Azure Purview is a cutting-edge unified data governance service that enables organizations to manage and govern their on-premise, multi-cloud, and software-as-a-service (SaaS) data. It provides tools for cataloging, understanding, and controlling data access, thereby providing a holistic protection landscape.
As an Information Protection Administrator preparing for the SC-400 examination, one of the crucial topics you will need to familiarize yourself with is extending existing sensitivity labels or creating new ones for Azure Purview. So let’s explore how to achieve that.
To begin with, sensitivity labels are core components in the Microsoft 365 compliance center that can be applied to maintain control over important data. Once a sensitivity label is assigned to data or an object, it remains with the data or object ensuring its protection regardless of where it moves.
Creating New Sensitivity Labels
In Microsoft 365 compliance center, follow the below steps to create a new sensitivity label:
- Navigate to ‘Data classification’ -> ‘Sensitivity labels’ -> ‘Create a Label.’
- Provide a name and description for the label.
Set up encryption and marking (like watermarks) for the label, if required. - Define how the content with this label should be handled in terms of automatic device control, content marking, etc.
- Set up an automatic or recommended labeling rule if required.
- Review your settings, then click ‘Create.’
This sensitivity label can then be extended to Azure Purview.
Extending Existing Sensitivity Labels to Azure Purview
To extend an existing sensitivity label to Azure Purview, you need to enable the ‘Protect content in Azure Purview’ setting. Here is a step-by-step guide:
- Navigate to ‘Data classification’ -> ‘Sensitivity labels.’
- Choose the sensitivity label that you aim to extend.
- Under ‘File and content settings’, go to ‘Azure Purview sensitivity label.’
- Click on ‘Protect content in Azure Purview.’
- Review the settings and then save these changes.
Remember, to view a list of sensitivity labels successfully deployed in Azure Purview, use the Azure Purview portal and navigate to ‘Data Catalog’ -> ‘Sensitivity Labels.’
Conclusion
Understanding and implementing sensitivity labels in Azure Purview is critical for maintaining a robust data protection landscape. Extending established sensitivity labels to Azure Purview ensures seamless protection across the organization and beyond. As an aspiring SC-400 Microsoft Information Protection Administrator, this understanding will undoubtedly aid you in managing your organization’s data effectively.
Practice Test
True or False: You can extend an existing sensitivity label in Azure Purview.
- True
- False
Answer: True
Explanation: Azure Purview allows you to extend sensitivity labels that already exist in your organization by applying them to additional assets and data streams.
Which of the following can be protected by using sensitivity labels in Azure Purview?
- a) Data streams
- b) SQL databases
- c) Power BI
- d) All of the above
Answer: d) All of the above
Explanation: Sensitivity labels, when applied through Azure Purview, can protect a variety of data sources including data streams, SQL databases, and Power BI resources.
True or False: Sensitivity labels in Azure Purview are applied manually.
- True
- False
Answer: False
Explanation: Azure Purview provides both manual and automated ways to apply sensitivity labels, depending on your organizational needs and preferences.
Which of the following is not considered when deciding which sensitivity labels to create or extend in Azure Purview?
- a) Legal requirements
- b) Business requirements
- c) Public accessibility of data
- d) The time when data was created
Answer: d) The time when data was created
Explanation: Legal obligaitons, business needs and the level of data sensitivity are key factors to consider when creating or extending sensitivity labels. The creation time of data is usually irrelevant in this process.
What is the main purpose of creating or extending sensitivity labels in Azure Purview?
- a) To reduce storage costs
- b) To improve data analysis
- c) To protect sensitive information
- d) To increase data volume
Answer: c) To protect sensitive information
Explanation: Sensitivity labels allow organizations to classify and protect sensitive data, a key aspect of information protection and management.
True or False: Only Azure Purview account administrators can manage sensitivity labels.
- True
- False
Answer: False
Explanation: Sensitivity labels can be managed by several roles, including Information Protection administrators, security administrators, compliance officers, and others.
In Azure Purview, sensitivity labels can be applied:
- a) Only at database level
- b) Only at file level
- c) At both database and file level
- d) Neither at database nor at file level
Answer: c) At both database and file level
Explanation: Azure Purview allows you to apply sensitivity labels at both the file level and the database level to ensure data protection across various scopes and granularity.
True or False: After a sensitivity label is applied to a data asset in Azure Purview, it cannot be changed.
- True
- False
Answer: False
Explanation: Sensitivity labels are flexible and can be modified or updated as the sensitivity or status of the data changes.
Azure Purview can discover sensitive data in:
- a) Structured data sources only
- b) Unstructured data sources only
- c) Both structured and unstructured data sources
- d) Neither structured nor unstructured data sources
Answer: c) Both structured and unstructured data sources
Explanation: Azure Purview can scan, classify, and protect sensitive information in both structured and unstructured data sources.
True or False: Azure Purview automatically identifies sensitive information and applies the appropriate sensitivity labels.
- True
- False
Answer: True
Explanation: Using built-in or custom information types, Azure Purview can automatically discover and classify sensitive information and apply the appropriate sensitivity labels.
What is the benefit of using sensitivity labels in Azure Purview?
- a) Increase data storage
- b) Improve data quality
- c) Minimize data breaches
- d) Encourage data duplication
Answer: c) Minimize data breaches
Explanation: By appropriately classifying and protecting sensitive data, sensitivity labels in Azure purview help minimize data breaches.
True or False: Azure Purview can extend sensitivity labels created in Microsoft
- True
- False
Answer: True
Explanation: Azure Purview allows extending sensitivity labels created in Microsoft 365, ensuring a consistent data protection strategy across the organization.
True or False: Azure Purview cannot scan Azure Blob Storage.
- True
- False
Answer: False
Explanation: Azure Purview can scan and classify data from numerous sources, including Azure Blob Storage.
Sensitivity labels in Azure Purview can apply protection settings such as:
- a) Encryption
- b) Watermarking
- c) Content marking
- d) All of the above
Answer: d) All of the above
Explanation: Sensitivity labels can apply several protection settings, such as encryption, watermarking, and content marking, which subsequently travel with the data.
True or False: You can use third-party tools to create sensitivity labels in Azure Purview.
- True
- False
Answer: False
Explanation: The creation and management of sensitivity labels in Azure Purview is handled through the Azure portal or the Security & Compliance Center, and not through third-party tools.
Interview Questions
What is the main functionality of sensitivity labels in Azure Purview?
Sensitivity labels in Azure Purview allow you to classify and protect your organization’s data based on its sensitivity. They enable you to manage and control access to data, as well as enforce protective actions like encryption.
How do you extend existing sensitivity labels to Azure Purview?
To extend existing sensitivity labels to Azure Purview, navigate to the Microsoft 365 compliance center, under ‘Classifications’ click on ‘Sensitivity labels’, then choose ‘File and item’ tickbox and update the label.
Which data stores does Azure Purview support for sensitivity labeling?
Azure Purview supports a variety of data stores for sensitivity labeling, including but not limited to Azure Blob Storage, Azure Data Lake Storage, Azure Cosmos DB, SharePoint Online etc.
What is the first step in creating a sensitivity label in Azure Purview?
The first step in creating a sensitivity label in Azure Purview is to navigate to the Microsoft 365 compliance center and then to the sensitivity labels page under the ‘Classifications’ section.
Can you apply encryption action as part of the sensitivity label in Azure Purview?
No, encryption actions as a part of sensitivity labels are not currently supported in Azure Purview.
Should Azure Purview and Microsoft 365 sensitivity labels have the same name for the same sensitivity category?
Yes, it is a good practice to use the same name for the same sensitivity category in Azure Purview and Microsoft 365 to maintain consistency.
How can you view the sensitivity labels applied in Azure Purview?
Sensitivity labels applied in Azure Purview can be viewed in the Azure Purview Studio under the ‘Sensitivity label’ tab.
Why might you need to extend sensitivity labels in Azure Purview?
Extending sensitivity labels to Azure Purview can offer additional control and visibility over sensitive data across various data sources.
Can sensitivity labels be applied automatically in Azure Purview?
Yes, Azure Purview allows automatic sensitivity label application based on the data’s content and context.
How do you manage who can see the sensitivity labels in Azure Purview?
You can manage who can see the sensitivity labels in Azure Purview by assigning the Data Curator role to users who you want to grant the access to.
Can you use Sensitivity labels to control access to data within Azure Purview?
Yes, sensitivity labels in Azure Purview can be used to control access to data, helping comply with regulations and ensure the confidentiality of sensitive information.
How do you import existing sensitivity labels from Microsoft 365 to Azure Purview?
Existing sensitivity labels from Microsoft 365 are automatically synchronized to Azure Purview.
Can Sensitivity labels be removed from Azure Purview?
Yes, sensitivity labels applied to an asset in Azure Purview can be removed by individuals who have the necessary permissions.
When might you need to create a sensitivity label in Azure Purview?
You might need to create a sensitivity label in Azure Purview if your organization has certain types of sensitive information that aren’t already covered by your current sensitivity labels.
How is the effectiveness of sensitivity labels in Azure Purview measured?
The effectiveness of sensitivity labels in Azure Purview can be measured by viewing the labelled assets through Azure Purview Studio dashboard and checking the label insights metrics.