Microsoft Purview Information Protection and Data Loss Prevention: Block Email Attachments with specific sensitivity Labels

Microsoft Purview Information Protection and Data Loss Prevention: Block Email Attachments with specific sensitivity Labels

No alt text provided for this image
Contents

Overview

In my previous article titled "Zero Trust Deployment Plan with Microsoft 365", I discussed the implementation of Zero Trust with Microsoft 365. We discovered that the final level of Zero Trust is Data Protection and Governance, which can be achieved through Microsoft Security Products Purview and Priva. Now, let's learn together what Microsoft Purview is and how it supports Zero Trust with Data Protection and Governance. And in the end, I will also demonstrate one of the most commonly requested scenarios with Microsoft Information Protection and Data Loss Prevention.

Microsoft Purview

According to Microsoft, Microsoft Purview is a set of tools that help you keep track of all the information your organization collects, protect it from hackers or leaks, and make sure you follow all the rules and regulations that apply to your data. This is especially important now that more people work remotely, and data is stored in different places.

No alt text provided for this image
Microsoft Purview Portal

If you're at least enabled the default required configuration, from Microsoft Purview Portal (Compliance.microsoft.com) Home Page you can see basic alerts and recommendations.


Before, there were two different sets of tools, Azure Purview and Microsoft 365 Compliance, for managing data in Microsoft Azure and Microsoft 365. Now, they have combined them under one brand called Microsoft Purview.

The new brand name Microsoft Purview helps manage these different platforms through two main categories of solutions.

No alt text provided for this image
Microsoft Purview Overview (from Microsoft Docu)

Today I will focus on Information Protection and Data Loss Prevention, which a part of “Risk & Compliance”. But before this, I just want to give brief description of both “Risk & Compliance” and “unified data governance”

Microsoft Purview Risk and compliance solutions

 First, there are "Risk & Compliance" solutions that help manage data specifically in Microsoft 365 environments. This means that the tools are designed to work with data that is stored and used within Microsoft 365 applications and services (for example: Microsoft Teams, SharePoint, OneDrive, Exchange). Microsoft Purview's Risk and Compliance Solutions are aimed at managing, monitoring, and protecting information while reducing risks and ensuring compliance with regulations.

Solutions:

-         Insider risk management

-         Communication Compliance

-         Information Protection

-         Data Loss Prevention

-         Information Barriers

-         Record Management

-         Audit

-         eDiscovery

More info about Risk & Compliance

Microsoft Purview unified data governance solutions

Secondly, there is "Unified Data Governance" which is focused on managing data in different infrastructures such as on-premise, cloud, and software as-a-service (SaaS) applications. This means that the tools are more flexible and can work with data that is stored in different places, regardless of whether or not it is part of the Microsoft ecosystem ( for example : Azure Storage, Power BI, SQL DB, Amazon S3 file services).

No alt text provided for this image
Microsoft Purview Governance ( from Microsoft Docu)


Microsoft Purview Key Solutions in the governance portal:

-         Data Map

-         Data Catalog

-         Data Sharing

-         Data Policy

-         Data Estate

More Info about Unified Data Governance

Microsoft Information Protection - Sensitivity Labels

Microsoft Information Protection (MIP) is a set of tools and technologies that help organizations to classify, label, and protect sensitive information in emails, documents, and other digital assets.

 License Requirements:

Microsoft Purview Information Protection is a key solution that is included in the Microsoft 365 E5 Compliance Suite or Microsoft 365 E5 Compliance capabilities and features are also included in the Microsoft 365 E5 license.

The MIP Framework for Microsoft Purview provides a structured approach to managing data in an organization.

 This framework aims to help organizations effectively manage and secure their data assets.

 Know your data:

This step involves discovering, classifying, and cataloging your data to gain a better understanding of its sensitivity and value. This includes identifying where data resides, who has access to it, and how it is being used. By understanding your data, you can develop appropriate policies and procedures for managing and protecting it and prioritize resources accordingly.

No alt text provided for this image
Known your Data Zero Trust Deployment ( from Microsoft docu)

Protect your data:

In this step, you apply appropriate security measures to protect sensitive data. This can include access controls, encryption, data loss prevention, and other technologies and techniques. It also involves educating employees on the importance of protecting data and how to handle it securely. Protecting your data helps prevent unauthorized access, theft, and other threats.

No alt text provided for this image
Protect your data - Zero Trust deployment ( from Microsoft docu)

Prevent data loss:

Microsoft Purview – Data Loss Prevention

This step involves monitoring and auditing data usage to identify and prevent unauthorized access, sharing, or leakage of sensitive information. This can include analyzing user behavior and activity, implementing data loss prevention technologies, and manage regular security assessments. By preventing data loss, you can help ensure compliance with regulations and protect your organization from reputational damage and financial losses.

No alt text provided for this image
Prevent Data Loss - Zero Trust Deployment ( from Microsoft docu)

More information about Information Protection

Secure data with Zero Trust

As I said before in my earlier post on Zero Trust using Microsoft 365, a Zero Trust setup has several parts:


Identity > Application > Data > Infrastructure > Networks > Visibility, Automation

About the first three steps of protecting data from Information Protection: knowing your data, protecting your data, and preventing data loss. Additionally, there is one more step called:


 Monitor and Remediate

Continuously keeping an eye on sensitive data can help you spot any policy violations or risky user behavior. This way, you can take appropriate action, such as revoking access, blocking users, or refining your protection policies.

Once we understand and classify our data and sensitive content, now several steps can take.

Some following Information Protection features are available for protecting sensitive Data:

- Policies for blocking or removing emails, attachments, or documents

- Audit, Report, Monitoring ( for example Track data moves inside and outside of organization)

- Encrypt files with labels and restrict access

- Automation for Labeling classification with Policies 


Test Scenario: Block Email Attachments with Sensitive Data

You can use Microsoft Information Protection together with Data Loss Prevention Policies and block email attachments with sensitivity labels.

If we use the concept which described the previous paragraph, first we must know and classify our sensitive data

How to create and deploy sensitivity Labels with Microsoft Purview

 You can find Sensitivity Labels from Microsoft Purview Portal under Information Protection

No alt text provided for this image
Microsoft Purview Portal - Information Protection

Sensitivity Labels

You can use one of the default labels or create your own custom labels, or Auto-Labeling for files and Emails with Sensitive Info Types. Microsoft Purview Portal you can reach a lot of “Sensitive Info Types” such as Credit Card numbers, Tax IDs, and Bank Accounts. You can also create your own “Sensitive Info Types” to define your Data with custom Patterns. 

In this demonstration, I will continue with current Confidential Label and will create Label Policy for this Label

Label Policy

After you've established your sensitivity labels, you can generate a policy for the label. The policy could include distributing the labels to group of users or all users. The users have to always apply a label to documents or emails.

No alt text provided for this image
Information Protection - Sensitivity Label Policies

 Publish the label Policy and assign it to the required users or groups. Configure Policy Setting as illustrated

No alt text provided for this image
Publish Label Policy


Data Loss Prevention Policy

 We have defined, classified, and labeled our sensitive data, and it is now time to protect and prevent it based on our specific scenario. A Data Loss Prevention (DLP) policy can assist in safeguarding confidential information and implementing centralized actions when data of a matching sensitive type is detected in the system.

By accessing the portal, you can navigate to the Data Loss Prevention section and view an overview containing interactive information about the sensitive data within your organization

No alt text provided for this image
Data Loss Prevention

Create DLP Policy for Block E-Mail-Attachments

No alt text provided for this image
DLP Policy

Define your name and description, then Choose Exchange Email as Location

No alt text provided for this image
DLP Policy - Location

Create a new rule and set it up in accordance with the following instructions:

No alt text provided for this image
DLP Policy - Custom Rule

Turn on Policy and Submit

No alt text provided for this image
DLP Policy - Policy Mode

New Policy is Ready and Active

No alt text provided for this image
DLP

Proof Scenario with End User

If the Sales Team Users (i applied policy to Sales Team) open a new Document, required to apply a label.

No alt text provided for this image
Word Document with Sensitivity Labels

The user will get a block notification if we try to send a document with a sensitivity label to an outside organization. 

No alt text provided for this image
Outlook - New Email to outside Organisation

Conclusion

 I attempted to provide general information about data protection using Microsoft Purview and tested the "block attachment from being sent with a sensitivity label" scenario. The DLP policy illustration shows that there are various types of locations where DLP policies can be applied. In this example, the policy was only applied to emails. Additionally, DLP policies, also Sensitivity Labels can be used with Microsoft Defender for Cloud Apps.

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics