IT Managed Services
Upgrade your IT
Protect your business
Solve your problems

Support your technology and your people. We can completely manage your IT, or support your existing team through co-managed IT.

Person using multi-factor authentication on cellphone

Get a security partner that will help you manage your risks. Gain a 24/7 security team that is ready to respond to threats to your business.

Work with us to solve complex problems. Engage us for a one-time project, or keep us on a monthly retainer for on-demand expertise.

New M365 Security Tools: Automate Data Governance Policies & Controls

February 10th, 2021 | IT Security, Microsoft 365, Security Policies

Today, you’re faced with defending your business from both malicious hackers and the unsuspecting employees they targetAs many growing organizations work to properly manage their data security and compliance needs, they face a common challenge: marrying data governance and scalability. At the end of 2020, two new features were added to Microsoft 365’s Information Protection (MIP) solution to help companies overcome this challenge in a controlled and automated way:  

  1. Automatic Sensitivity Classification & Encryption 
  2. Mandatory Sensitivity Labeling for Office Apps  

These new additions make it easier for your business to maintain proper data governance of your sensitive information consistently, and over time. Before we dive into what each of the new features can do, let’s take a moment to talk about the Microsoft Information Protection (MIP) solution they are built within, what it does, and how you can access its security and compliance tools.  

What is Microsoft Information Protection (MIP)?

Microsoft Information Protection (MIP) for Microsoft 365 helps you identify, classify, and protect sensitive information no matter where it’s stored or how it’s shared. MIP is integrated into the E5 licensing, E3 licensing, and Microsoft 365 Business Premium subscriptionsThe system works to protect your business and the data it shares among employees and third parties.  

The addition of the two new features mentioned above enhance MIP’s core capabilities to help you more effectively: 

  • Protect information from being leaked and susceptible to misuse by untrusted and/or malicious individuals  
  • Review when data is accessed, by whom, and what actions were taken 
  • Enhance employee productivity and collaboration by streamlining file storage and access for teams 
  • Balance IT security and employee productivity using flexible protection controls  
  • Enable employees to share and collaborate on files and alerts them when something is wrong 
  • Provide upper management with the transparency they need to be aware of the organization’s information flow patterns and roadblocks  

As of December 2020,  automatic sensitivity classification and mandatory labeling have been applied across the entire suite of Microsoft 365 applications, including Word, Excel, PowerPoint, and Outlook.   When combined with Microsoft security tools like threat protectionidentity and access management, and IT security management, MIP’s capabilities allow you to leverage a full-scope cyber resilience strategy that helps you discover, classify, protect, and monitor your sensitive files and data.  data governance

Source: Microsoft

The AI integrated within Microsoft 365 can identify the type of data discussed and shared within the file to determine the sensitivity level of the information concerned. This feature can be configured to either recommend or automatically apply a sensitivity label to a file or email if it includes confidential information such as social security numbers, credit card information, bank account numbers, and/or international identifiers. 

Automate the Application of Sensitivity Labels and File Encryption Policies

When you consider thamount of data being communicated across your business – within Word, PowerPoint, Excel, etc. – you have to account for a variety of sensitive information, where it lives, who has access to its file, and what actions they are permitted to take with the data concerned.  

Sensitivity labels serve to classify email messages, documents, sites, and more so that when the label is applied, the data concerned is protected based on the level of settings you choose. data sensitivity label

Source: Microsoft

Microsoft’s Information Protection’s new automatic sensitivity classification and encryption tool allows you to specify an appropriate sensitivity classification and encryption level for your company’s various types of data, and automate the deployment of these policies and security levels across your organization. 

For example, you can use labels to restrict file folder access to a specific department, automatically encrypt sensitive files being sent via email, mark content with watermarks, and more.

data sensitivity labelSource: Microsoft

You can put the right IT data security policies and controls in place to protect your business-critical information without involving your staff who works with that data every day. As a result, you can reduce human error and improve your organization’s IT security posture across all departments and teams.  sensitivity label email In a time where privacy matters more than ever before, it’s important to look at your data responsibility and data mishaps concerning customer information can be prevented. It’s even more important to identify what scalable solutions you can leverage to prevent future risks while enhancing productivity along the way. The proper use of automatic sensitivity labeling and encryption helps remediate the risks that accompany poor data governance and maintain the appropriate data standards moving forward. Its scalability helps simplify the process of strategically acting on data security policies and procedures appropriate for your unique needs and industry requirements. encryption based on data label For example, consider this common scenario… one of your employees accidentally attaches the wrong file to an email, a file that contains designated confidential information about a client that is highly sensitive to the client concerned. Your business’s reputation and customer trust depend on keeping access to this information private and as secure as possible. Now consider that you have properly configured Microsoft’s Automatic sensitivity classification feature to block the attachment from being sent altogether, preserving data integrity, information security, and appropriate levels of access to data. The risk is immediately mitigated, and your reputation is maintained because you took a strategic approach to leverage tools you were already paying for with your Microsoft 365 subscription. A situation that could have resulted in a lost client, legal penalties, and other consequences was prevented by leveraging the proper automation and data governance policies.

Automate Mandatory Sensitivity Labeling for Emails and Documents

The other piece behind the Microsoft Information Protection (MIP) update is Mandatory Labeling. This is another policy that can be set from the global admin that will require users to label documents and emails on their Office platform. Mandatory labeling requires employees to apply a label before they can save documents, send emails, or create new groups or sites. When creating documents and emails, labels can be applied manually by the employee, automatically based on a pre-configured condition your IT team sets, or by default based on a default label associated with a Team channel, M365 group, and/or SharePoint site. sensitivity-labels-mandatory-prompt-aipv2-outlook

Source: Microsoft

For containers, the label must be assigned when the group or site is created. While there is no limit to the number of sensitivity labels you can create and publish, your IT consultant should minimize the number of labels and complexity of the label policy so it’s easy for your team to be both productive and secure as they work. It’s important that these policies are rolled out strategically and with the right user education to support success and positive adoption feedback in the future. Your data governance team should work with your company’s key stakeholders to understand what data is used, by whom, when, and why. These strategic discovery conversations help your Chief Information Officer (CIO) or IT consultant to design and implement the right data governance policies and controls for your business.

How Are Mandatory Sensitivity Labeling Policies Published to the Rest of the Organization?

Sensitivity labels are published to users and groups, not places or apps. For example, they are deployed to a cohort of users like a Teams group, not a location like an Exchange mailbox. The labels are based on a group’s specific roles and responsibilities to ensure the right data governance framework in place for their specific needs and data assets. In other words, mandatory labeling policies are based on the employee’s position within and relationship to the organization at a given time, so the label policy aligns with the type of information the employee handles regularly. The beauty behind this is, this is not just a feature for Windows 10. It’s available for Mac, iOS, and Android. Mandatory labeling gives you the full retrospect of how you work to protect your data, maintain correct labeling, and decide what triggers the function to classify information as highly confidential, confidential, or general. The Microsoft Information Protection for mandatory labeling within the Office 365 applications was released in December 2020. The Azure Information Protection with the M365 groups of supporting sensitivity labels was also released in December 2020. Microsoft 365’s security capabilities are increasingly leveraging business data and AI to reduce business risk and the time it takes to detect and respond to a potential threat. Learn more about our Microsoft 365 services and what we can do to help you get the most from the security tools you’re already paying for. Want to learn more about Microsoft 365’s other business benefits and tools? Check out our infographic, 3 Benefits of Using Microsoft 365 For Business.