How to use the Sensitivity Labels published
Make sure that you have met the prerequisites of creating a sensitivity label. Read our article on creating these labels: Sensitivity Labels on Microsoft 365 Defender – EXE Files.
Firstly, we will create a file that has our published sensitivity label applied. We will now move to Word and apply a label on a document.
Here you can create a demo document. Now from the ribbon, next to Editor you can see the sensitivity button.
Click on it and you can now see your published label. If you can not see it yet, it is because your label has not been published yet. Apply this and now you have applied a label on your document. Now whenever this is shared you will be able to see that it has label applied.
We can see the label applied.
Now that we have applied the label, we want to make sure that the global admin gets an alert whenever a document is shared having a label on it. This is important for governance and ensuring that you are using your sensitivity label effectively.
How to create alerts
We go back to the admin center and from here go toe security to open our Microsoft 365 defender.
Firstly, we will make sure that all prerequisites are met here:
Scroll down and go to settings for your Microsoft 365 Defender:
Next go to cloud apps:
Then scroll down to Information Protection> Microsoft Information Protection
From here click on “Automatically Scan”:
And save this. This is important otherwise you will have to manually apply sensitivity labels which is redundant, hence this is much more advisable.
Now we will create a policy using Policy Management:
From here click on Create Policy:
Now since these labels are applied on files, we will create a file policy:
We will now add a filter that checks for the labels:
This will be the label that you have published “Internal Use”.
We will next create alerts for matching files:
Lastly under the governance actions we will apply the labels check:
Use this for both:
Now once you do all of this and create a policy you can test the sensitivity detector.
How to test
The test document that we just created we will share externally.
As soon as we share it, we will get an alert under our alerts section:
If we further look into it, we can see that the sensitivity label matched and created the alert:
We can apply further filters and checks to modify and generate a better policy for better governance. In conclusion, effectively utilizing sensitivity labels in Microsoft 365 provides a robust framework for data governance and security. By seamlessly integrating labels into documents and creating alerts through Microsoft 365 Defender, organizations can proactively monitor and manage the sharing of sensitive information. This not only enhances data protection but also ensures compliance with security policies. Implementing such practices not only strengthens the security posture of the organization but also fosters a culture of responsible data handling and sharing, crucial in today’s dynamic digital landscape.
