Creating and using a keyword dictionary in data classification is a significant aspect of data loss prevention (DLP) in Microsoft 365. This especially applies to the SC-400 Microsoft Information Protection Administrator exam, which requires proficiency in the implementation, management, and monitoring of Microsoft 365 compliance solutions.
Creating a Keyword Dictionary
Keyword dictionaries serve as a simple method to detect and protect sensitive data. A keyword dictionary is a file with a list of words or phrases that need monitoring when located in content. If these keywords are found, certain actions can be taken to ensure the protection and compliance of this content.
To create a keyword dictionary, follow these steps:
- In the Microsoft 365 compliance center, go to “Data classification.”
- Under “Classifications,” select “Sensitive info types.”
- Select “Create info type.”
- Provide a name and description for your custom keyword dictionary.
- Under “Element,” select “Dictionary” and click on “Add an element.”
- Upload a CSV file that contains the list of keywords you want to include.
- Set up the ‘Confidence level’ and ‘Supporting elements’ as per your requirements.
- Review your settings and click “Create.”
Using a Keyword Dictionary
With a keyword dictionary, you can create data loss prevention (DLP) policies in Microsoft 365. These policies help identify, monitor, and automatically protect sensitive information across Microsoft 365.
To use a keyword dictionary in a DLP policy:
- In the Microsoft 365 compliance center, go to “Policies.”
- Select “Create Policy” and choose “Data loss prevention.”
- Provide a name and description for your policy.
- Specify the locations where you want the policy to be enforced.
- Under “Define policy settings,” click on the “Rules” section, and choose “Add a rule.”
- In the “Conditions” section, select sensitive info types and choose the keyword dictionary you made.
- Define the actions to be taken when sensitive info is detected.
- Review your settings and click “Create.”
Using a keyword dictionary significantly contributes to the efficiency of data classification and information protection. It allows for sensitive information to be appropriately identified, categorized, and protected, ensuring data compliance within an organization.
Example
Say, for example, an organization wants to monitor any mention of specific projects (Project Alpha, Beta, and Gamma) within its internal communication. A keyword dictionary containing these project names can be created.
Upon creation, this keyword dictionary can be integrated into a DLP policy that scans all documents and emails. If any content is detected containing these keywords, the system can warn the user, notify an administrator, or even block the content from being shared, according to the defined actions.
This way, keyword dictionaries help in enhancing the overall security posture of the organization and ensure that sensitive data is appropriately protected. They are a valuable tool in preparing for and succeeding in the SC-400 Microsoft Information Protection Administrator exam.
Practice Test
A keyword dictionary in Microsoft 365 Compliance center is a collection of keywords or phrases that are relevant for particular policies.
- a) True
- b) False
Answer: a) True
Explanation: A keyword dictionary is used to define a list of words or phrases that you want to track or use in various features in the Microsoft 365 Compliance center.
To create a keyword dictionary, you must have the role of Information Protection Administrator or Compliance Administrator.
- a) True
- b) False
Answer: a) True
Explanation: Only users with Information Protection Administrator or Compliance Administrator roles have the permissions to create a keyword dictionary.
Which of the following roles cannot create a keyword dictionary in Microsoft 365 Compliance center?
- a) Information Protection Administrator
- b) Compliance Administrator
- c) Security Reader
- d) Content manager
Answer: c) Security Reader, d) Content Manager
Explanation: Only Information Protection Administrator and Compliance Administrator roles can create a keyword dictionary. Security Reader and Content manager do not have the necessary permissions.
More than one keyword dictionaries can exist at the same time in Microsoft 365 Compliance center.
- a) True
- b) False
Answer: a) True
Explanation: There can be multiple keyword dictionaries in Microsoft 365 Compliance center that may be used for different policies.
A keyword dictionary can consist a combination of words, phrases, or alphanumeric characters.
- a) True
- b) False
Answer: a) True
Explanation: A keyword dictionary for Microsoft 365 Compliance center can be compiled of words, phrases, or alphanumeric characters.
Choose the correct steps for creating a keyword dictionary.
- a) Go to Microsoft 365 Compliance center
- b) Click on ‘Data classification’
- c) Click on ‘Labeling’
- d) Click on ‘+ Create’ under ‘Dictionaries’
- e) Fill in the requested information and click ‘Next’
Answer: a) Go to Microsoft 365 Compliance center, b) Click on ‘Data classification’, d) Click on ‘+ Create’ under ‘Dictionaries’, e) Fill in the requested information and click ‘Next’
Explanation: The correct steps to create a keyword dictionary in Microsoft 365 Compliance center include visiting the Compliance center, clicking on ‘Data classification’, and then clicking on ‘+ Create’ under ‘Dictionaries’ and filling in the requested information.
You can add up to 100,000 entries in a keyword dictionary.
- a) True
- b) False
Answer: b) False
Explanation: A keyword dictionary in Microsoft 365 Compliance center can include up to 50,000 entries.
It is not possible to edit keyword dictionaries in Microsoft 365 Compliance center.
- a) True
- b) False
Answer: b) False
Explanation: Keyword dictionaries can be edited in Microsoft 365 Compliance center. You can add, remove, or change dictionary entries.
The changes made to keyword dictionaries take effect immediately.
- a) True
- b) False
Answer: b) False
Explanation: The changes made to keyword dictionaries usually take up to 24 hours to propagate across all services and take effect.
A keyword dictionary can be used in Microsoft Teams for monitoring communications.
- a) True
- b) False
Answer: a) True
Explanation: Keyword dictionaries can be used in various areas including compliance features in Microsoft Teams to monitor communications effectively.
Interview Questions
What is a keyword dictionary in Microsoft Information Protection?
A keyword dictionary in Microsoft Information Protection is a feature used in creating data loss prevention (DLP) policies. It is a list of words or phrases that you specify. When content containing these words or phrases is shared, it triggers corresponding DLP rules.
Can you edit a keyword dictionary once it’s been created?
Yes, you can edit a keyword dictionary once it’s been created. You can add or remove keywords or phrases as per your requirements.
How many keyword dictionaries can you create per tenant in Microsoft 365?
You can create up to 100 keyword dictionaries per tenant in Microsoft 365.
What is the maximum number of terms that you can add to a keyword dictionary?
You can add up to 5000 terms to a keyword dictionary.
Can a keyword dictionary be used across multiple policies?
Yes, a keyword dictionary can be used across multiple Data Loss Prevention (DLP) policies.
What type of information is typically represented in a keyword dictionary?
A keyword dictionary can contain sensitive information such as medical terms, project codenames, product names, or financial indicators that help to identify and protect the data specific to a particular organization.
What permissions are needed to manage a keyword dictionary?
To manage a keyword dictionary, you need to have either Global administrator or Compliance data administrator permissions.
How does a keyword dictionary work in detecting sensitive information?
When content is shared, the DLP policy scans the content for terms listed in the keyword dictionary. If a match is found, the policy can take actions like sending a notification, blocking the content, or allowing the user to override the action.
Can you delete a keyword dictionary?
Yes, you can delete a keyword dictionary. However, you must first ensure that the dictionary is not being used by any policy.
Which actions can Data Loss Prevention take when content matches a keyword dictionary?
When content matches a keyword dictionary, DLP can take actions like sending an email notification, showing a policy tip to the user, blocking the content from being shared, or allowing the user to override the action with a business justification.
Can a keyword dictionary contain multiword phrases?
Yes, a keyword dictionary can contain multiword phrases. Each phrase is treated as a separate term.
What language support does a keyword dictionary provide?
A keyword dictionary supports all languages that are available in Microsoft Office products.
How can you test the effectiveness of a keyword dictionary?
You can test the effectiveness of a keyword dictionary by creating a test DLP policy and applying it to a limited set of users or content. Then, you can monitor the match results and adjust the terms in the dictionary as needed.
Can you import keywords into a dictionary from a file?
Yes, you can import keywords into a keyword dictionary from a CSV file.
How can a keyword dictionary be used in complying with regulatory requirements?
A keyword dictionary can be used to define terms that are relevant to specific regulatory standards. By applying DLP policies based on these dictionaries, an organization can prevent the unauthorized distribution of regulated information, which helps them comply with legal and regulatory requirements.
extutorials.com