Sensitivity labels offer identity-based and location-based access control for your sensitive data, which is a crucial part of managing and protecting information. This involves creating a sensitivity label that delineates the application and security needs of different datasets.
To create a sensitivity label in Microsoft 365, follow these steps:
- Go to the Microsoft 365 compliance center and select ‘Classification > Sensitivity labels’.
- Click ‘Create a label’, then type a name for your label.
- Set the permissions for the label, and determine if it should encrypt data and restrict access. Here, one can also choose to add a watermark, header, footer, or choose whether to allow this label to be changed manually by users.
- Next, configure the scope of the label: which apps and services will enforce this label?
With the sensitivity label created, an organization can now decide how it will be applied to data.
Sensitivity label policies
Sensitivity label policies allow you to control how labels are used within your organization. There are three main types of policies you can choose:
- Mandatory Label Policy: This policy requires all documents and emails to have a sensitivity label.
- Default Label Policy: This policy sets up a certain sensitivity label as the default for all emails and documents, although the user can change it.
- Automatic Labeling Policy: This policy has the system automatically apply a sensitivity label based on the content of the document or email.
Example of creating a sensitivity label policy
Here’s how you can configure a sensitivity label policy:
- In the Microsoft 365 compliance center, go to ‘Sensitivity Labels > Label policies’.
- Click ‘Create a policy’, then select what type of policy you want to create.
- Provide a name and description for the policy, then specify the locations where the policy will be applied (e.g. SharePoint, Teams).
- For Mandatory and Default policies, select the label to be used. For an Automatic policy, configure the conditions that will trigger the label’s application.
- Lastly, select the users or groups the policy applies to, then click ‘Create policy’ to finish.
While configuring the sensitivity label policy, ensure that sensitivity labels are suited to the organization’s data management needs and that they sufficiently protect sensitive data from unauthorized access.
Managing sensitivity labels
Managing sensitivity labels often involves modifying the existing labels, creating new ones, and deleting unnecessary ones. The monitoring of label usage helps ensure that the sensitivity labels meet the organization’s data protection needs.
Use the analytics provided in Microsoft 365 compliance center > Reports > Label activity explorer. This tool provides insights into how your labels are being used, so you can adjust your policies accordingly.
In conclusion, effectively managing and configuring sensitivity label policies is crucial for the data security of an organization. As a SC-400 Microsoft Information Protection Administrator, understanding the practical application of these features is essential. By effectively using and managing these labels, an organization can protect its sensitive data, comply with regulations, and maintain informational privacy.
Practice Test
True or False: Sensitivity labels in Office 365 allow you to classify and protect sensitive content.
- True
- False
Answer: True
Explanation: Sensitivity labels in Office 365 enable you to classify and protect your sensitive content, providing an effective method for managing information and ensuring its security and compliance.
When configuring sensitivity labels in Office 365, is it necessary to specify label permissions?
- True
- False
Answer: True
Explanation: When you configure sensitivity labels, you define protection settings such as encryption and marking, which help in defining permissions for the labelling process.
True or False: You cannot use sensitivity labels in combination with data loss prevention policies to add a layer of protection to sensitive content.
- True
- False
Answer: False
Explanation: Sensitivity labels can indeed be used in conjunction with data loss prevention policies, providing an additional layer of protection for sensitive content.
What is the primary purpose of sensitivity labels?
- A. To label emails as spam
- B. To classify and protect content
- C. To add metadata to files
- D. None of the above
Answer: B. To classify and protect content
Explanation: Sensitivity labels primarily serve to classify and protect sensitive content across different applications.
True or False: Once applied, a sensitivity label cannot be changed or removed.
- True
- False
Answer: False
Explanation: Sensitivity labels can be changed or removed based on overall data management and protection needs.
Which Office applications support sensitivity labels?
- A. Word
- B. Excel
- C. PowerPoint
- D. All of the above
Answer: D. All of the above
Explanation: Sensitivity labels are supported across all major Office applications – Word, Excel, and PowerPoint.
True or False: Sensitivity labels can enforce encryption on labeled content.
- True
- False
Answer: True
Explanation: One of the key functions of sensitivity labels is the ability to enforce encryption on the labeled content, adding an extra level of data protection.
What is the role of sensitivity label policies?
- A. Defining how labels are implemented
- B. Tracking changes made to labeled content
- C. Conducting a content audit
- D. None of the above
Answer: A. Defining how labels are implemented
Explanation: Sensitivity label policies define how labels are implemented by configuring conditions and settings based on organization needs.
True or False: You don’t need to publish a sensitivity label for it to be visible to users.
- True
- False
Answer: False
Explanation: In order for a sensitivity label to be visible to users, you need to publish it.
Which of the following factors can trigger automatic labeling?
- A. Content containing specific words or phrases
- B. Content that matches certain patterns
- C. Content that holds specific types of sensitive information
- D. All of the Above
Answer: D. All of the Above
Explanation: Automatic labeling can be triggered by all these factors – content containing specific words/phrases, content matching certain patterns, or content holding certain types of sensitive information.
True or False: Sensitivity labels can only be applied manually by users.
- True
- False
Answer: False
Explanation: Sensitivity labels can be both manually applied by users and automatically applied based on organization-defined rules and conditions.
What happens when a sensitivity label with encryption is applied to an email?
- A. It prevents unauthorized access
- B. It locks the email content
- C. It delivers the email to spam
- D. It deletes the email
Answer: A. It prevents unauthorized access
Explanation: When a sensitivity label with encryption is applied to an email, it helps in preventing unauthorized access to that email.
True or False: Sensitivity labels can apply visual markings, such as headers, footers or watermarks.
- True
- False
Answer: True
Explanation: Sensitivity labels can append visual markings, such as headers, footers, or watermarks, to a document, email, or other piece of content.
Sensitivity labels can be created in _______
- A. Office 365 security and compliance center
- B. Azure Portal
- C. Windows Control Panel
- D. Task Manager
Answer: A. Office 365 security and compliance center
Explanation: Sensitivity labels are created within the Office 365 security and compliance center as part of the information protection settings.
True or False: Sensitivity labels can help in legal hold and retention of data.
- True
- False
Answer: True
Explanation: Sensitivity labels can add value during the retention and deletion process of data, and also aid in legal hold procedures by helping to classify content.
Interview Questions
What is the purpose of sensitivity labels in Microsoft Information Protection?
Sensitivity labels in Microsoft Information Protection are used to classify and protect business data while ensuring it is tracked and controlled.
How can an administrator assign a sensitivity label?
An administrator can manually assign a sensitivity label or configure policies for their automatic application based on content within documents or emails.
Where can an organization use sensitivity labels?
Sensitivity labels can be used across various Microsoft 365 services, including SharePoint, OneDrive, Exchange, and Teams.
Can we use sensitivity labels with content stored in third-party cloud providers?
No, as of now, sensitivity labels are not supported for content stored in third-party cloud providers.
What is a sensitivity label policy and what is its purpose?
A sensitivity label policy is essentially a group of conditions that determines how sensitivity labels are applied to documents and emails. They are used to manage and apply sensitivity labels across an organization based on the company’s data protection needs.
How can we modify a sensitivity label policy?
A sensitivity label policy can be modified in the Microsoft 365 Compliance Centre by navigating to “Information Protection” section and selecting the policy you wish to modify.
Is it possible to apply multiple sensitivity labels to a document or email?
No, only one sensitivity label can be applied to a document or email.
What happens if a user tries to remove a sensitivity label from a protected document or email?
If a user tries to remove a sensitivity label, they will be warned and may be required to provide a justification, depending on the settings configured by the administrator.
Can a user change the sensitivity label applied to an email or document?
Yes, a user can change the sensitivity label of an email or document unless the administrator has set up a policy to prevent it.
In which formats can labels be published?
Labels can be published in two formats- either as label policies or as part of an information protection policy.
Can sensitivity labels be applied to containers such as Teams, Groups, and Sites?
Yes, sensitivity labels can be applied to containers, extending the reach of sensitivity labels from individual files and emails to different containers.
How are sensitivity labels stored in documents and emails?
Sensitivity labels are stored in the metadata of documents and emails, which allows them to persist with the content even when it’s shared outside your organization.
If a previously unlabeled document is labeled, are previous versions of the document in SharePoint or OneDrive labeled as well?
No, previous versions of the document are not retroactively labeled. Only the current and future versions of the document will have the label.
What is automatic labeling and how it is useful?
Automatic labeling means that the system automatically apply a sensitivity label to documents and emails based on its content. It is useful in ensuring that all sensitive content is labeled and protected, even if a user forgets to manually apply a label.
Can sensitivity labels enforce encryption on files?
Yes, sensitivity labels can be used to enforce encryption on sensitive documents and emails, basically protecting against unauthorized access.
extutorials.com