All posts in Information Protection

Microsoft 365 Information Protection – Encrypting MIP Label Missing in the Sensitivity Drop-Down

I ran into an issue recently that had me stumped for quite a while.  I had a client running a MIP pilot and had an encrypting MIP label missing the sensitivity drop-down options within Office Client Apps.  All other labels were there (Public, Internal, Confidential, etc.), including the labels that were configured to encrypt.  The only one that was missing was the restricted label.  This one was also encrypted, but unlike the confidential label, which had the encryption groups configured on the label itself, the restricted label allowed users to set the encryption themselves.  Keep in mind; this is expected behavior if you are working on the web version of Office, where any label that prompts users to set permissions is not supported. In this case, however, we were using the standard Office 365 client.

Read more

Microsoft 365 – Apply Sensitivity Labels for Automated Processes

When creating a policy for a sensitivity label you have the option to set a default label for the user the policy is pointed at.  You can get more information on this process at the “Apply a default label” item on Microsoft’s Learn About Sensitivity Labels page.  This method, however, has a limitation.  It only works within a mail client that can connect to the Microsoft 365 Security/Compliance endpoints.  Doesn’t seem like a huge issue right?  Well, what about automated notifications that are sent via Power Automate or another custom solution that doesn’t utilize the Outlook (or other) client?  I’ve tested this.  It doesn’t work.  If I send it from Outlook or OWA I get the default label.  If I have an automated process within Power Automate it doesn’t.  In this post, I will show you how you can apply sensitivity labels for automated processes so all of your emails can contain a sensitivity label.

Read more

Create a Sensitive Info Type in Microsoft 365

When dealing with sensitive information within Microsoft 365 you often need to utilize a sensitive info type.  This is an entity within the security console that groups data by the sensitive information it contains.  For example, a credit card is a sensitive info type and is configured to look within content for credit card number formats.  Luckily, Microsoft provides 100 pre-configured sensitivity types and they really cover a large number of possibilities.  Well, what if you have a type of sensitive data that isn’t in the provided templates.  Well, that’s where this blog post comes in handy.  In this post, I will show you how to create a sensitive info type in Microsoft 365’s security console.

Read more

SharePoint Conference North America – Information And Records Management Advanced Concepts

For the first time, I have the honour to be speaking at SharePoint Conference North America which is to be held in Las Vegas from May 19-21, 2020.  If you want to take in the workshops the conference is actually taking place from May 17 – 22.  The conference is going to be providing a ton of very handy content from recognized experts in their fields as well as experts and even some creators from Microsoft.  Considering this conference is in May and I live in the coldest part of Canada (which is saying something), hitting Las Vegas then is going to be a real treat (hopefully I don’t melt).

If you take a look at the site you’ll be able to quickly access all you need to know about the conference.  As I mentioned above, the speakers are all carefully selected as experts in their fields (I somehow slipped through the cracks 😉 ).  There will be many MVPs and Microsoft employees speaking.  In fact, the only conference I have been to that may have more is Ignite.  But every speaker knows what they are doing and have a great deal of skill in getting the information across in the sessions.

Speaking of sessions, you should check out the line-up of presentations.  I think you would be hard-pressed to not find something of interest to you.  In fact, there are 60 different products that you can choose from at the conference covering 20 topics.  It’s not limited to working within just Microsoft products either.  Working with Android?  No problem. There are sessions for that.  Want to know how to control devices within your environment check out the Intune session.  What about Project Cortex?  I am sure you have heard about that by now.  It’s the new kid on the block and sounds very exciting to me as I see huge benefits to it for all of my clients.  There will be multiple sessions on Cortex at the conference as well.  But don’t take my word for it check out all the sessions at!/sessions.

Another important consideration for this conference is that Microsoft while not the organizer is a key supporter.  There are going to be announcements that you haven’t heard yet at the conference.  You’ll get to find out about new features before others.  I can’t tell you what to expect cause I don’t even know yet what they are going to announce.

For those who follow my posts on Twitter, LinkedIn and here on my blog you know that I cover a wide variety of topics.  SharePoint Conference also provides a variety of topics.  Because there is such a variety I thought I might provide a few suggestions for some topics to keep an eye out for.

Security and Compliance

  • An Introduction to Microsoft Enterprise Mobility + Security

    • This session is given by Antonio Maio a known expert in Cloud Security and especially in the Microsoft Cloud.  If you are just starting out or looking for tips to better secure your environment I strongly suggest you check out Antonio’s session.
  • Exploring Conditional access to content stored in Office 365
    • Paul Hunt will provide some great information around protecting your tenant and the important information within using Conditional Access which is a tool in Azure AD for controlling how users are able to access information.
  • Protecting your Teams work across Office 365
    • Do you have Microsoft Teams or looking to roll out Microsoft Teams into your tenant for your organization to use?  You may want to check out Joanne Klein’s session to ensure the information you are sharing within Teams is protected both from improper sharing and also from improper retention.


Modernizing Your Data Retention. Moving Beyond the Created Date

Finally, I would like to discuss the session I am going to be covering for the conference.  I have been working with clients on their information governance for a while now.  Many file plans and retention schedules these days are still based on old physical records as opposed to digital media.  While it is possible for organizations to migrate a physical record retention schedule into a tool like Microsoft 365 (and many have) many are not aware of some advanced features that can be utlized to properly implement your required retention schedules.  I have seen companies that believe they are limited to retention based solely on when a document was created or perhaps when it was last created.  While these are both very viable options for building a retention schedule in Microsoft 365 there is more that can be used to support the corporation’s file plan.

In my session, I’ll take you beyond the created or modified date and show you different techniques to implement your schedule as your organization requires.  Along the way, I’ll cover some more advanced techniques you can use to ensure your data is maintained or removed as required by your internal processes.   My hope is to show you the art of the possible when it comes to information governance in Microsoft 365, specifically how you can retain your data.

Microsoft 365 Compliance and Security – Actions in the Compliance Manager

As I covered in my previous post abut Compliance Score and Compliance Manager, Microsoft has provided a new interface to allow you to better protect your environment and your data.  As you increase the compliance score of your tenant you can realize further protections of your data contained within the system.  In this post, I will cover completing actions in the compliance manager to increase the compliance score of your environment.

Read more