You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/purview/concept-best-practices-sensitivity-labels.md
+21-5Lines changed: 21 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,14 +6,17 @@ ms.author: athenadsouza
6
6
ms.service: purview
7
7
ms.subservice: purview-data-map
8
8
ms.topic: conceptual
9
-
ms.date: 12/14/2021
9
+
ms.date: 01/12/2022
10
10
ms.custom: ignite-fall-2021
11
11
---
12
12
13
13
# Labeling best practices
14
14
15
-
Azure Purview supports labeling of both structured and unstructured data stored across various data sources. Labeling of data within Purview allows users to easily find data that matches pre-defined autolabeling rules that have been configured in the Microsoft 365 Security and Compliance Center(SCC). Azure Purview extends the use of Microsoft 365 sensitivity labels to assets stored in infrastructure cloud locations and structured data sources.
15
+
Azure Purview supports labeling of both structured and unstructured data stored across various data sources. Labeling of data within Purview allows users to easily find data that matches pre-defined auto-labeling rules that have been configured in the Microsoft 365 Security and Compliance Center(SCC). Azure Purview extends the use of Microsoft 365 sensitivity labels to assets stored in infrastructure cloud locations and structured data sources.
16
16
17
+
## Protect Personal Identifiable Information(PII) with Custom Sensitivity Label for Azure Purview, using Microsoft Information Protection
18
+
19
+
Storing and processing of Personal Identifiable Information is subject to special protection. With referring to Regulations labeling of Personal Identifiable Information data is crucial to identify and label sensitive information. The detection and labeling tasks of Personal Identifiable Information can be used on different stages of your workflows and because Personal Identifiable Information is ubiquitous and fluid in your organization it is important to define identification rules for building policies that suit your individual situation
17
20
18
21
## Why do you need to use Labeling within Azure Purview?
19
22
@@ -30,18 +33,19 @@ It also abstracts the data itself, so you use labels to track the type of data,
30
33
31
34
### Label considerations
32
35
33
-
- If you already have Microsoft 365 sensitivity labels in use in your environment, it is recommended that you continue to use your existing labels rather than making duplicate or more labels for Purview. This allows you to maximize the investment you have already made in the Microsoft 365 compliance space and ensures consistent labeling across your data estate.
36
+
- If you already have Microsoft 365 sensitivity labels in use in your environment, it is recommended that you continue to use your existing labels rather than making duplicate or more labels for Purview. This approach allows you to maximize the investment you have already made in the Microsoft 365 compliance space and ensures consistent labeling across your data estate.
34
37
- If you have not yet created Microsoft 365 sensitivity labels, it is recommended that you review the documentation to [Get started with sensitivity labels](/microsoft-365/compliance/get-started-with-sensitivity-labels). Creating a classification schema is a tenant-wide operation and should be discussed thoroughly before enabling it within your organization.
35
38
36
39
### Label recommendations
37
40
38
41
- When configuring sensitivity labels for Azure Purview, you may define autolabeling rules for files, database columns, or both within the label properties. Azure Purview will label files within the Purview data map when the autolabeling rule is configured to automatically apply the label or recommend that the label is applied.
39
42
40
-
[!WARNING] If you have not already configured autolabeling for files and emails on your sensitivity labels, keep in mind this can have user impact within your Office and Microsoft 365 environment. You may however test autolabeling on database columns without user impact.
43
+
> [!WARNING]
44
+
> If you have not already configured autolabeling for files and emails on your sensitivity labels, keep in mind this can have user impact within your Office and Microsoft 365 environment. You may however test autolabeling on database columns without user impact.
41
45
42
46
- If you are defining new autolabeling rules for files when configuring labels for Purview, make sure that you have the condition for applying the label set appropriately.
43
47
- You can set the detection criteria to **All of these** or **Any of these** in the upper right of the autolabeling for files and emails page of the label properties.
44
-
- The default for this is **All of these** which means that the asset must contain all of the specified sensitive info types for the label to be applied. While this may be valid in some instances, many customers prefer to change this to **Any of these** meaning that if at least one of them is found the label is applied.
48
+
- The default setting for detection criteria is **All of these** which means that the asset must contain all of the specified sensitive info types for the label to be applied. While the default setting may be valid in some instances, many customers prefer to change the setting to **Any of these** meaning that if at least one of them is found the label is applied.
45
49
46
50
:::image type="content" source="media/concept-best-practices/label-detection-criteria.png" alt-text="Screenshot that shows detection criteria for a label.":::
47
51
@@ -50,6 +54,18 @@ It also abstracts the data itself, so you use labels to track the type of data,
50
54
51
55
- For consistency in labeling across your data estate, if you are using autolabeling rules for files, it is recommended that you use the same sensitive information types for autolabeling database columns.
52
56
57
+
-[Define your sensitivity labels via Microsoft information Protection is recommended to identify your Personal Identifiable Information at central place](/microsoft-365/compliance/information-protection).
58
+
-[Use Policy templates as a starting point to build your rulesets](/microsoft-365/compliance/what-the-dlp-policy-templates-include#general-data-protection-regulation-gdpr).
59
+
-[Combine Data Classifications to an individual Ruleset](./supported-classifications.md).
60
+
-[Force Labeling by using auto label functionality](./how-to-automatically-label-your-content.md).
61
+
- Build groups of Sensitivity Labels and store them as dedicated Sensitivity Label Policy – for example store all required Sensitivity Labels for Regulatory Rules by using the same Sensitivity Label Policy to publish.
62
+
- Capture all test cases for your labels and test your Label policies with all applications you want to secure.
63
+
- Promote Sensitivity Label Policies to Azure Purview.
64
+
- Run test scans from Purview on different Data Sources (for Example Hybrid-Cloud, On-Premise) to identify Sensitivity Labels.
65
+
- Gather and consider insights (for example by using Purview insights) and use alerting mechanism to mitigate potential breaches of Regulations.
66
+
67
+
By using Sensitivity Labels with Azure Purview you are able to extend your Microsoft Information Protection beyond the border of Microsoft Data Estate to your On-prem, Hybrid-Could, Multi-Cloud and SaaS Scenarios.
68
+
53
69
## Next steps
54
70
55
71
-[Get started with sensitivity labels](/microsoft-365/compliance/get-started-with-sensitivity-labels).
0 commit comments