 Information Barriers is an effective way to ensure wrong information isn’t used by Microsoft Copilot for Microsoft 365. Copilot only surfaces organizational data that users have minimum view permissions on. This is why it's important to use permission models available in Microsoft 365 services and Purview technology. Such as Information Barriers to completely block the access between certain user groups, helping ensure that the right user groups have the correct access to the appropriate content within your organization when using Copilot. Imagine another scenario where you want to prevent communication between different schools. This helps to protect their privacy and ensures that their personal information is not exposed to potential threats or unauthorized individuals. By using this technology, schools can demonstrate their commitment to protecting student information and providing a secure learning environment for all. With the rise of privacy concerns and the need to protect student information, it becomes necessary to implement Information Barriers to prevent these younger students from being searchable or visible in the school's system. By utilizing this solution, the school district can ensure that only authorized personnel can access student email addresses. Creating a secure environment with Information BarriersBy implementing Purview Information Barriers, organizations that want to get a balance between technology-driven collaboration, privacy, and security. These barriers not only protect sensitive information but also foster a safe and secure the environment for the users. Understanding Information BarriersIt is crucial to understand the concepts underlying information barriers (IBs), to be able to use this solution in an effective and functional way. In short, Information barriers are policies that block communication and sharing between what’s called segments in an organization. Segments are defined on user attributes for example the Entra ID attributes “Department”, “Job title” or “City”. The policy blocking is supported in these workloads: Teams, SharePoint, and OneDrive. Information Barriers policies can block these kinds of actions between segments:  IB uses policies to determine communication limits or restrictions between the segments. When defining IB policies, you can create two kinds of policies: One-way blocking For users defined in the “HR Segment”, the users and information in the “Day Trader Segment” won't be visible to users included in “HR Segment”. But the users in the “Day Trader Segment” will see users and information in the “HR Segment” Two-way blocking For users defined in both the “Marketing Segment” and the “Day Trader Segment” the users and information in each segment won't be visible to users included in the opposite segment. Non-block Simply no IB policy block and the users can communicate freely between the departments.  When IB policies are configured as above, this will be the outcome in Teams when searching for a user in a segment that is blocked.  
0 Comments
If you're looking for a way to keep your organization's data organized and secure, you should definitely check out the Microsoft Purview Compliance: Data Lifecycle Management (DLM) solution. The DLM (formerly Microsoft Information Governance) solution offers a range of tools and features to help you provides the capability to manage regulatory, legal, and business-critical records, as well as disposition reviews and proof of disposition, for the legal and regulatory demands that exist, such as GDPR. By managing your content in this way, you can ensure that you are effectively meeting your business needs while also adhering to industry standards and requirements, and you will not need to manually ensure that the information is deleted on time anymore. This post will show how to get started so you can keep your data safe and deleted in time. Why is Data Lifecycle Management important? It is important to remember that businesses of all sizes are vulnerable to security breaches and threats. Bad actors simply want to harm your business. As a business owner, it is your responsibility to protect the important data of your customers, employees, and stakeholders. By proving good planning for information governance with DLM, you can show that you are a responsible business owner that cares about all parties involved in your business operations.
 Retention Labels The Retention labels allow you to specify whether data should be retained forever or for a specific period if it is edited or deleted by users. Alternatively, you can configure the label to delete the content automatically and permanently after a specified period if it has not already been deleted. You can also retain an email or file for one year and then deleting it or using the Disposition Review function, where an admin needs to review all files that is ready to be deleted. The Disposition Review is recommended to use on the most critical information to keep track of it and when it should be deleted or relabelled. Retained means that the content is “in hold” and that will prevent permanent deletion, if a user delete a retained file it will still remain available for eDiscovery The majority of the time, users don’t even need to be aware that their data has retention settings. The retain setting is useful for content such as invoices and contracts that must remain in a certain time. Retention Label Policy Retention label policy’s play a crucial role in managing the lifecycle of data. These policy’s will determine the scope for your Retention labels to take effect and can be used for Microsoft 365 workloads such as Exchange, SharePoint, OneDrive, Teams, and Yammer. When setting up a retention label policy, you have the option to target all instances within your organization e.g., all mailboxes and all SharePoint sites or specific instances for example only the mailboxes for certain departments or regions, or specific SharePoint sites. Requirements before you start Licensing: M365 A5/A5 Compliance M365 E5/E5 Compliance M365 F5 Security+Compliance/F5 Compliance O365 E5 For more detailed licensing info see: Microsoft Purview Data Lifecycle Management Licensing - Microsoft Learn You must have the Data Lifecycle Management permissions when using this solution, auditing must be enabled in order to manage disposition reviews and verify that records have been deleted. Before implementing this technical solution you need to make sure that you have a framework in place for how it should be managed and who owns which information, and also who will handle the disposition reviews, etc. How to use Data Lifecycle Management I will provide a simple example of how you can implement the DLM: Microsoft 365 solution in your company. The example will show a retention label with settings to automatically retain the files with the specific label and remove them after a specified amount of time has passed since the file was created. I have also add a disposition reviewer (DR) that will review each file that is scheduled for deletion. So, the label configuration will be as follows.  This is just one example, in your organization, you must specify how your data should be managed. In this stage, we choose the label settings that will allow labelled files to be retained for the specified amount of time that we set in the next step.  Here, we select the retention period. As you can see, there are several settings available that you can use to customize the labels to fit your organizations needs during the configuration stage.  And the last step in the label configuration is to set a disposition reviewer that will handle all labelled files that is scheduled for deletion.  Configuring the retention label policy, which will specify the scope of our label or labels, this is the following step. Here, we'll go with static, but you could also choose adaptive if you wish to base the scope on organizational attributes.  When we are using the static setting we basically define the scope from Microsoft 365 locations and not attributes as in the adaptive setting.  The outcome of this configuration will be that all all files in SharePoint marked with our Retention label, will now be retained for seven years from when it was created. Then being sent to the Disposition Reviewer, who will decide whether the data needs to be removed at that point. While using the static setting, a recommendation is to label the parent directory so that all files inside will be labelled automatically. You will never have to manually manage and remove your data again if you use this solution. You can relax and let the DLM solution effectively manage everything in time. Feel free to contact me for more information! The biggest fear for the modern organization is that their data leaks and that their sensitive data gets stolen. Many organizations are struggling with how to manage their data because they don’t have a full understanding of the huge risks with manage the data incorrectly. Most data leaks are caused by human mistakes. Example of that is data ex filtering when users decide to use their own solutions instead of the organization provided solutions and it can last for a long time until its noticed. Microsoft 365 Purview have developed a tool to help organizations with this problem and that is Insider Risk Management. It helps to identify and minimize the insider risks to their organization. Imagine your organization in this scenario, a disgruntled user downloading confidential or secret files from SharePoint or the local network and then leaks it to competing organization or even worse to the public. The user had been planning the leak for months, used personal USB devices without authorization and copying or mailed files to private spaces. This could be a disaster, but organizations can mitigate these risks. Insider Risk Manager can help you identify and prevent these types of malicious activity in quite an easy way. How it works Insider Risk Management allows you to easily analyze, detect and investigate the user activity's and also help identify malicious activities, potential risk areas and the type and scope of Insider Risk Management policies you may want to configure. (Figure 1)  Figure 1 Most policies work best if your organization are using sensitivity labels properly. You can also use Data Connectors to import user and log data from 3rd-party systems that help alert indicators in Insider Risk Management policies. One example is to import human resources (HR) data related to change in a user's job and then be used to generate risk indicators. Data Loss Prevention (DLP) policies are also supported to help identify exposure of sensitive information and are important to get full risk management coverage in your organization. You can run an analytics scan to search across recent user activity in Microsoft 365 locations and it will show you potential risks, risk scores and help you select a useful policy template such as “Data leak”, “Data Theft” or “Security policy violations” that can be configured to fit your organization’s needs of tracking. You can choose what specific activities you want to analyze with Triggering events, here are some examples:
Then it’s time to select the indicators that you want to use to analyze and what apps and devices to analyze. Some of these indicators are:
The results will be shown in an easy-to-use overview that allows analysts and investigators to dig into the collected data and start a case, review the cases or the individually alerts that are ranked in severity levels: Low, Medium and High. (Figure 2)  Figure 2 Risk analysts can easily act on and escalate cases in Microsoft eDiscovery. To help meet privacy standards all usernames are by default anonymized (Figure 3), this can be turned off in settings by some roles and are always getting logged in the Audit section.  Figure 3 How to get started When you are going to use Insider Risk Manager, you need to have an existing Microsoft 365 Enterprise E5 subscription and use the role “Insider Risk Management Admin”. If you later are going to start an investigation in eDiscovery you need the “Insider Risk Management” role. Everything is done from Microsoft Purview Compliance portal. When a policy being created, you define the conditions and indicators that should be used. To mitigate the scenario above, you can choose “Data leaks” and then specify users/groups, SharePoint sites, “Sensitive info” types and “Sensitive labels” to analyze. Triggers for policies can be specified by yourself or use a “Data Loss Prevention” (DLP) policy.  |
RSS Feed
