Hello and welcome back to the Compliance Chronicles. My name is Shaun Hughes, and in today's episode, I'm going to talk to you about how your organization can leverage Microsoft compliance to protect sensitive information using labels. An important part of compliance is protecting your sensitive information effectively. All businesses have sensitive data, whether it be employee information, appliance information, health information, trade secrets, or sales account insights, whatever it might be, it needs to be protected.
Labels are a feature of Microsoft compliance that helps organizations do just that. In this episode, we're going to share best practices for using labels and what to keep in mind when designing your label architecture. Microsoft Compliance is an additional layer of protection that focuses on the content itself, and it does this by working in conjunction with other parts of the Microsoft Suite, such as identity and security Labels are easy to deploy and quickly provide extra protection against bad actors attempting to access your organization's sensitive data By implementing labels, your organization can reduce risk of information loss, protect your organization against fines, and mitigate negative impacts to your reputation.
Now, the labels referred to here a Microsoft 365 sensitivity labels sometimes referred to as might be labels or Microsoft Information Protection Labels or unified labels and previously known as AP Labels These labels include several features, and it's the combination of these features that you should consider in your design. And here I'm going to touch on the major ones Now, first, the label itself as a simple indicator that's visible to use is an application such as Word and Excel, where the label has been applied.
The existence of the label should indicate to the user how to treat the document and its contents. So associated policies and guidelines the label is also visible to other compliance tools such as DLP or data loss prevention. And these tools know how to treat the document. So in the case of DLP, a document with a specific label may be blocked from leaving the organization.
So as an illustration, if a document says an internal only label applied, the user should know through company policy that it shouldn't be shared outside of the organization. And policy may support that by preventing it from leaving. So the label itself works as an indicator to behavior. It's both uses and systems. The next step in functionality would be to add additional marking.
This could be a header and footer or watermark. And this makes the labeling more visible. To the user by presenting a more obvious message. Again, the other tools like DLP, are aware of the application of the label, irrespective of the end user features that we apply Labels can also encrypt the contents of documents and emails. And this is one of my favorite features, and it's very easy to use because there's no difference in how the label is applied, which we'll talk about in a moment.
But when it is applied, the content is automatically encrypted, and this encryption is configurable with several settings. So, for example, organizations can control for each individual label who can read the contents the label has been applied to, who can edit it and maybe put a time limit on access The final label feature I'll mention is the application to Containers.
That's Microsoft teams, 365 groups and SharePoint sites. This is an area where Microsoft appears to be adding some great new features. Currently, when a label is applied to a container. Organizations can control privacy the external user access, deny access window, manage device and more through mechanisms like conditional access policies.
So there we touched on some features that can apply additional protection to content and support your governance policies. Next, let's look at how organizations can apply labels. Labels can be applied both manually and automatically. Users can manually apply labels to content by simply selecting the sensitivity button on the office ribbon and then the desired label. And the same method is used across most office applications.
And removing or changing the label is the same process. Labels can also be applied to PDFs. Another files through Windows File Explorer using the unified labeling clients. Now, one important item to note here regarding the users and when labels are created, they are issued to specific groups of people. So not everyone sees every label as an example. An executive team could be issued with a label which, when they apply to a document, may be a policy.
It allows employees read only access and denies access to anyone else outside of the organization. The employees don't necessarily get to use that label themselves. They don't get to apply it because it hasn't been issued to them. So the publication of the labels to the users is also part of your design Now, labels can also be applied automatically.
There are several tools that can do this for us. For example, detection of a health card number or an invoice number that can trigger the automatic application of an appropriate label. This can apply to both online and on premises content. And there are other tools as well. So as you can see, there are many ways labels can be leveraged to meet your organization's need and protect sensitive data.
Now, let's talk about how to develop your organization's label architecture. Here are some questions that you should consider. What sensitive data does your organization have? Because not everything is sensitive, and so not everything should be encrypted, and arguably everything should be labeled. But as we discussed, there are lots of options for labels and other features. The use, where is the content stored?
This may impact how you label. What kind of lifecycle does it have? Who needs to see it? Those questions can potentially impact your encryption choices. Think about who needs to see the document throughout its life lifecycle. This may influence the label names or the label tips. So as you can imagine, with all of those label features and the application features, it's easy for your label architecture to become complex.
And this is where our number one recommendation comes in, and that is to keep it simple And there are a couple of reasons for this. A complex label architecture leads to increased maintenance for your already busy people. The more complex the rules are, the more variation. And who can use labels translates to more maintenance and a likelihood that there will be mistakes and issues.
And then secondly, and I feel most importantly, a complex label architecture will lead to poor adoption. If choosing a label is too difficult, it will result in your people just not using them or using them incorrectly. So a small number of simple labels, along with good education, is essential to widespread usage. And this is going to be far more effective than more complex choices that just don't get used.
So don't try and start with a perfect solution, because that won't happen. But what you can do is you can start by enabling a solution that is going to improve your current situation.
Thank you for watching Episode two of The Compliance Chronicles. I hope you found the overview useful and I recommend you check out our next episode on label encryption, where we'll be looking at the pros and cons of the various encryption features. Thank you very much. Have a good day.
.png?width=373&height=128&name=POTY%20Award%20Logo_White%20(2).png "POTY Award Logo_White (2)")
.png?width=496&height=279&name=MSFT%20Ignite%20Resource%20Thumbnails%20(1).png)
