While writing a couple of posts recently I became a bit out of step with my intended schedule by discussing sensitivity for automated processes before actually discussing how Microsoft 365 deals with sensitive content.  This is fine if you are familiar with information protection within Microsoft 365, but for those of you who are not let me get back on track and discuss information protection concepts within Microsoft 365. This is the overview first in a series of posts that I will explain and demonstrate how Microsoft 365 protects an organization’s sensitive information.

Sensitive Information

There is no one way to define sensitive information.  What one organization sees as highly sensitive, another does not.  For example, most private organizations see income and salaries as highly sensitive within and outside of the government.  Within Canada however, government employees do not have that luxury.  I am not sure if this is limited to Canadian federal and provincial governments or if other governments also follow this practice.  That’s not important for this discussion though.  It was just to provide an example that different organizations have different rules for defining their sensitive content.

Microsoft 365 Information Protection

Microsoft 365 provides a number of tools to protect information within an organization.  Following are a few of the common methods.  I’ll provide a more in-depth explanation and demonstration for each in a separate post:

  • Sensitivity Labels
    • Sensitivity Labels allow an organization to classify, mark and if necessary protect content based on the sensitivity within.
    • Persistence of protections even when the data is no longer within the organization’s direct control (i.e. emailed to another user outside the organization)
  • Data Loss Prevention
    • Allows an organization to identify sensitive content
    • Prevent content that shouldn’t be shared from actually being shared (accidentally or maliciously)
  • Microsoft Cloud App Security (MCAS)
    • MCAS is a feature of M365 that sits between the tenant and the “outside world”
    • It provides analytics and visibility over traffic in and out of the organization.  This visibility allows organizations to ensure their sensitive data is not leaving the organization’s control.
    • If data is allowed to exit the organization’s control further protections can be put in place (auto-application of sensitivity labels).

As indicated this post is just an overview of the different features that Microsoft 365 provides that will allow an organization to protect its sensitive content at all times.

Thanks for reading!