As part of the Advanced Data Governance (ADG) suite of tools, Office 365 labels help you keep the data that is needed in your organization and disposes of information when it is no longer needed. Classifying content across Office 365 services entails the use of Office 365 labels. These labels are used for records management and follow governance rules as laid out by the organization and by legal authorities.
Three components comprise Advanced Data Governance:
Labels: fall under two types: sensitivity labels and retention labels (both originally were called classification labels but with the updated Office 365 UI, they have been renamed). These are used to classify the information for governance purposes. A retention policy can be associated with a label.
Retention: policies to ensure that data is not prematurely deleted but rather, once the content has reached the end of its retention period, one of three actions are triggered. Actions include: no action, delete content, or initiate a process for data review.
Supervision: assigns specific individuals to review and monitor email and third-party communications for the organization.
As collaboration is not rooted to a single location or with one source, organizations are relying upon security and compliance to ensure that data remains secure, especially when it roams with collaborators. With Office 365, this can be accomplished through the use of labels.
Sensitivity labels allows sensitive content to be labelled and protected without hindering productivity and collaboration between users from different organizations. Sensitivity labels can be used to:
Sensitivity labels classify data across your organization and enforce protection settings based on that classification.
How does a sensitivity label work? It operates similarly to tags in the sense that they are customizable, are presented in clear text, and are persistent.
Being customizable, different levels of sensitive content can be defined as categories. These include Public, Personal, General, Confidential, and Highly Confidential. Third-party apps and services can read the clear text, allowing them to apply protective actions as dictated. Once applied to content, the sensitivity labels persist in the metadata of the document or email which means that the label travels or roams with the content. The label becomes the basis for applying and enforcing policies as it includes the protection settings.
Protection settings for sensitive labels include:
When creating the sensitivity labels, it is important to list them in the right priority sequence. The most restrictive sensitivity label should appear at the bottom with the least restrictive at the top. For example, the top sensitivity can be Public with the last one being Highly Confidential. This list determines what is a lower classification should a user change the sensitivity label.
Creating Office 356 labels is a two-step process. The first step is to create the actual label which includes the name, description, retention policy, and classifying the content as a record. Once this is completed, the second step requires the deployment of a label using a labelling policy which specifies the specific location to publish and applying the label automatically.
To create an Office 365 label, following these steps:
Upon completion of creating the label, the next step is to create a label policy. Sensitivity labels are published differently than retention labels. Sensitivity labels are published to users or groups and will appear in Office apps for users and groups. Retention labels are published to locations such as Exchange mailboxes.
With label policies, you can:
To create a label policy, follow these steps:
Sublabels can also be defined and these sublabels will be seen by the user. Sublabels are a simple way of presenting labels to users in logical groups. Sublabels do not inherit any settings from the label they are under.
What if a sensitivity label is deleted from the Security and Compliance Center? Deleting the sensitivity label from the Security and Compliance Centre will not remove it from the content. The protection settings continue to be enforced on the content.
What if a sensitivity label is edited in the Security and Compliance Center? If a sensitivity label is edited in the Security and Compliance Center, the version of the label that was applied to the content will continue to be enforced. It will not change to the new settings.
Visually, this is the basic flow process for the admin, user, and Office app for using sensitivity labels:
Creating labels is a straight forward and easy process that provides detailed and complex information for the classification and retention of data, whether this data is static or dynamically roaming with collaborators. With increased mobility of collaboration, data integrity and security continue to be a focus. With Office 365 labels, classification and retention are steps that can be taken to ensure the security of data, including its deletion upon the end of its retention.
Cybersecurity has never been more on the forefront of global technological advancement as it has been now, especially for mobile security. Cyber threats have morphed into aggressive and complex attacks, and Microsoft’s mission is to empower every person and every organization to shut down cyber threats before they become attacks by providing first defenders the tools to do so with Microsoft 365’s core component Office 365 Enterprise Mobility + Security.
Office 365 Enterprise Mobility + Security (EMS) leverages artificial intelligence to provide intelligent mobility management and a security platform by increasing the security features in Office 365 and extends them across the entire environment, including third-party investments. Not only does EMS empower your employees with mobile flexibility but it secures your organization and protects its data.
The face of cyber threats and attacks change daily, resulting in challenges that are faced in securing the data environment. The first is the creativity and complexity of attacks that are now being formulated. These are more complex than the simple, identify theft that we are familiar with, though this is the step of how they gain access to your data. Digital access is global, and users can tap into information wherever they are, including stationary at a desk to moving in a car. The vastness of the digital real estate, by itself, is difficult to secure. Though we are advancing with faster, more trustworthy, and more intelligent technology, it is still expensive and time-consuming to manually correlate actions on threat and attack signals.
Office 365 EMS consists of five groups with actions to provide enterprise mobile security. These five core groups are:
Identity and Access Management
Identity theft is one of the many methods to breach data security. With EMS, there are several ways to help reduce the possibilities of data breaches with tighter requirements for identity to gain access. Access management can be enforced through several venues, including:
Securing Authentication: The one-word password for authentication no longer provides secure and guaranteed access as it once did. With the advancement of technology, the methodologies for cyber threats have also advanced. Combining software, artificial intelligence, and science, there are new ways of managing access to secured data. These include:
Govern and Protect Access: Microsoft’s “Never trust, always verify” is an apt motto when it comes to protecting and governing access. With Azure AD conditional access, Zero Trust can be delivered:
Obtain Comprehensive Identity Protection: Prevent identity attacks by implementing Microsoft Cloud Security, Azure AD Identity Protection and Azure ATP by:
Protect Your Data: Whether being shared or being toted on the go, protect your sensitive data everywhere by controlling how a file is being used by:
Integrate and Automate Security by:
Unified Endpoint Management with Microsoft Intune
Microsoft Cloud App Security – Cloud Access Security Broker (CASB)
Specialized Products in Office 365 EMS
There is no one single software that can provide extensive and complete defences for increasingly complex forms of cyber threats and attacks. A tight defence requires a combination of several services that provide solutions to possible penetrations points, thereby working synergistically to provide full protection. Each group of solutions provides protection from different attack vectors, providing maximum coverage for security. With Office 365 Enterprise Mobility and Security, a comprehensive, end to end and fully integrated enterprise solution is provided for mobile security on devices, in the cloud, and on-prem.