Download a PDF version of this document
As promised, I have updated the Kick-Start Guide with the latest changes to the solutions stack, along with additional solutions from Microsoft that can enhance your organisation’s Information Protection and Data Loss Prevention capabilities.
This guide provides much-needed and sometimes difficult-to-find information to help you or your company begin the MIP and DLP, Information Protection journey. Now includes advanced logging, monitoring and alerting with Microsoft Sentinel.
Furthermore, I have extensively rewritten the guide, incorporating shared experiences from the field regarding best practice approaches, as well as valuable tips and tricks.
You’ll find the Contents below: they provide an understanding of what’s included.
Feel free to connect with me on my social accounts to share any feedback you may have.
Thank you, and enjoy!
Contents
1 Introduction ……………………………………………………………………………………………………………… 5
1.1 Background ………………………………………………………………………………………………………… 5
1.2 Purpose……………………………………………………………………………………………………………… 5
1.3 Scope ………………………………………………………………………………………………………………… 5
1.4 Structure ……………………………………………………………………………………………………………. 6
1.5 License Requirements ………………………………………………………………………………………….. 6
2 Microsoft’s Four Pillars of Compliance …………………………………………………………………………… 7
2.1 Know Your Data ………………………………………………………………………………………………….. 7
2.2 Protect Your Data ………………………………………………………………………………………………… 7
2.3 Prevent Data Loss………………………………………………………………………………………………… 7
2.4 Govern Your Data (Not covered in this guide) …………………………………………………………… 7
3 Data Classification ……………………………………………………………………………………………………… 8
3.1 Sensitive Information Types ………………………………………………………………………………….. 8
3.2 Trainable Classifiers……………………………………………………………………………………………… 9
3.3 Exact Data Match ………………………………………………………………………………………………… 9
3.4 Viewing Sensitive Data – Content Explorer (E5 feature) …………………………………………….. 11
3.5 Viewing User Activity – Activity Explorer (E5 feature) ………………………………………………. 11
3.5.1 Recent Changes …………………………………………………………………………………………………………. 12
3.5.2 Contributing Links:……………………………………………………………………………………………………… 12
4 Microsoft information Protection | Sensitivity Labelling (E3 & E5) ……………………………………. 13
4.1.1 Labelling Options ……………………………………………………………………………………………………….. 13
4.2 Shared Experiences on Labelling…………………………………………………………………………… 14
4.2.1 The Importance of Sensitivity Labelling ………………………………………………………………………….. 15
4.2.2 The Process of Classification Taxonomy …………………………………………………………………………. 15
4.2.3 The Good Practices for Labelling Deployment …………………………………………………………………. 16
4.2.4 The Importance of Classification Taxonomy ……………………………………………………………………. 17
4.2.5 The Steps of Classification Taxonomy …………………………………………………………………………….. 17
4.2.6 Label Hierarchy………………………………………………………………………………………………………….. 17
4.2.7 User Education and Awareness …………………………………………………………………………………….. 19
4.2.8 Review and Iteration ………………………………………………………………………………………………….. 19
4.2.9 Legacy Labelling Taxonomy ………………………………………………………………………………………….. 20
4.2.10 Recommendations for a Transition to Sensitivity Labels ………………………………………………… 20
4.3 Contributing Links: …………………………………………………………………………………………….. 21
4.4 Container-Level, Groups & Sites Labelling ……………………………………………………………… 23
4.4.1 Contributing Links:……………………………………………………………………………………………………… 24
4.5 Teams Meeting Labelling …………………………………………………………………………………….. 25
4.5.1 Contributing Links:……………………………………………………………………………………………………… 27
4.6 Auto-Labelling Service-Side & Cloud Data Discovery & Labelling Enforcement (E5) ……….. 28
4.6.1 Contributing Links:……………………………………………………………………………………………………… 29
4.7 Labelling Policies ……………………………………………………………………………………………….. 29
5 AIP Unified Labelling Client vs Built-In Labelling Client ……………………………………………………. 30
5.1 AIP Unified Labelling Client………………………………………………………………………………….. 31
5.2 Built-In Client ……………………………………………………………………………………………………. 32
5.3 Contributing Links: …………………………………………………………………………………………….. 32
6 Microsoft Purview Information Protection scanner (Discover E3, Enforce E5) On-Premises Data Discovery & Labelling Enforcement ……………………………………………………………………………………. 33
6.1.1 Shared Experiences ……………………………………………………………………………………………………. 34
6.2 Contributing Links: …………………………………………………………………………………………….. 34
7 Data Loss Prevention (E3 & E5) …………………………………………………………………………………… 34
7.1 M365 Data Loss Prevention (E3) …………………………………………………………………………… 35
7.2 DLP Policies ………………………………………………………………………………………………………. 35
7.2.1 Policy Tips ………………………………………………………………………………………………………………… 36
7.2.2 Overrides …………………………………………………………………………………………………………………. 36
7.2.3 Summary ………………………………………………………………………………………………………………….. 36
7.2.4 Test Mode ………………………………………………………………………………………………………………… 36
7.2.5 Recent & New Features ………………………………………………………………………………………………. 36
7.2.6 Summary ………………………………………………………………………………………………………………….. 37
7.3 Teams DLP (E3) & (E5) ………………………………………………………………………………………… 37
7.3.1 Contributing Links:……………………………………………………………………………………………………… 38
7.4 EndPoint DLP (E5) ……………………………………………………………………………………………… 38
7.4.1 Contributing Links:……………………………………………………………………………………………………… 40
7.5 On-Premises Data Loss Prevention Scanner ……………………………………………………………. 40
7.5.1 Contributing Links:……………………………………………………………………………………………………… 40
7.6 DLP Collective Contributing Links: ………………………………………………………………………… 41
7.7 Data Loss Prevention Alerting………………………………………………………………………………. 42
7.7.1 DLP Alerting………………………………………………………………………………………………………………. 43
7.7.2 DLP Auditing ……………………………………………………………………………………………………………… 43
7.7.3 DLP Overview ……………………………………………………………………………………………………………. 43
7.7.4 Contributing Links:……………………………………………………………………………………………………… 43
8 Information Barriers v2 (E5) ……………………………………………………………………………………….. 44
8.1 Contributing Links: …………………………………………………………………………………………….. 45
9 Multi-Geo ……………………………………………………………………………………………………………….. 46
9.1 Shared Experiences ……………………………………………………………………………………………. 46
9.2 Contributing Links: …………………………………………………………………………………………….. 46
10 Compliance Boundaries with Compliance Filters* (E3 & E5) …………………………………………….. 47
10.1 Contributing Links: …………………………………………………………………………………………….. 48
11 Encryption Customer Key & Service-Level Encryption (E5)……………………………………………….. 48
11.1 Contributing Links: …………………………………………………………………………………………….. 48
12 Availability Key (E5) ………………………………………………………………………………………………….. 49
12.1 Contributing Links: …………………………………………………………………………………………….. 49
13 Azure Key Vault ……………………………………………………………………………………………………….. 49
13.1 Contributing Links: …………………………………………………………………………………………….. 50
14 Customer Lock Box (E5) …………………………………………………………………………………………….. 50
14.1 Contributing Links: …………………………………………………………………………………………….. 51
15 AIP Super User – Encryption & Decryption ……………………………………………………………………. 51
15.1 Contributing Links: …………………………………………………………………………………………….. 51
16 Defender for Cloud Apps & Information Protection Integration (E5) …………………………………. 52
16.1 Contributing Links: …………………………………………………………………………………………….. 52
17 Microsoft Sentinel ……………………………………………………………………………………………………. 53
17.1 Shared Experiences ……………………………………………………………………………………………. 53
17.2 Contributing Links: …………………………………………………………………………………………….. 54
18 Additional Links for Continued Information, Research, Updates and Announcements ………….. 55
18.1 Contributing Links: …………………………………………………………………………………………….. 55
19 About Me ……………………………………………………………………………………………………………….. 56
20 Concluding This Kick-Start Guide …………………………………………………………………………………. 57
20.1 Important Notes: ………………………………………………………………………………………………. 57