224 Views
4 minute read
Categories
Microsoft 365

Part II : Security Assessment and Solutioning with Microsoft 365 Security and Compliance Center

Introduction:

We hope you had the chance to read our previous blog on the subject, Security Assessment and Solutioning with Microsoft 365 Security and Compliance Center- Part 1, in which we explored Microsoft 365 Security and Compliance center OOTB reports and the potential solutions that may be evolved after analyzing those reports, indicating the current security posture of the enterprise. 

In this blog we are going to see how to create solution to enable auto classification and auto labelling in Microsoft-365 environment to secure the different resources in the cloud environment.  

Auto classification with sensitivity labels, provides organizations with the capability to automatically designate protection based on the sensitive type in a scalable way. 

Why is Auto-labelling required 

With predefined sensitive information types and ability to create custom ones, you have the flexibility to create and tailor the auto-labelling policy to specific sensitive information types. You can also scope the policy to a specific SharePoint site or OneDrive or Exchange mailbox. These policies can automatically label files at rest and emails in transit based on the rules you have set. 

Advantages of Auto-classification 

  • No need to train people in an organization to classify sensitive documents, emails, etc. This covers both office apps and workloads like SharePoint, Exchange, OneDrive etc. 
  • Trainable classifiers can be employed to auto-classify documents, emails, etc. 
  • Classification is taken care based on the created policies at the security centre and contents are segregated based on the sensitivity of the information. 

Diving into solution 

At the Microsoft Protection Center, you can explore the relevant settings required to create an auto labelling solution as in the below screenshot. 

Security Assessment and Solutioning with Microsoft 365 Security and Compliance Center

Under sensitivity labels section, you must create some sensitivity labels and publish them first. After creating a few sensitivity labels, we are going to look at how to create an auto labelling policy. 

Refer this link to enable the sensitivity labels in your tenant. 

Run this powershell command to enable the settings- Set-SPOTenant -EnableAIPIntegration $trueNext,click on “Auto-labelling” as shown below. It is self-explanatory how the labelling policy is going to be applied on various workloads based on the sensitivity type. 

Security Assessment and Solutioning with Microsoft 365 Security and Compliance Center

Auto labelling has two methods by which it works: 

  1. Client side – When users are working in an office app like work, excel etc or emails system will examine the contents and propose a label to apply which user can accept or reject. This client side labelling can be configured in the sensitivity label settings. Based on the sensitive information type you attach with the label setting, that label is going to be proposed if the content has the matching sensitive information. If you create/edit any sensitivity label, you can see the same settings described above.
  2. Server side – When the content/workload is already saved in SharePoint/OneDrive/Exchange the labels get applied automatically, without any user intervention.
Security Assessment and Solutioning with Microsoft 365 Security and Compliance Center

Next, click on “Create auto labelling policy” to create a new policy. A Server side labelling policy can be configured like this. 

Take any loaded template or go with a new custom policy. Loaded templates are examples of different countries’ default sensitivity types. A custom template has been chosen. 

Security Assessment and Solutioning with Microsoft 365 Security and Compliance Center

On clicking next, name the policy and specify description if desired

Security Assessment and Solutioning with Microsoft 365 Security and Compliance Center

On next click, you get the workloads where you want to enable auto labelling. 

I have chosen SharePoint and enabled that; I have added one site here for testing. 

Security Assessment and Solutioning with Microsoft 365 Security and Compliance Center

In the next part  of this series, we will see how Rule types are chosen. Watch this space forSecurity Assessment and Solutioning with Microsoft 365 Security and Compliance Center- Part 3’ 

Navoneel Talukdar

About Navoneel Talukdar

Navoneel has around 7+yrs of experience working in Software Development using .Net and SharePoint based applications. He has experience in analysis, design, development, implementation, maintenance and support of applications in the Client Server, Intranet and web enterprise application environments.He worked in Angular 4+ based web applications with asp.net mvc . He holds strong knowledge in creating client side components using Angular.js , Node.js, Knockout .js .

Prior to joining Netwoven, he was working with Cognizant Technology Solutions, Kolkata as Associate - Projects. Navoneel did his B.Tech in Information Technology from Heritage Institute of Technology, West Bengal.

He is presently living in Teghoria with his family. During his leisure time, he enjoys listening to music and reading books.

LinkedinTwitterFacebook

Leave a Reply

Your email address will not be published. Required fields are marked *




Enter Captcha Here :