Using Office 365 to classify and secure your data
For years ensuring that the right metadata is attached to your data has been essential to helping you organise and manage content. Lately, with Office 365, being able to have a consistent set of labels across multiple services – Exchange and SharePoint in particular- is becoming a requirement.
This is because different data often has different requirements. Personal data may need to be identified within your tenant and not only marked accordingly, but removed when it is no longer deemed necessary. On the other hand, some organisations have a variety of data that must be kept for much longer – ranging from perhaps 5 years to over 100. This data may exist in multiple places – within mailboxes, SharePoint Team sites, Office 365 Groups and OneDrive for Business. A blanket data retention policy is now not always appropriate.
Enter Office 365 Labels
Office 365 labels allow you to define a consistent set of labels within the Security and Compliance Center in Office 365. These translate to retention tags in Exchange and can be assigned to document libraries and files in SharePoint Online and OneDrive for Business.
You can use labels to classify data as you see fit. This might be personal data, financial records or tax data, confidential data or anything you need to mark within your files and emails so that it can be found, kept, deleted or processed as required.
With a basic set of labels defined within Office 365, you can publish the labels to your employees so they can, should they need to, mark data they are working on with labels. That might be an email they have received, or it could be a file they are working on.
The content that is labelled can then follow policies you define at an administrative level. This could be to hold that data for a number of years, delete it after a certain amount of time or some combination of the two.
For example, you might choose to ensure that all data labelled as a tax record is held for up to 6 years and then can be deleted when needed. Or you may choose that personal data is not put under any sort of hold, but is deleted six years after the date it was created.
Making it easy to label data
Expecting employees to label both their existing data – which could have been accumulated over a number of years – is a quite a challenge; and even expecting employees to manually label every new file can be a challenge.
A number of options exist to make it easy for users to label data. Document Library and Email Folder based labelling can simplify organising data as a whole, and keeping it in the correct locations. Automatic policies can be created to label data by default if it’s been added to a particular SharePoint Document library.
The nirvana, of course, is not needing to ask people to label data in the first place. However hard people try, incorrect labels will be assigned, people will forget to label data or they will not store data in the correct locations.
Auto label policies allow you to use the label definitions to automatically find and apply labels to content that matches the conditions you define. There’s two main options for automatic labelling of data:
- Keyword-based search for data. This works across Exchange, SharePoint Online, OneDrive for Business and data within Office 365 Groups.
- Sensitive information types. This works across SharePoint Online and OneDrive for Business, at present.
The most compelling option for automatic labelling is using sensitive information types. Sensitive information types are defined in Office 365, and originally were used to support Data Loss Prevention policies. They are definitions of the criteria that is used to match sensitive information, so that a NI number, passport number, credit card number or similar types of information can be automatically identified. There are built-in sensitive information types to match a large number of global types, and if needed you can define and upload your own types.
You can then create policies that include the specific sensitive information you are looking for. The policy can be targeted to all SharePoint Online sites and OneDrive for Business accounts, or just a subset if required.
If you prefer to use keyword-based searches, this is possible too, and currently the only option if you need to target Exchange and Office 365 Groups. You can specify searches with conditions like AND/OR to find and target particular data. A great example of where to use this is when looking for specific keywords that your organisation uses that should not be shared externally, or wider terms like “private” or “confidential”.
After defining these policies, they will, over the course the next seven days apply to the data within your tenant. As the policies will add labels to your data which may result in data being held, marked as a record or even deleted, it’s important to make sure these policies are correct. Test first and make sure that you have reviewed the criteria for matching sensitive data, too, so you get the expected results.
Office 365 labels make it easier to have one source of the truth for what should be applied to content and data within your Office 365 tenant, instead of creating policies in different places. Not only can these be published to users to apply themselves, auto label policies can automatically find and apply labels to data within your tenant, making it much easier to have control over data.
START YOUR JOURNEY TO GDPR COMPLIANCE
Join us for our rountable events to learn more about our approach to assessing GDPR compliance and how we can help your organisation adopt Microsoft Cloud Security Technologies successfully, in time for GDPR enforcement next May.
About our author
Principle Technology Strategist | MVP - Exchange & Office 365
Steve is a 5 times recipient of the MVP (Microsoft’s Most Valuable Professional) award from Microsoft, is a regular international conference speaker, podcast host, regular blogger, plus he is the author of a number of best-selling Exchange books. Steve has worked on a vast number of Exchange and Office 365 projects across customers large and small, often with complex requirements and would love to help you on too.
Mirus IT, the long-standing Milton Keynes-based, managed services provider is now part of the IT Lab group. This acquisition sees Mirus IT, join Perspective Risk and Content and Code, in a business that now serves 890+ managed service clients, with a combined turnover...read more
Teams represents a new way of working. It’s a modern communications and collaboration platform. It’s a hub for channel and thread-based conversations. It supports live and streamed events. File-sharing and real-time instant chat. All of this surfaced in a single user...read more
Microsoft Managed Desktop (MMD) provides the best experience for users managed by Microsoft. MMD is a subscription-based service which can help to overcome business challenges such as coming away from complex Legacy systems which are making digital transformation too...read more