Microsoft Information Protection
Information security and data loss prevention are vital to protecting your valuable business data. The team at CompanyNet are experts in best practice around Microsoft Information Protection, compliance, retention and sensitivity labelling.
Why is Information Protection so important?
Microsoft Information Protection (MIP) is essential for organisations seeking to safeguard their sensitive data in an increasingly digital and threat-laden business environment.
Firstly, MIP facilitates comprehensive data classification and labelling, enabling organisations to categorise information based on sensitivity. This classification helps ensure compliance with various regulations, such as GDPR and HIPAA, by enabling organisations to manage and protect personal and sensitive data appropriately.
Additionally, MIP integrates seamlessly with existing Microsoft 365 tools, offering a unified approach to data protection. This integration allows users to easily apply policies across applications, ensuring that protective measures remain consistent regardless of where the data resides.
In light of the growing threat landscape, including ransomware and phishing attacks, MIP equips organisations with the tools needed to respond effectively to potential security incidents.
Its capabilities extend beyond traditional data protection, encompassing advanced analytics and insights that help organisations understand their data usage patterns and identify vulnerabilities. By leveraging this knowledge, businesses can adapt their safeguarding strategies to enhance resilience against evolving threats.
Microsoft Information Protection is indispensable for modern organisations aiming to navigate the complexities of data governance and protection. Its comprehensive features not only address regulatory compliance and security needs but also enhance organisational agility and resilience in the face of persistent cyber threats. By investing in MIP, organisations position themselves to protect their most valuable asset — their data, while fostering a culture of security awareness and compliance across their workforce.
Microsoft 365 Retention Policy
Retention policies in Microsoft 365 ensure that your organisation is proactively adhering to regulations and retaining content for a required minimum period of time. This time limit may be set by an industry body or regulator within your sector, or be self-imposed by your own internal requirements.
Retention policies in Microsoft 365 help you achieve a number of goals. They reduce your legal exposure if litigation is brought against your organisation, and reduce your risk if you are involved in a security breach. They also help your organization to share knowledge more effectively and be more agile, by ensuring that your users are working only with information that’s current and relevant to their jobs.
By enforcing the retention of data that you are legally required to retain, and permanently deleting old content that you’re no longer required to keep, retention policies help take the human element out of information management, automating tasks that would otherwise be very difficult for your staff to keep on top of.
Ultimately, retention policies in Microsoft 365 and Office 365 perform two very simple tasks in order to manage your content:
Retention
Content is retained by policy, meaning it can’t be deleted before the end of a fixed period.
Deletion
Content is deleted automatically and permanently once the defined period comes to an end.
Benefits of retention policies with Microsoft 365
Retention and deletion policies help you keep on top of your data costs, too.
Keeping huge amounts of ‘Redundant, Obsolete and Trivial’ information – also known as ‘ROT’ – can cost your business, in terms of storage, management, compliance, and search and discovery capabilities. By ensuring the correct deletion of information you no longer need, you will not only be protecting your organisation, but saving it money.
What’s the end-state vision of an organisation protected by retention policies? Key benefits of Microsoft 365 Retention Policies include:
Data Protection
Our valuable business data is protected by Microsoft 365.
Compliance
We are compliant with industry/legal standards.
Backup of Data
Information can’t be accidentally or maliciously deleted or lost.
Keep the Necessary
We ensure information we’re required to keep is kept.
Disposal
We properly dispose of information we are not allowed to keep.
Cost-efficient
We are efficient and not paying over the odds for data storage.
Creating retention policies in Office 365
Until recently, there was a combined ‘Office 365 Security and Compliance Center’.
However, this has now been split into two separate destinations: the Microsoft 365 Security Center and the Microsoft 365 Compliance Center. Retention labels are available in both; retention policies can only be found in the Compliance Center.
Retention policies and retention labels are not available to everyone in Office 365; you have to be licensed correctly. For a feature like auto-labelling, for instance, all users who can edit a file would require an Office 365 E5 enterprise licence.
Information Protection:
Watch the video
Learn how to protect and manage your organisation’s vital business data in Microsoft 365 and Office 365 with this webinar from CompanyNet. Presented by our Microsoft Information Protection expert, Dave Campbell, it includes vital information on sensitivity labels, retention policies and DLP.
We hope it gives you a taste of how CompanyNet can help you implement to protect your business data.
How to apply retention in Office 365
There are two main routes to Retention and Deletion of information in Office 365.
They are not designed to be used in isolation – typically, your information protection scheme would make use of both.
Retention Labels
Retention labels can do disposition reviews, event-based retention, and more. However, you can only use them to manage SharePoint, OneDrive, Office 365 Groups, and Exchange (email) content.
Retention Policies
Retention policies can manage all the content retention labels can. In addition, they can be applied to Microsoft Teams, Skype for Business and Exchange public folder content.
Both of these perform the same actions: retaining content so that it can’t be permanently deleted before the end of the retention period, and deleting content permanently. One of or both actions can be performed by a single policy or a label.
Retain: Ensure information is kept for X years after creation. At the end of that period, do nothing.
Retain & Delete: Ensure information is kept for X years after creation. At the end of that period, delete it.
Delete: When information is created, do nothing. After a period of X years has passed, ensure it is deleted.
Microsoft 365 Sensitivity Labels
Discover Sensitivity Labels in Microsoft 365, which is a powerful way to ensure that your critical organisational information remains secure and well-managed in a world where sharing is the norm, without impacting efficiency.
Part of the Microsoft Information Protection suite, sensitivity labels are available with certain Office 365 licenses.
Sensitivity labels are a key feature in the Microsoft 365 Information Security suite. They mark up content such as documents and emails, in a way that makes users aware of the need to protect the information. They can also be used to encrypt that content, and to monitor it once labelled.
A document or email that has had a Microsoft 365 Sensitivity Label applied may have a ‘watermark’ across it, or a header or footer stating the security level.
Labels are persistent in that they remain attached to your content, meaning you can be sure they are still working even if a document leaves your organisation.
Sensitivity labels form part of the Microsoft Information Protection toolset for Microsoft 365 and Office 365. They are distinct from retention labels – any given document can have one sensitivity label and one retention label.
Applying sensitivity labels in Office 365
When you apply a sensitivity label in Microsoft 365, your content (such as a document or email), will have that label’s security properties applied to it. This could simply be a watermark, a header or a footer, or it could be advanced file encryption.
Sensitivity labels can be applied directly from within Office 365 apps such as Word, PowerPoint, Excel and Outlook. They can also be applied automatically by Microsoft 365 – such as if you save a document in a document library in SharePoint, Microsoft Teams or OneDrive which is set up to apply a particular label. This is also the case for sites and groups across Office 365, which can have a default label applied to any files stored there.
Furthermore, Office 365 can detect sensitive content using artificial intelligence and pattern matching. For example, you could have it set up to automatically apply a label to any document containing passport numbers, UK National Insurance numbers, or credit card numbers.
This proactively prevents users from accidentally sharing personal data with the outside world, or even with different units within your own organisation.
It’s important to note that a label can be created that prevents users from downgrading it to a lower sensitivity level. So if a ‘high sensitivity’ label is applied, it may require the user to provide justification for reducing the sensitivity level, or prevent them from doing so altogether.
Licensing and Microsoft 365 sensitivity labels
Whether you can use this feature is governed by your Microsoft 365 or Office 365 licensing.
In order to use sensitivity labels, you must be paying for the correct licence. Note that you may be able to access the feature even if you are not licensed for it – it is up to you to ensure you are legally compliant. If you use it without licensing, and are subsequently audited, you could find yourself being billed for unexpected costs (or worse).
If you have concerns about your Office 365 or Microsoft 365 licensing, the team at CompanyNet is happy to help. We know it is one of the trickiest areas to navigate; our licensing experts have not only helped our customers understand and optimise their licensing, but have saved businesses significant amounts of money on licenses they did not need.
FAQs
Get in touch
We know Information Security in Microsoft 365 is a challenging topic. That’s where CompanyNet can help your organisation. We have plenty of experience implementing information protection for organisations of all sizes – from household names and public sector organisations to small businesses.
Our subject matter experts have in-depth, up-to-date specialist knowledge of sensitivty labels and retention policies, as well as the wider Office 365 and Microsoft 365 field. We can help you master information security in Office 365.
If you’d like to discuss your requirements, drop us a line – we’d be happy to help.
Let’s talk
Fill in the form to discuss your options with one of our specialists and get a free assessment of your environment.
What you’ll get from the assessment:
- An understanding of how your business can develop a Modern Workplace
- Clear advice on any challenges your business may face and how to overcome them
- A clear pathway for your business to take, with guidance on adoption and deployment