You can automatically designate a sensitivity label to emails and files when they match the conditions you have stipulated. It is important to automatically apply sensitivity labels for the following reasons:
- There is no need to train users in terms of when to use each of the classifications.
- Users do not need to classify all content correctly.
- Users do not need to know about the policies you have set.
Automatic labeling cannot replace content that has been labeled manually; however, it can with lower-priority labels that have been created automatically. When it comes to automatic labeling, there are two methods you can use when applying sensitivity labels to data in Microsoft 365:
- Client-side labeling when users edit a document or compose emails: This automatic labeling method supports both recommending a label and automatically applying a label.
- With client-side labeling, the user decides to accept or reject the label, which helps ensure the right labeling of content. Auto-labeling is not supported on all client apps; it is supported by the Azure Information Protection unified labeling client, and some versions of Office. You can find a full list of supported Office apps at the following link: https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide#support-for-sensitivity-label-capabilities-in-apps.
- Service-side labeling when content is already saved or emailed: This method is also referred to as auto-labeling for data at rest and data in transit. For Exchange, this does not include emails in the mailbox (at rest).
You do not need to be concerned with what apps and versions users have because this type of labeling is applied by services instead of applications. This means it is the best choice for labeling at scale throughout your business.
Creating an auto-labeling policy
The following are the steps to create an auto labeling policy:
- From within the Microsoft 365 compliance center, browse to Solutions > Information protection:
Figure 5.15 – Information protection menu
2. From within the Information protection menu, choose Auto-labeling:
Figure 5.16 – Auto-labeling menu
3. Choose + Create auto-labeling policy, which will open up the new policy wizard:
Figure 5.17 – New policy wizard
4. On the Choose info you want this label applied to screen, choose the relevant template from the available choices and then click Next:
Figure 5.18 – Template choices
5. From the Name your auto-labeling policy screen, you will be required to insert a relevant and unique name as well as an optional description, and then click Next:
Figure 5.19 – Name and description
6. From the Choose locations where you want to apply the label screen, you will need to choose the locations for SharePoint sites, OneDrive, and Exchange, and then click Next:
Figure 5.20 – Label location
7. From the Set up common or advanced rules menu, you have two options:
- Common rules: Keep this default setting to classify rules that identify content that will be labeled across the selected locations.
- Advanced rules: Select this option if you are required to configure different rules per location:
Figure 5.21 – Common or Advanced rules
8. In this next step, you have the option of configuring new rules by utilizing conditions and exceptions; however, this is dependent on the previous choices you have made.
Note
The sensitivity information types are the same as the ones you chose for auto-labeling for Office apps.
9. On the Choose a label to auto-apply screen, you will need to click on + Choose a label, and then choose a label from the Choose a sensitivity label screen. Once completed, click Next:
Figure 5.22 – Choose a label to auto-apply
- On the Decide if you want to test out the policy now or later screen, you have two options:
• Run policy in simulation mode: This is if you feel you are ready to test straight away. No content is amended in simulation mode.
• Leave policy turned off: If you select this option, then the policy will remain inactive until you are ready to test in simulation mode. - On the Summary screen, you can review the entire label configuration before completing the steps.
In this section of the chapter, we have covered an overview of auto-labeling and then run through a lab exercise to configure auto-labeling. In the following section, we will discuss monitoring label usage and information protection in general.
Leave a Reply