Configuring and publishing auto-labelling policies is an integral aspect of Microsoft Information Protection (MIP). These policies assist organizations in identifying, classifying, and protecting sensitive information across various services, both in Microsoft 365 environment and beyond. It forms a crucial part of the SC-400: Microsoft Information Protection Administrator examination.
Understanding Auto-Labelling Policies
Auto-labeling is a feature provided by Microsoft to automatically classify and label data based on the sensitive information types it contains. You can create and configure policies that apply these labels either in Exchange Online (for emails), SharePoint Online (for documents), and OneDrive for Business (for files).
Furthermore, these auto-labelling policies also extend to files located on Windows devices via the Windows Information Protection (WIP) client. Therefore, administrators have the power to enforce data classification and protection across a multitude of digital landscapes.
Steps to Configure Auto-Labelling Policies
Before we delve into the specific details, it is crucial to note that only the Global administrators or Compliance administrators have the rights to configure these policies. Here is a step-by-step process to configure auto-labeling policies:
- Access the Compliance Portal: Sign in to Microsoft 365 compliance center and navigate to the ‘Data classification’ > ‘Auto-labeling’ tab.
- Create a New Policy: Click on ‘Create auto-labeling policy’. Here you can provide a name and description for the policy.
- Choose Locations: Here, you can select where you want this policy to apply. Choices range from Exchange email, SharePoint, OneDrive, or Teams chat and channel messages.
- Configure Rules: Configure the specific conditions for this policy to apply a label automatically. You can choose from multiple sensitive information types or use keyword queries. You can also add more than one condition and decide if ALL conditions must be met or ANY one of them.
- Assign a Label: Choose the sensitivity label that would be automatically applied when the predefined conditions are met.
- Review and Test the Policy: Microsoft provides the option to simulate the policy without actually applying the labels. It is a great way to validate and refine your policy before it goes live.
- Deploy the Policy: Finally, set the policy to ‘On’ to activate it.
On successful deployment, the auto-labelling policy starts scanning and labelling content based on the pre-defined rules.
Final Words
Being able to configure and publish auto-labelling policies is a vital skill for a Microsoft Information Protection Administrator. The above instructions should provide you with a basic understanding of how to set these up, ensuring you can effectively control and protect sensitive information in your organization’s digital ecosystem. Remember, regular review and tweaking of these policies is key to ensuring their ongoing effectiveness against a dynamic data landscape.
As you prepare for the SC-400 examination, have a hands-on approach and practice creating multiple auto-labelling policies to gain a deep understanding of this feature.
Practice Test
True or False: Auto-labeling policies in Microsoft Information Protection are used to automate the classification of data across your digital estate.
- True
- False
Answer: True
Explanation: Auto-labeling policies do help in automating the classification of your data across your digital environment thereby supporting effective data governance strategy.
Multiple Select: Which of the following can be done when configuring auto-labelling policies?
- a) You define conditions based on sensitive information types.
- b) You can specify where to apply the policy.
- c) You don’t need to specify a default sensitivity label, it’s optional.
- d) You can specify how often to reevaluate the content that matches the conditions
Answer: a), b), d)
Explanation: When configuring auto-labelling policies, you must specify a default sensitivity label, it’s not optional.
True or False: Setting the confidence level and instance count to high and low values respectively would result in more items auto-labeled as the policy conditions will be met more easily.
- True
- False
Answer: True
Explanation: Adjusting these settings allow you to control the sensitivity of the policy. Having a high confidence level would mean that only content that strongly matches the policy will be labelled, while a low instance count would mean that less instances are needed to trigger the policy.
Multiple Select: Which product does support auto-labelling policies?
- a) Microsoft Teams
- b) SharePoint Online
- c) Microsoft OneNote
- d) Microsoft OneDrive
Answer: b), d)
Explanation: SharePoint Online and Microsoft OneDrive do support auto-labelling policies, however, Microsoft Teams and OneNote currently do not.
Single Select: What should you specify when configuring an auto-labelling policy?
- a) Mail Flow rules
- b) Sensitivity label
- c) Audit log search
- d) Information barrier policies
Answer: b) Sensitivity label
Explanation: Configuring an auto-labeling policy involves specifying a default sensitivity label. The label determines the type of protection that’s enforced on content and it’s mandatory for configuring auto-labelling policies.
True or False: Auto-labelling policies cannot be applied to locations.
- True
- False
Answer: False
Explanation: Auto-labelling policies can absolutely be applied to locations, such as SharePoint Online sites, OneDrive accounts, and Exchange email.
Single Select: Can auto-labelling policies be deployed without testing?
- a) Yes
- b) No
Answer: b) No
Explanation: Before deploying the auto-labelling policies, you should always test them to validate their effectiveness and make sure they are working as expected.
Multiple Select: Which steps can take place when publishing an auto-labelling policy?
- a) Selecting sensitive information types
- b) Choosing locations
- c) Deciding default sensitivity tags
- d) Assigning a threat protection policy
Answer: a), b), c)
Explanation: When publishing an auto-labeling policy you select sensitive information types, choose where to apply the policy, and decide on default sensitivity labels. Assigning a threat protection policy is not part of this process.
True or False: OneDrive and SharePoint Online support only one auto-labelling policy.
- True
- False
Answer: True
Explanation: OneDrive and SharePoint Online currently support a maximum of one auto-labeling policy each.
Single Select: What is the first step before configuring an auto-labelling policy?
- a) Configuring sensitivity labels
- b) Setting up mail flow rules
- c) Setting up information barrier policies
- d) Conducting an audit log search
Answer: a) Configuring sensitivity labels
Explanation: Before creating an auto-labeling policy, you should have already defined and published your sensitivity labels.
Interview Questions
What are the main steps in configuring and publishing an auto-labeling policy?
The main steps are: 1) Creating a label, 2) Defining the rules for the label, 3) Choosing an action to take when content matches the rules, 4) Testing the auto-labeling policy, 5) Publishing the policy.
Can you name some sensitive information types that your organization can use in your policy to auto-label files with sensitive info?
Yes, some of the sensitive information types can be financial (Credit Card Number, Bank Account Numbers), personal (Passport Number, Social Security Number), and medical information (Medical Record Number).
What is the purpose of auto-labeling policy?
The main purpose of auto-labeling policy is to automatically apply labels to documents and emails that contain sensitive information. This helps the organization manage and protect its sensitive data.
What does it mean to ‘simulate’ an auto-labeling policy?
Simulating an auto-labeling policy means performing a “dry run” of the policy to see what type of content would be affected if the policy was actually enforced. It allows organizations to see potential impacts of the policy without actually enforcing it.
Who can create and manage auto-labeling policy?
Only the global administrator or compliance administrator with the Microsoft 365 compliance center permissions can create and manage auto-labeling policies.
Is it possible to auto-label content in Teams, Yammer, and Skype for Business?
No, you can’t auto-label content in Microsoft Teams, Yammer, or Skype for Business.
What kinds of tests can be done once you’ve configured an auto-labeling policy?
You can perform a simulation which will not apply the label, but will simply report what it finds. You can also opt to run a test where the policy will go ahead and apply labels, but only to a limited number of locations.
Can an auto-labeling policy be paused or stopped once it’s published?
Yes, auto-labeling policies can be paused, resumed, or completely stopped at any time after publishing.
What actions can be chosen for the Auto-labeling policy once the content matches the rules?
Actions that can be chosen are: Apply the label without protection, Apply the label with protections, Justify the usage of a lower classification, or User must classify the content.
Is it possible to apply labels to existing files and emails when a new auto-labeling policy is published?
Yes, you can choose to auto-label existing files and emails by selecting the “Retroactive labeling” option when you publish the auto-labeling policy.
Can you apply multiple labels to a single document through auto-labeling?
No, only one label can be applied to a document or an email through auto-labeling.
How can you ensure approved users stick to the policies once an auto-labeling policy is published?
You can set up a policy tip, which will appear in Microsoft 365 apps to guide users to the correct labeling.
What is the prerequisite to configure auto-labeling policy?
To configure auto-labeling, you need an Office 365 E5/A5 or Microsoft 365 E5/A5 subscription.
Can you monitor the auto-leveling activities after the policy is published?
Yes, auto-labeling activities can be monitored through label analytics, which provide insights about how the labels are being applied.
What are label policies in terms of auto-labeling?
Label policies are a set of rules that define how labels are applied across your organization. They help in the automatic application of labels to the sensitive content.