Monitoring information protection – Microsoft SC-400 Certification

Within the Microsoft 365 compliance center, you can utilize the Data Classification section, which provides intelligence about your business data after it has been classified. This will assist you in finding areas that are exposed and risks to inform policies that enable you to protect and govern your content:

Figure 5.23 – Data classification

Not only does it help when developing an understanding of your data, but it also helps you to monitor the status of the classification on an ongoing basis. The following tabs from the Overview pane are the most relevant to information protection:

  • Top sensitive info types
  • Top sensitivity labels applied to content
  • Top retention labels applied to content
  • Top activities detected
  • Locations where sensitivity labels are applied:

Figure 5.24 – Monitoring information protection

You should now understand where you can monitor and gather data about sensitivity labels that have been implemented in your tenant and which classifications are the most relevant ones. In the next section of the chapter, we will take a closer look at applying bulk classification to on-premises data and managing protection settings.

Applying bulk classification to on-premises data and managing protection settings

Having the ability to protect on-premises data and files with an information protection solution is crucial in a hybrid scenario and also when looking to migrate to cloud platforms.

Unified the labeling scanner

The unified labeling scanner allows you to label on-premises data. The following list is an example of situations when you may need to utilize the labeling scanner:

  • Data privacy conditions from the data protection team, for example:

A. Before uploading files into the cloud, they should be labeled.

B. Sensitive data being handled in a special way.

C. Specific requirements from legal and purchasing departments.

D. Only storing data in a certain territory.

E. Understanding your on-premises data by running a scan.

The previous list is just a few examples of when you would look at utilizing the unified labeling scanner.

Unified labeling best practice requirements

The unified labeling scanner scans and protects data within your on-premises infrastructure, including files shares, local SharePoint servers, and NAS storage devices.

The scanner utilizes sensitivity labels that are configured in the following Microsoft 365 labeling admin centers, including the following:

  • Microsoft 365 Security Center
  • Microsoft 365 compliance center
  • Microsoft 365 Security and Compliance Center

Before you can implement and install the unified labeling scanner, you need to meet the following requirements:

  • Install SQL Server Database (SQL Express will suffice).
  • Download the unified labeling client .exe file, including the scanner.
  • Any of the following roles:

A. Compliance Data Administrator

B. Security Administrator

C. Global Admin

  • Azure AD token.
  • Windows Server 2016 or 2019 with a user interface.
  • A service account with the following requirements:

Leave a Reply

Your email address will not be published. Required fields are marked *