Jump to content
Free PC Help Forum
Logging In to Free PC Help Forum Has Changed

Microsoft Purview in the Real World (Jan 20, 2022)

Guest James_Havens

By Guest James_Havens
in Microsoft Support & Discussions

 Share

Recommended Posts

Guest James_Havens

Guest James_Havens

Posted
Posted

mediumvv2px400.png.8a23426c14a4152ddfa63f5c2ba3acd4.png

 

 

 

 

 

Disclaimer

 

 

This document is not meant to replace any official documentation, including those found at docs.microsoft.com. Those documents are continually updated and maintained by Microsoft Corporation. If there is a discrepancy between this document and what you find in the Compliance User Interface (UI) or inside of a reference in docs.microsoft.com, you should always defer to that official documentation and contact your Microsoft Account team as needed. Links to the docs.microsoft.com data will be referenced both in the document steps as well as in the appendix.

 

 

 

All the following steps should be done with test data, and where possible, testing should be performed in a test environment. Testing should never be performed against production data.

 

 

 

Target Audience

 

 

Microsoft customers who want to better understand Microsoft Purview.

 

 

 

Document Scope

 

 

The purpose of this document (and series) is to provide insights into various user cases, announcements, customer driven questions, etc.

 

 

 

 

 

Topics for this blog entry

 

 

Here are the topics covered in this issue of the blog:

 

  • Sensitivity Labels – using them to protect files both in the cloud and on-premises.

 

 

 

Out-of-Scope

 

 

This blog series and entry is only meant to provide information, but for your specific use cases or needs, it is recommended that you contact your Microsoft Account Team to find other possible solutions to your needs.

 

 

 

Sensitivity Labels – protecting data in the cloud and on-prem.

 

 

 

 

Question # 1:

 

Once an organization applies a Sensitivity label to its data, how does it help the organization to secure data?

 

 

 

Response #1:

 

There are multiple ways to protect an organization data in its tenant. Here are a few of to start you thinking:

 

 

 

 

Question #2:

 

Are there any other advantages of labelling the data like may be in Insider Risk Module to prioritize incidents or any other use case?

 

 

 

Response #2:

 

  • Insider Risk Management (IRM) is more of a reporting and monitoring tool that provides context concerning what data has been accessed, modified, sent, deleted etc. It provides no protection on its own. Its uses are more related to looking at user behavior related to data, building investigations, and policies around those interactions. - Learn about insider risk management - Microsoft Purview (compliance) | Microsoft Learn
  • An organization can attach Sensitivity labels to IRM policies and use those Sensitivity labels to determine prioritization of label activity. As there is a lot of nuance to how this is configured and utilized. It is recommended you contact your Microsoft Account team to find out more about IRM and how it can be used to improve your data security and data security policies.

 

 

 

Question #3:

 

To use manual labeling and enable sensitivity button MS Office, does an organization need to enroll/onboard device, and if yes, how? If an organization already has MDE installed on our endpoint so do we need to still onboard end user devices?

 

 

 

Response #3:

 

  • Onboarding is for a) Defender for Endpoint functionality, b) Data Loss Prevention functionality, and c) sending telemetry back to the Unified Audit log your organization’s the tenant. If a device has been onboarded for one of those reasons, it will be able to apply Sensitivity Labels via Microsoft Office.
  • For Sensitivity Labeling in M365 (Teams, SHPT, OneDrive, Exchange) an organization’s users can do everything directly in the cloud. No on-boarding is needed.
  • Automatic labeling of the cloud files/emails can be without onboarding.
  • For Sensitivity Labeling on Computers/Laptops, an organization can provide its users 2 options:

 

 

 

 

 

Questions #4:

 

Does Purview agent scan on-prem file servers/NAS as well?

 

 

 

Response #4:

 

The “classical” AIP Scanner (which is part of the Purview tools) can run against on-prem file serves and NAS devices.

 

Here are some links related to this question, from an information perspective. on the AIP Scanner and his NAS subject request.

 

 

 

What is Azure Information Protection (AIP)? | Microsoft Learn

 

Download & install the Azure Information Protection unified labeling client | Microsoft Learn

 

Best practices for deploying and using the AIP UL scanner - Microsoft Community Hub – This is a blog from one of the Microsoft developers. Look specifically at the “Network Scan Jobs” section for NAS related questions.

 

 

 

 

 

Appendix and Links

 

 

Learn about built-in labeling and the AIP unified labeling client - AIP | Microsoft Learn

 

 

 

Learn about insider risk management - Microsoft Purview (compliance) | Microsoft Learn

 

 

 

Design a Data loss prevention policy - Microsoft Purview (compliance) | Microsoft Learn

 

 

 

Apply encryption using sensitivity labels - Microsoft Purview (compliance) | Microsoft Learn

 

 

 

What is Azure Information Protection (AIP)? | Microsoft Learn

 

 

 

Download & install the Azure Information Protection unified labeling client | Microsoft Learn

 

 

 

Best practices for deploying and using the AIP UL scanner - Microsoft Community Hub

 

Continue reading...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...