Tag - data classification

Making sense of the many DLP options in Microsoft 365

Making sense of the many DLP options for Microsoft 365

One of my readers wrote to me recently about an article that I penned a couple of years ago, on the topic of Data Loss Prevention in Microsoft 365. They pointed out that my breakdown was a bit dated now, and that the Microsoft universe seems to have become more...
Read more...
Announcing the Microsoft 365 SMB Data Protection Toolkit

Announcing the Microsoft 365 SMB Data Protection Toolkit

Perhaps you have noticed that it has been quieter around here in the last couple of months. Usually silence is an indicator that I've been a busy bee, working on some other endeavors. Today I am happy to announce that one of my labors has finally come to fruition (I...
Read more...
Simple Sensitivity Label design for the SMB

Simple Sensitivity Label design for the SMB

In the recent updates to the CIS Controls (v8), one of the most noticeable changes was the re-prioritization of Data Protection (now Control #3, up from #13 previously). This control calls out a number of safeguards: inventory of sensitive data and data classification is among them. Sensitivity labels can help...
Read more...
There is no panacea, there is no silver bullet

There is no panacea, there is no silver bullet

I had a really interesting question come up during one of my recent online courses. One of the participants asked whether device management, and even MAM (application-based management) were necessary anymore, now that we have stuff like MIP and Sensitivity Labels. I was taken aback by this question and I...
Read more...

Behold: The Power of Sensitivity Labels

Even though some people are aware of the concepts of Data Classification and tools such as Microsoft 365 Sensitivity Labels, I do not think that many of us out there have yet grasped the full implications, or taken the long view, so to speak. Note: this is a longer read....
Read more...

The many ways to prevent data leakage in Microsoft 365

Office 365 Data Loss Prevention (DLP), Windows Information Protection (aka Endpoint DLP), Conditional Access App Enforced Restrictions, Conditional Access App Control with Microsoft Cloud App security, Sensitivity labels, Retention labels--are you thoroughly confused yet? All of the above can help you to prevent the leakage of sensitive data under certain...
Read more...

Protecting extra-sensitive accounts and data sets in Microsoft 365, Part 2: Apps and Data

Last time we looked at some additional identity-based protections that are possible via additional subscriptions like Enterprise Mobility + Security E5 (which contains Azure AD Premium P2). In this post, we'll work within the same framework, but shift our focus from identity, towards protections which can be applied to apps and...
Read more...

Teams, SharePoint and OneDrive best practices? Part 3: Data governance

In part 1 of this series, we discussed external sharing and chat. In part 2, we dealt with access controls and notifications. Now, we turn our focus to Data governance, a very important conversation indeed when it comes to compliance. And when it comes to compliance, every organization is going to...
Read more...

Two philosophies for deploying Microsoft Teams in an organization

IT admins throughout the world subscribe to one of two worldviews today: Control mindset: IT's job is to control and restrict, and of course, to protect the clueless users from all of those scary threats out there in the world today (including themselves)Empower mindset: IT's job is to educate and...
Read more...

Helping IT Consultants Succeed in the Microsoft Cloud

Have a Question? Contact me today.