Data Loss Prevention (DLP) in Microsoft Purview can be used to prevent your users from oversharing information. Oversharing information is the process of accidently or purposely sharing information with recipients that are not allowed to have or view this information.

While there are various ways to implement DLP with Microsoft Purview, one of the main ones is by leveraging DLP Policies. When taking a look at the DLP Policies pages in Purview, Microsoft gives us the following introductory text:

Use data loss prevention (DLP) policies to help identify and protect your organization’s sensitive info. For example you can set up policies to help make sure information in email and docs isn’t shared with the wrong people.

DLP makes use of so-called Sensitive info types, often referred to as SIT’s. Microsoft includes an enormous list of SIT’s you can use out-of-the-box. You can look at SIT’s as the engine in DLP, as each SIT holds a pattern and/or logic for recognizing content. A few examples of these classifiers are:

• Credit Card Number
• U.K. Physical Addresses
• User Login Credentials

If you want to take a look at the entire list I would recommend to navigate to the Purview portal, Data classification, Classifiers, Sensitive info types. At the time of writing this article the list consists of 324 items. If the pattern/logic for classifying a piece of information in your environment isn’t present, you also have the option to create a SIT yourself.

Plan first, implement second

A few questions that you should ask yourself before heading out and start configuring DLP enthusiastically:

• Which stakeholders do I have to interview or include in my team to select the right types of sensitive information for my company?
• How do I validate my setup before enforcing policies on users?
• What is my scope? What is included in my scope and what is not?
• What is my business planning and what is my planning on technology?
• How do I introduce DLP to my end-users. Should I include training or adoption?

Generally, the following step-by-step action plan would give you the opportunity to get some insights and let your users get acquainted with the introduction of DLP in their day to day jobs.

Continue reading “Microsoft Purview 101: How to set up Data Loss Prevention (DLP)” →

In a previous article, I explained the process of setting up Purview Records Management to protect your business-critical items that have to adhere to regulatory and legal standards. In this article I want to show you 3 global settings that change the behavior of Records Management.

To find this settings, navigate to the Purview portal, select Records Management and click the ‘Records Management Settings’ button in the top right.

Continue reading “3 Settings that set Purview Records Management to adhere to your requirements” →

One of the most distinct features of Purview is of course sensitivity labeling, which is part of the information protection section in the Purview portal. Before we head off to configuring sensitivity labeling and dive into what it looks like from a users perspective, let’s first talk about what sensitivity labels are.

Introduction

You can think of a sensitivity label like a stamp, which you can apply to content like documents, email and meetings. The cool thing is that the sensitivity label is added in clear text to the metadata of the files, so it travels together with the content (hence the reference to the stamp 😉). Because it’s stored in clear text, applications and services can use the sensitivity label to apply logic to it. Examples of this logic is adding a watermark to a document, protecting content from being openend by unauthorized people or content being protected from being sent outside your organization. This protection part can be done by Microsoft 365 or a third-party application. But a sensitivity label by itself can inform users of the sensitivity level of a certain item.

There are various automatic methods of applying labels to your content, but for this article we’ll focus on manually adding labels to content so we understand how the basic process works before we move on to some form of automatic labeling.

Continue reading “Microsoft Purview 101: How To Implement Sensitivity Labels” →

Records Management in Microsoft Purview can be used to:

• Setup a retention schedule for your files or folders (Just as with Purview Data Lifecycle Management)
• Mark items such as Word, Excel or Powerpoint files as records.

When an item such as a file or folder becomes a record, the item or it’s contents cannot be changed any more. This is often done to comply with legal requirements, such as those that require a certain company to retain their documents for a certain period of time and during that time, the files (that have become records) cannot be altered by anyone. This article will explain how to configure the basics of Records Management, and will show you the end-user experience.

Differences between Records Management (RM) and Data Lifecycle Management (DLM)

Let’s start by looking at the differences between Data Lifecycle Management and Records Management.

Continue reading “Microsoft Purview 101: How to Setup Records Management” →

In the previous post I talked about retention policies and how you can apply them to your environment. To keep things simple, I used static scopes in that article. But since adaptive scopes are the recommended approach for retention policies I want to show you what they can do, and why Microsoft recommends them to be used instead of static scopes.

Continue reading “Microsoft Purview 101: Using Adaptive Scopes” →

One of the core features of Microsoft Purview is Data Lifecycle Management (DLM), formerly known as Microsoft Information Governance. DLM is all about providing you with the tools you need to keep information that you need, and delete the information that you don’t. This process is of great importance for compliance with regulations, risk management en liability management.

Data Lifecycle Management in Microsoft Purview has a great overlap with Records Management, although they also have their differences. However this is something for another article. This article will explain how to configure the basics of Data Lifecycle Management, and will show you the end-user experience.

Continue reading “Microsoft Purview 101: Data Lifecycle Management (DLM)” →

Information Barriers in Microsoft 365 can be used to block (or allow) communication between groups of users and will apply to Teams, SharePoint and OneDrive. An example for a use case is a R&D department which may not communicate with the marketing department. The example used in this article is a multi-national company where users in the Netherlands are not allowed to communicate with users in Belgium because of high regulatory laws and requirements.

In this article, I will introduce you to Information Barriers in Microsoft Purview by walking you through setting up the backend and show you the impact it has on your users. Let’s go!

Setting the scene

For this demonstration, we are going to use the following employees in our fictional company:

1. Allan Deyoung and Adele Vance, working in the Netherlands Office.
2. Christie Cline and Megan Bowen, working in the Belgium Office.

Continue reading “Microsoft Purview 101: Down the rabbit hole with Information Barriers Configuration” →

Microsoft Purview has a pretty sweet feature called “Compliance Manager”. It can be used to assess your Microsoft 365 (and other non-Microsoft) environments based on various regulations like “ISO 27001” or you can create your own custom assessment that’s not based on a regulation. (Do note that at the time of writing this article, the creation of custom assessments is disabled due to an update of the process by Microsoft.)

Basics first, as always

Before we dive into the world of assessments and regulations, let’s start with the basic components of compliance manager:

Continue reading “Microsoft Purview 101: How to use Compliance Manager to help improve data protection and comply to regulatory standards in Microsoft 365” →