The Security and Compliance Center in Microsoft 365 has tons of great tools to find sensitive information and help you make your environment more secure. There’s a LOT of features and admin tools in the Security and Compliance interface though, and it can be confusing to know where to begin! To help you with enforcing security in Microsoft 365, I’ve compiled some tips and tricks below to help simplify securing you collaboration information.

Lots of organizations have internal SLAs or regulatory requirements to hang on to certain types of data for a specific period of time. Once this time is up, it’s important to remove such records to reduce the liability that comes from exposure to certain information.

Retention labels and policies allow organizations some level of control for managing the information lifecycle, as well as report on the types of information within their environment.

Applying a retention label for data retention in Microsoft 365

Now, for organizations that are looking for a little more control, there are also records management features within the Security and Compliance Center.

Retention labels and policies however, are a fast and easy way to apply retention and deletion policies across Office 365. They are also a great place to get started with data governance and security for any organization.

Using Retention Labels for Other Policies

Retention labels can be used for far more than retention. They are primarily used to tag information in Microsoft 365 for the enforcement of content lifecycle management, but did you know that you can setup other policies in the Security and Compliance Center to reference your retention labels and policies?

Creating a policy tied to a retention label in Office 365

Some organizations don’t have regulatory requirements but are concerned about Personal Identifying Information (PII) and sensitive information in their environment. In these cases, applying broad Retention Label policies that can be reused for (data loss prevention) DLP and sensitivity labels is one strategy to give you lots of visibility into your sensitive data without having to setup a bunch of unique policies in Microsoft 365.

DLP Policies

Creating a DLP policy in Office 365

DLP policies are a great way to quickly understand which documents in Microsoft 365 have sensitive information. You can even use the reporting to quickly understand which ones have many instances of content that matches sensitive information types.

How to identify where your sensitive data sits in Office 365

Sensitivity Labels

Sensitivity labels are a great way to add an additional layer of security and control to your Microsoft 365 content. When users apply sensitivity labels to the confidential documents they create, your policies are applied to enforce the rules you set up associated with those labels.

With an E5 license, those labels can even be automatically applied! If you want, you can base your sensitivity labels around your retention label policies, or you can come up with your own policies for each sensitivity label for more control.

Adding a sensitivity label to content in Office 365

Custom Sensitive Information Types

Microsoft 365 has had many sensitive information types for a long time but did you know that it’s now possible to create sensitive information types in Microsoft 365?

You can actually create a new sensitive information type from scratch using keywords, a regular expression of your own, or from choosing from dictionary keywords. You can use a custom sensitive information type with any of the policies that use them.

Creating Custom Sensitive Information Types in the O365 Security and Compliance Center

Balancing Policies & Managing Access in Microsoft 365

These are just some quick tips and tricks to get started managing information in Microsoft 365! It’s important to understand though, that while there are many tools to attempt to mitigate sensitive information and exposure to certain kinds of documents, there’s not really an interface that gives a comprehensive view of who has access to certain kinds of information, nor a way to prioritize sensitive information based on exposure or location.

In addition, it can be very difficult to apply and keep track of so many policies in ways that scale with your organization’s growth while still meeting the needs of your users.

AvePoint’s new Policies and Insights Solution does all this heavy lifting for you! Policies and Insights (or PI) gives you the tools you need to understand who has access to what in easy ways, while also making it quick and easy to understand where your sensitive information exists. Most importantly, PI gives you the tools to prioritize sensitive information based on how many people have access to it, and who those people are.

PI is also one of the only solutions that doesn’t require you to constantly look at reports and make manual changes across your environment- PI can automatically enforce security and other settings, reverting out of policy changes or notifying the necessary parties when they occur.

If security and risk mitigation are becoming a higher priority for your organization, be sure to set up a time to chat with us and how we can help

Hunter Willis is the President of the Richmond SharePoint User Group and works full time as Product Marketing Manager at AvePoint. Originally published HERE

AvePoint #ShiftHappens APAC Online Conference August 25 - 27. In its first APAC event AvePoint is bringing together business leaders and IT professionals in A/NZ, Japan, Singapore and other ASEAN nations for this Free virtual conference. Register NOW.

Read the other post in AvePoint’s Securing Collaboration series below:

How to Get ISO 27001-Ready

Oversharing Challenges in Microsoft 365

Sensitive Info Identifiers in Office 365

How to Find Sensitive Information in Office 365