156 Views
4 minute read
Categories
Microsoft 365

Part III : Security Assessment and Solutioning with Microsoft 365 Security and Compliance Center

Introduction:

In Blog 1 of this series, Security Assessment and Solutioning with Microsoft 365 Security and Compliance Center- Part 1, we went through in detail about Microsoft 365 Security and Compliance center OOTB reports and what are the potential solutions that may be evolved after analyzing those reports, indicating the current security posture of the enterprise.

In Blog 2, Security Assessment and Solutioning with Microsoft 365 Security and Compliance Center- Part 2, we saw the importance of auto-labeling and how to create a solution to enable auto-classification and auto-labeling in Microsoft 365 environment to secure the different resources in the cloud environment.

In the final blog of the series, we will explore how rule types are chosen and how to choose common rules and advanced rules once you get the workloads where you want to enable auto-labeling.

On the workload page, the rule types must be chosen. You can go with common rules for most common scenarios, but if your assessment is that more advanced level rules are required, then you can opt for advanced rules.

Part III: Security Assessment and Solutioning with Microsoft 365 Security and Compliance Center

Click on next and go for the new rule.

Part III: Security Assessment and Solutioning with Microsoft 365 Security and Compliance Center

Name your rule and select the condition.

There are two options available here:

  1. Content contains sensitive info types
  2. Content is shared
Part III: Security Assessment and Solutioning with Microsoft 365 Security and Compliance Center

We will go with the first option ‘Content contains sensitive info types’

At this stage, you can go with various default sensitive types provided by Microsoft, or if you have created custom sensitive info types, then search it in the box and select that.

Part III: Security Assessment and Solutioning with Microsoft 365 Security and Compliance Center

I have chosen one custom sensitive info type and saved it. You can explore the existing sensitive info types or can create your type from the left navigation option ‘Sensitive info types’.

Part III: Security Assessment and Solutioning with Microsoft 365 Security and Compliance Center

Now Save the rule.

Part III: Security Assessment and Solutioning with Microsoft 365 Security and Compliance Center

Next, once you have saved the rule then it will look like this-

Part III: Security Assessment and Solutioning with Microsoft 365 Security and Compliance Center

Proceed to next.

Now you must ascertain which sensitivity label should be auto-applied when such sensitive types are detected on the chosen SharePoint site. Search the appropriate label and select it.

Part III: Security Assessment and Solutioning with Microsoft 365 Security and Compliance Center

I have selected ‘Internal Only’, so when my sensitive info gets matched on the contents of that site, this label is going to be applied.

Part III: Security Assessment and Solutioning with Microsoft 365 Security and Compliance Center

Add and proceed to the next screen.

Select the default settings and proceed next.

Part III: Security Assessment and Solutioning with Microsoft 365 Security and Compliance Center

At the final stage, review all the settings and click on create policy.

Part III: Security Assessment and Solutioning with Microsoft 365 Security and Compliance Center

Your policy is created now. Please note it can take up to 24 hours to reflect the action defined in the policy.

Explore Automated Solution

You can explore exchange PowerShell modules, which have different commands to automate the above-described manual steps. Visit the official documentation page for details:

Set-AutoSensitivityLabelPolicy -Identity “Custom Rule test 1” -AddSharePointLocation “https://myurl1” -Mode TestWithoutNotifications -ApplySensitivityLabel “Internal Only”

This example creates an auto label policy named “Custom Rule test 1” for the specified SharePoint Online site with the label “Internal Only”.

Final Thoughts

Though we have seen how powerful and elegant the auto-labeling solution can be, it is essential to be aware of some of its disadvantages-

  • This auto-labeling has some lack of precision, so classifying contents based on mere sensitive types sometimes can lead to inaccurate results. It may be possible to get false positive or false negative results in terms of documents having a particular label.
  • License-wise, you should have either Microsoft 365 E5 or Azure Information Protection P2. These capabilities are only included in the above-mentioned subscriptions.
  • Auto-labeling will only work on MS Office files, not .pdf or some other file formats.
  • If you apply ‘Manual Label Applied’, it will never be replaced with auto-labeling. Though automatic labeling can overwrite the default sensitivity label if you have set that in the label policy.
Navoneel Talukdar

About Navoneel Talukdar

Navoneel has around 7+yrs of experience working in Software Development using .Net and SharePoint based applications. He has experience in analysis, design, development, implementation, maintenance and support of applications in the Client Server, Intranet and web enterprise application environments.He worked in Angular 4+ based web applications with asp.net mvc . He holds strong knowledge in creating client side components using Angular.js , Node.js, Knockout .js .

Prior to joining Netwoven, he was working with Cognizant Technology Solutions, Kolkata as Associate - Projects. Navoneel did his B.Tech in Information Technology from Heritage Institute of Technology, West Bengal.

He is presently living in Teghoria with his family. During his leisure time, he enjoys listening to music and reading books.

LinkedinTwitterFacebook

Leave a Reply

Your email address will not be published. Required fields are marked *




Enter Captcha Here :