Sensitivity labels are on the frontline of data security, allowing an organization to classify and protect its data, regardless of where that data is stored or with whom it’s shared. This is especially important for SC-400 Microsoft Information Protection Administrators who need to ensure the security of their organization’s information. In this article, you’ll get an overview of how you can manage protection settings and marking for applied sensitivity labels.
Overview of Sensitivity Labels
Within Microsoft 365 compliance center, Sensitivity labels provide a simple way to:
- Classify data across your organization.
- Protect your data using encryption and rights management.
- Retain or delete data based on regulatory needs.
- Enable protections in the apps and services your organizations use every day.
Managing Protection Settings for Applied Sensitivity Labels
Having assigned a sensitivity label, managing its protection settings is the next step.
To manage protection settings, you will need to navigate to the ‘Information Protection’ in your Microsoft 365 Compliance Centre, then:
- Under ‘Classifications’, click on ‘Sensitivity Labels’.
- Choose a label to adjust the protection settings.
- In the ‘Protection settings’, you can adjust settings like encryption, content marking, and endpoint data loss prevention (DLP).
For example, you could set the encryption strength and designate which users have permissions to the data, allowing you to restrict access to confidential material.
Applying and Marking Sensitivity Labels
After creating and configuring your sensitivity labels, you need to publish them. To do this, you create and configure a sensitivity label policy that holds these labels.
Here are the steps to apply label policies:
- Navigate to ‘Information Protection’ in your Microsoft 365 Compliance Centre.
- Under ‘Policies’, click on ‘Label Policies’.
- Create a new policy and assign the created sensitivity labels.
You can also configure automatic labeling rules to apply labels to content that contains certain types of sensitive information, like credit card numbers or Social Security numbers. In the configuration section, you set conditions for what type of content should have the label applied, and what action should be taken once the conditions are met.
Operationalizing Sensitivity Labels
After you publish your labels, users can see sensitivity labels and apply them in their apps and services across different platforms, including Office apps on Windows, Office apps on the web, Office mobile on iOS, and Office mobile on Android.
Administrators can monitor activity related to sensitivity labels and can use label analytics to gain insights about usage.
In summary, sensitivity labels in Microsoft 365 enable organizations to classify and protect their data. As an SC-400 Microsoft Information Protection Administrator, managing the protection settings and marking for applied sensitivity labels are vital tasks in preserving security and compliance across your organization.
Practice Test
True or False: Sensitivity labels in Microsoft 365 can be used to classify and protect data throughout its lifecycle.
- True
Answer: True
Explanation: Sensitivity labels can be used to classify and protect sensitive data, based on its type and the role of the user.
What is the purpose of managing protection settings and markings for applied sensitivity labels?
- A) To classify content
- B) To control user access and permissions
- C) To remove sensitive data
- D) To automate processes
Answer: A) To classify content
Explanation: Sensitivity labels are used to classify content within a system, such as documents and emails, which helps in managing data protection.
Sensitivity labels can only be applied manually by users. True or False?
- False
Answer: False
Explanation: Sensitivity labels can be applied both manually by users, and automatically using criteria such as content detection.
Which of the following are common usage scenarios for sensitivity labels?
- A) To encrypt emails
- B) To enforce content marking
- C) To prevent data loss
- D) All of the above
Answer: D) All of the above
Explanation: Sensitivity labels are frequently used to encrypt emails, enforce content marking requirements, and prevent data loss.
Sensitivity labels can help to prevent users from accidentally sending sensitive information to the wrong people. True or False?
- True
Answer: True
Explanation: Sensitivity labels, when applied correctly, can help to prevent leakage or mishandling of sensitive information.
What happens when a document is protected with a sensitivity label?
- A) The label becomes visible to all users
- B) The document’s content changes
- C) Permissions are assigned to the document
- D) The document becomes read-only
Answer: C) Permissions are assigned to the document
Explanation: When a document is protected with a sensitivity label, permissions (such as read-only or edit) are assigned based on the classification of the label.
Microsoft 365 doesn’t allow you to edit or delete default sensitivity labels. True or False?
- False
Answer: False
Explanation: Microsoft 365 allows you to edit or delete default sensitivity labels, as well as create new ones.
Which role should be assigned to a user to manage sensitivity labels?
- A) Compliance Manager
- B) Security Administrator
- C) Auditor
- D) Data Administrator
Answer: A) Compliance Manager
Explanation: The role of Compliance Manager has the responsibility to manage data protection policies, including sensitivity labels.
The terms ‘classification’ and ‘labeling’ are the same in the context of sensitivity labels. True or False?
- False
Answer: False
Explanation: Classification refers to the categories of data sensitivity, while labeling refers to the action of applying these categories to data.
Sensitivity labels in Microsoft 365 are available in which apps and services?
- A) Exchange Online
- B) SharePoint
- C) OneDrive
- D) All of the above
Answer: D) All of the above
Explanation: Microsoft 365 sensitivity labels are integrated into Exchange Online, SharePoint, and OneDrive to help protect data wherever it lives in the Microsoft cloud.
Sensitivity labels can’t be used with Microsoft Teams. True or False?
- False
Answer: False
Explanation: Sensitivity labels can be used with Microsoft Teams to apply protection settings to team data.
Sensitivity labels can be used to permanently delete a document. True or False?
- False
Answer: False
Explanation: Sensitivity labels are used to protect and classify data, not to delete it.
Sensitivity labels encryption supports file formats for Office files only. True or False?
- False
Answer: False
Explanation: Sensitivity labels support more file formats beyond Office files, including PDFs, and more.
Sensitivity labels can be applied to containers like SharePoint sites. True or False?
- True
Answer: True
Explanation: Labels can be applied at a container level, which helps to classify all information within the container.
The encryption in sensitivity labels is backward compatible with all older versions of Office. True or False?
- False
Answer: False
Explanation: The encryption in sensitivity labels is not backward compatible with all older versions of Office; it requires Office 2010 or later.
Interview Questions
What are sensitivity labels in Microsoft Information Protection?
Sensitivity labels are tags that you can apply to classify and protect your business data, while making users aware of the data sensitivity.
In which Microsoft 365 applications can one apply sensitivity labels?
Sensitivity labels in Microsoft 365 can be applied to emails, documents in SharePoint and OneDrive, Microsoft Teams, and office apps like Word, Excel and PowerPoint.
How can you manage the protection settings for sensitivity labels in Microsoft Information Protection?
You can manage the protection settings for sensitivity labels through the Microsoft 365 compliance center. After creating a sensitivity label, protection settings like encryption, content marking, auto-labeling, etc., can be configured.
What is the use of marking sensitivity labels?
Marking sensitivity labels can be used to put visual markings on documents and emails like a header, footer or watermark, which includes the label information, making it noticeable to users to handle the data responsibly.
Can sensitivity labels control both the access and the actions users can take on documents and emails?
Yes, with options to apply encryption and content marking, sensitivity labels can control both access to, and actions users can take on, labeled documents and emails including restrict forwarding or printing.
How does auto-labeling work in Microsoft Information Protection?
Auto-labeling works by configuring rules and conditions that will automatically apply a sensitivity label when content meets the defined conditions.
Can sensitivity labels be applied to containers like Teams, SharePoint sites, and Office 365 groups?
Yes, sensitivity labels can be applied to these containers, providing settings like privacy and access control.
Can you change the default sensitivity label for a user in Microsoft 365?
Yes, the default sensitivity label for a user can be changed through the Microsoft 365 compliance center, in the sensitivity label policy.
What is the role of a Microsoft Information Protection Administrator in managing sensitivity labels?
A Microsoft Information Protection Administrator role involves creating, configuring, and managing sensitivity labels, setting up protection settings and policy, and monitoring the application of sensitivity labels on business data.
What steps would you take to enforce a sensitivity label policy?
To enforce a sensitivity label policy, first create and configure the sensitivity label and the policy in the compliance center, publish it to the users, groups or locations to be targeted, then monitor the label usage and fine-tune the policy as required.
Can sensitivity labels be removed by users once they are applied to emails or documents?
Yes, unless the administrator has blocked the ability to change or remove a label, users can change or remove sensitivity labels that have been applied.
Can sensitivity labels in Microsoft 365 help in data loss prevention (DLP)?
Yes, sensitivity labels can be used in DLP policies to identify sensitive content and enforce protective actions like block or justify when such content is shared.
Which systems is Microsoft Information Protection compatible with?
Microsoft Information Protection is compatible with Windows, macOS, iOS, Android systems, and several Microsoft 365 apps and services.
How can you monitor the usage of sensitivity labels in Microsoft 365?
You can monitor the usage of sensitivity labels through the reports available in the Microsoft 365 compliance center or by using activity explorer.
Are third-party apps and services compatible with Microsoft Information Protection sensitivity labels?
Yes, some third-party applications and services are compatible with Microsoft Information Protection sensitivity labels when they use the Microsoft-provided software development kit (SDK).
extutorials.com