Describe information protection and data lifecycle management in Microsoft Purview Flashcards

1
Q

Microsoft Purview Information Protection and Data Lifecycle Management

A
  1. Information Protection: Microsoft Purview Information Protection helps discover, classify, and protect sensitive and business-critical content throughout its lifecycle in your organization.
  2. Know Your Data: Purview enables organizations to understand their data landscape and identify important data across on-premises, cloud, and hybrid environments using trainable classifiers, activity explorer, and content explorer.
  3. Protect Your Data: Organizations can apply flexible protection actions, including encryption, access restrictions, and visual markings, to safeguard their data.
  4. Prevent Data Loss: Purview helps detect risky behaviour and prevent accidental oversharing of sensitive information through features like data loss prevention policies and endpoint data loss prevention.
  5. Data Lifecycle Management: Microsoft Purview Data Lifecycle Management allows organizations to manage the content lifecycle, import, store, and classify business-critical data to meet compliance and regulatory requirements.
  6. Govern Your Data: Purview enables organizations to automatically keep, delete, and store data and records in a compliant manner using capabilities like retention policies, retention labels, and records management.

Microsoft Purview Information Protection and Data Lifecycle Management work together to provide organizations with the tools and capabilities to understand, protect, prevent data loss, and govern their data throughout its lifecycle.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Data Classification in Microsoft Purview

A
  1. Knowing Your Data: Organizations need to identify and understand their data across the estate to ensure compliance and proper handling.
  2. Data Classification: Microsoft Purview offers data classification capabilities and tools in the compliance portal to help organizations identify important information. These include sensitive information types, trainable classifiers, content explorer, and activity explorer.
  3. Information Protection: Identifying and classifying sensitive items is the first step in the Information Protection discipline.
  4. Manual Classification: Users can manually classify data items based on their knowledge and understanding of the content.
  5. Automated Pattern Recognition: Purview uses automated pattern recognition, such as sensitive information types, to identify and classify sensitive items automatically.
  6. Machine Learning: Purview leverages machine learning to continuously improve data classification accuracy and efficiency.

By leveraging manual classification, automated pattern recognition, and machine learning, organizations can effectively identify and classify their sensitive data in Microsoft Purview, enabling better data management, compliance, and protection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Sensitive Information Types in Microsoft Purview

A
  1. Sensitive Information Types (SIT): SITs are pattern-based classifiers used to identify sensitive information based on specific patterns or formats.
  2. Built-in Sensitive Information Types: Microsoft Purview provides numerous built-in SITs that cover common types of sensitive information, such as credit card numbers, passport or identification numbers, bank account numbers, and health service numbers.
  3. Regular Expressions and Functions: Sensitive information types are defined using regular expressions (regex) or functions that match specific patterns.
  4. Custom Sensitive Information Types: Organizations can create custom sensitive information types in Purview to address their unique requirements, such as employee IDs or project numbers.
  5. Exact Data Match (EDM) Classification: Purview supports EDM classification, which allows the creation of custom sensitive information types based on exact values in a database of sensitive information.
  6. Classification Capabilities: Data classification in Microsoft Purview includes the ability to identify and classify sensitive information using both built-in and custom sensitive information types.

By leveraging the built-in sensitive information types and creating custom types, organizations can effectively classify and protect sensitive data in Microsoft Purview, ensuring compliance and data privacy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Trainable Classifiers in Microsoft Purview

A
  1. Trainable Classifiers: Trainable classifiers in Microsoft Purview use artificial intelligence and machine learning to classify data based on its content, rather than pattern matching. They are useful for classifying unique organizational data, such as specific contracts, invoices, or customer records.
  2. Pre-trained Classifiers: Microsoft provides pre-trained classifiers that are ready to use without any additional training. These classifiers cover categories like resumes, source code, harassment, profanity, and threats.
  3. Custom Trainable Classifiers: Purview supports the creation and training of custom classifiers to classify organization-specific data. These classifiers require a seeding process, where positive samples of the desired content category are provided to create a prediction model.
  4. Model Testing and Verification: The prediction model is tested to ensure its accuracy in distinguishing between items that match the content category and those that don’t. Manual verification of the prediction results helps improve the model’s accuracy.
  5. Publishing and Content Classification: Once the accuracy score of the model stabilizes, the trainable classifier can be published. It can then be used to classify content in locations such as SharePoint Online, Exchange, and OneDrive.
  6. Encryption Limitations: Currently, trainable classifiers only work with items that are not encrypted. Encrypted content is not processed by the classifiers.

By utilizing pre-trained classifiers or creating custom trainable classifiers, organizations can leverage AI and machine learning to accurately classify their data based on its content, enabling better organization and governance of their information assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Understand and explore the data

A

Data classification can involve large numbers of documents and emails.

To help administrators to easily derive insights and understanding, the overview section of the data classification pane in compliance portal provides many details at a glance, including:

  • The number of items classified as sensitive information and which classifications they are.
  • Details on the locations of data based on sensitivity.
  • Summary of actions that users are taking on sensitive content across the organization.

Administrators can also use the content and activity explorers to gain a deeper understanding and guide their actions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the content explorer?

A

The content explorer is available as a tab in the data classification pane of compliance portal.

It enables administrators to gain visibility into the content that has been summarized in the overview pane.

Access to content explorer is highly restricted because it makes it possible to read the contents of scanned files.

There are two roles that grant access to content explorer:

*Content explorer list viewer.
*Content explorer content viewer.

Anyone who wants to access content explorer must have an account in one or both of the role groups.

With content explorer, administrators get a current snapshot of individual items that have been classified across the organization.

It enables administrators to further drill down into items by allowing them to access and review the scanned source content that’s stored in different kinds of locations, such as Exchange, SharePoint, and OneDrive.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Activity Explorer in Microsoft Purview

A
  1. Activity Explorer: The Activity Explorer in Microsoft Purview provides visibility into the discovery and labelling of content, as well as tracking activities performed on labelled content across the organization.
  2. Monitoring Labelled Content: Admins can use Activity Explorer to monitor activities related to labelled content, including document-level actions such as label changes and downgrades (e.g., changing a label from confidential to public).
  3. Filtering and Details: Activity Explorer offers filters to view specific label details, such as file types, users, and activities associated with a particular label. This helps admins understand the actions taken on labelled content over time.
  4. Analysing Activities: Admins can analyse various activity types, including file copying to removable media, file copying to network shares, label application, and label changes. These activities provide insights into how sensitive content is being handled.
  5. Comprehensive Filters: More than 30 filters are available in Activity Explorer, allowing admins to analyse data based on location, user, sensitivity label, retention label, and other relevant parameters.
  6. Evaluating Controls: Activity Explorer helps admins assess the effectiveness of existing controls, such as data loss prevention policies. By understanding the actions taken with sensitive content, admins can identify any undesirable behaviour and update policies accordingly.

By utilizing the Activity Explorer in Microsoft Purview, organizations can gain insights into the usage and handling of labelled content, enabling them to make informed decisions to enhance data protection and mitigate risks effectively.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Sensitivity Labels in Microsoft Purview

A
  1. Sensitivity Labels: Sensitivity labels in the Microsoft Purview compliance portal enable organizations to label and protect content without disrupting productivity and collaboration.
  2. Customizable Labels: Admins can create customized sensitivity label categories specific to the organization, such as Personal, Public, Confidential, and Highly Confidential.
  3. Clear Text Storage: Sensitivity labels are stored in clear text within the metadata of the content. This allows third-party apps and services to read the labels and apply their own protective actions, if required.
  4. Persistence: Once a sensitivity label is applied to content, it is stored in the metadata of the email or document. The label moves with the content, including its protection settings, and serves as the basis for applying and enforcing policies.
  5. Single Label per Item: Each item supporting sensitivity labels can have only one label applied to it at any given time.
  6. Configuration Options: Sensitivity labels can be configured to encrypt email or both email and documents. They can also mark content when Office apps are used, apply labels automatically or recommend them, protect content in containers, extend labels to third-party apps and services, and classify content without applying specific protection settings.
  7. Roaming Classification: Sensitivity labels can be assigned as a classification to content, persisting and roaming with the content as it is used and shared. This classification can be used for generating usage reports and tracking activity data for sensitive content.

By leveraging sensitivity labels in Microsoft Purview, organizations can effectively label and protect their content while maintaining control and compliance across their data ecosystem.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Label Policies for Sensitivity Labels

A
  1. Publishing Sensitivity Labels: Sensitivity labels need to be published through label policies to make them available to users and services in the organization.
  2. Users and Groups: Label policies allow admins to choose specific users, distribution groups, Microsoft 365 groups, and more to whom sensitivity labels will be published.
  3. Default Label: Admins can apply a default sensitivity label to all new emails and documents created by the specified users and groups. Users have the flexibility to change the default label if necessary.
  4. Label Change Justifications: Admins can require users to provide valid justifications when removing or replacing a sensitivity label. This helps maintain accountability and ensures proper label management.
  5. Mandatory Labelling: Label policies can be configured to require users to apply a sensitivity label before saving documents, sending emails, or creating new sites or groups.
  6. Custom Help Pages: Admins have the option to link users to custom help pages that provide guidance on the meaning and proper usage of different sensitivity labels.
  7. Enforced Protection Settings: Once a sensitivity label is applied to an email or document, any protection settings configured for that label will be enforced on the content.

By utilizing label policies for sensitivity labels, organizations can effectively control and manage the application of labels across their users and ensure consistent data protection and compliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Data Loss Prevention (DLP) Policies in Microsoft Purview

A
  1. Protecting Sensitive Information: Data loss can have severe consequences for organizations. Admins can use DLP policies in Microsoft Purview to identify, monitor, and automatically protect sensitive information across Microsoft 365 services such as OneDrive for Business, SharePoint Online, Microsoft Teams, and Exchange Online.
  2. User-Friendly Compliance: DLP policies enable admins to educate users about compliance without disrupting their workflow. Users receive email notifications and policy tips when attempting to share documents containing sensitive information.
  3. DLP Reports: Admins can access DLP reports to track matches with organization-wide DLP policies over time, allowing assessment of compliance adherence.
  4. Rule-Based Enforcement: DLP policies consist of rules that enforce specific conditions and actions for sensitive content. Admins define conditions that content must meet and specify actions to be taken automatically when conditions are matched.
  5. Policy Application: DLP policies can be applied to various locations such as Exchange, SharePoint, OneDrive, and more, ensuring comprehensive protection across different Microsoft 365 services.
  6. Scenarios for DLP Policies: DLP policies help in scenarios like identifying credit card numbers in OneDrive accounts or blocking outbound emails containing personal employee information.
  7. Policy Hierarchy: DLP policies can contain multiple rules, and rules are prioritized for implementation within a policy. Prioritization ensures the appropriate actions are taken based on rule conditions.

By implementing DLP policies, organizations can proactively prevent data loss and safeguard sensitive information across Microsoft 365 services, maintaining compliance and protecting their customers, business processes, and reputation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Endpoint Data Loss Prevention (Endpoint DLP)

A
  1. Extending DLP to Endpoints: Endpoint DLP expands the capabilities of Data Loss Prevention (DLP) to sensitive items physically stored on Windows 10, Windows 11, and macOS devices (Catalina 10.15 and higher).
  2. Monitoring User Activities: With Endpoint DLP, admins can audit and manage user activities related to sensitive content on endpoints. Examples include creating, renaming, copying to removable media, copying to network shares, printing documents, and accessing items through unallowed apps and browsers.
  3. Activity Explorer: The Activity Explorer provides a view of user activities performed on sensitive content. Admins can monitor and analyse these activities to enforce protective actions and ensure compliance.
  4. Protective Actions and Policies: Based on the insights from the Activity Explorer, admins can establish controls and policies to enforce protective actions on sensitive content accessed through endpoints.

Endpoint DLP enhances data protection by extending monitoring and control capabilities to the endpoints where sensitive information resides. By effectively managing user activities and enforcing protective measures, organizations can mitigate the risk of data loss and maintain security and compliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Data Loss Prevention (DLP) in Microsoft Teams

A
  1. DLP in Microsoft Teams: Data loss prevention capabilities have been extended to Microsoft Teams, covering chat and channel messages, including private channels. DLP policies can prevent users from sharing sensitive information in Teams conversations, including messages and files.
  2. Policy Tips: DLP policy tips are displayed to users when a policy is triggered, explaining why their message or file sharing has been blocked. Users receive real-time feedback on compliance requirements to make informed decisions.
  3. Understanding Policy Blocks: Users can click on the “What can I do?” link to learn more about why their message or file was blocked. This helps users understand the policy violation and take appropriate actions.
  4. Collaboration with Compliance: By implementing DLP policies in Microsoft Teams, organizations can enable secure collaboration while adhering to compliance requirements. Teams provides a secure environment for communication and file sharing, reducing the risk of data loss.

DLP in Microsoft Teams enhances data protection and promotes secure collaboration within organizations. With policy tips and user guidance, Teams users can ensure they communicate and share information in a compliant manner, safeguarding sensitive data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Retention Labels and Policies

A
  1. Purpose of Retention Labels and Policies: Retention labels and policies help organizations manage and govern information by specifying how long content should be retained and when it should be permanently deleted.
  2. Compliance and Risk Reduction: Applying retention labels and policies allows organizations to comply with industry regulations and internal policies that require content to be retained for a specific duration. It also reduces the risk associated with litigation or security breaches by securely deleting old content that is no longer required.
  3. Seamless User Experience: Retention settings do not disrupt users’ workflows. Content remains in its original location, and users can continue working with their documents or emails as usual. If content subject to retention settings is edited or deleted, a secure copy is automatically preserved without users needing to be aware of it.
  4. Supported Workloads: Retention settings can be applied to content in SharePoint, OneDrive, Microsoft Teams, Yammer, and Exchange. This ensures consistent retention across various collaboration and communication platforms.
  5. Key Points to Understand: When using retention labels and policies, it’s important to consider various aspects such as the retention duration, actions on expired content, exceptions, and the specific capabilities of each workload. Refer to the “Compare capabilities for retention policies and retention labels” resource for a comprehensive list of key points.

Retention labels and policies provide organizations with a proactive approach to managing data retention, enabling compliance, reducing risk, and ensuring a seamless user experience across different workloads.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Retention policies

A

Retention policies are used to assign the same retention settings to content at a site level or mailbox level.

A single policy can be applied to multiple locations, or to specific locations or users.

Items inherit the retention settings from their container specified in the retention policy.

If a policy is configured to keep content, and an item is then moved outside that container, a copy of the item is kept in the workload’s secured location.

However, the retention settings don’t travel with the content in its new location.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Retention labels

A

Retention labels are used to assign retention settings at an item level, such as a folder, document, or email.

An email or document can have only a single retention label assigned to it at a time.

Retention settings from retention labels travel with the content if it’s moved to a different location within your Microsoft 365 tenant.

Admins can enable users in the organization to apply a retention label manually.

A retention label can be applied automatically if it matches defined conditions.

A default label can be applied for SharePoint documents.
Retention labels support disposition review to review the content before it’s permanently deleted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Microsoft Purview Records Management

A
  1. Purpose of Records Management: Microsoft Purview Records Management helps organizations fulfil their legal obligations, demonstrate compliance with regulations, and increase efficiency by managing records across corporate data.
  2. Features of Records Management: Microsoft Purview Records Management includes various features, such as labelling content as a record, establishing retention and deletion policies, event-based retention, review and validation of disposition, proof of records deletion, and exporting information about disposed items.
  3. Marking Content as Records: When content is labelled as a record, certain activities may be restricted, activities are logged, and proof of disposition is kept at the end of the retention period.
  4. Retention Labels and Policies: Administrators set up retention labels to enable items to be marked as records. Items, such as documents and emails, can be marked as records based on these retention labels.
  5. Regulatory Records: Regulatory records provide additional controls and restrictions. Once an item is marked as a regulatory record, the regulatory label cannot be removed, and the retention periods cannot be shortened.
  6. Irreversible Consequences: Marking an item as a regulatory record can have irreversible consequences. This option is not available by default and must be enabled by the administrator using PowerShell.

Microsoft Purview Records Management offers organizations a comprehensive solution to manage records, ensure compliance, and streamline the disposition of items no longer required. Administrators can establish retention labels, mark content as records, and leverage regulatory records for enhanced controls and restrictions.

17
Q

Which part of the concept of know your data, protect your data, prevent data loss, and govern your data addresses the need for organizations to automatically retain, delete, store data and records in a compliant manner?

A. Know your data

B. Prevent data loss

C. Govern your data

A

C. Govern your data

Capabilities like retention policies, retention labels, and records management enable organizations to govern their data.

18
Q

As part of a new data loss prevention policy, the compliance admin needs to be able to identify important information such as credit card numbers, across the organization’s data. How can the admin address this requirement?

A. Use activity explorer

B. Use sensitivity labels

C. Use sensitive information types

A

C. Use sensitive information types

Microsoft provides built-in sensitive information types that you can use to identify data such as credit card numbers.

19
Q

Within the organization, some emails are confidential and should be encrypted so that only authorized users can read them. How can this requirement be implemented?

A. Use the content explorer

B. Use sensitivity labels

C. Use records management

A

B. Use sensitivity labels

Sensitivity labels help ensure that emails can only be decrypted only by users authorized by the label’s encryption settings.​​​

20
Q

Your organization uses Microsoft Teams to collaborate on all projects. The compliance admin wants to prevent users from accidentally sharing sensitive information in a Microsoft Teams chat session. What capability can address this requirement?

A. Use data loss prevention policies

B. Use records management capabilities

C. Use retention policies

A

A. Use data loss prevention policies

With data loss prevention policies, administrators can now define policies that can prevent users from sharing sensitive information in a Microsoft Teams chat session or Teams channel, whether this information is in a message, or in a file.​​​​​​

21
Q

Due to a certain regulation, your organization must now keep hold of all documents in a specific SharePoint site that contains customer information for five years. How can this requirement be implemented?

A. Use sensitivity labels

B. Use the content explorer

C. Use retention policies

A

C. Use retention policies

You can use retention policies to define data retention for all documents in a SharePoint site.