries to share these documents outside the organization, DLP policies enforce the label’s protection settings, encrypting the content to ensure that only authorized users can access it.

Example 2: DLP Integration

An organization uses sensitivity labels to classify sensitive customer information in emails. They configure a DLP policy that detects these labels and enforces actions, such as blocking external sharing of the content. This ensures that customer data is not inadvertently shared with external recipients, enhancing data protection and compliance.

Example 3: Visual Marking for Internal Use

An organization creates a sensitivity label called “Internal Use Only” and applies it to internal documents. The label adds a watermark, header, and footer with the organization’s logo and “Internal Use Only” text. This visual marking makes it clear to employees that the document should not be shared externally, helping to enforce internal-use policies.

Microsoft 365 DLP sensitivity labels provide a versatile and robust solution for classifying, protecting, and controlling sensitive information across various Microsoft 365 services. By configuring and using sensitivity labels effectively, organizations can enhance their data protection and compliance efforts while empowering users to make informed decisions about handling sensitive data.

Share: TwitterFacebookPinterestLinkedin
Author: tonyhughes