The auto-labeling policies, like other content automation policies in Microsoft Purview, use detection algorithms and processes (such as sensitive information types and trainable classifiers) to apply labels to content in the M365 environment. These are service-side labeling features. After you’ve laid out a labeling scheme consisting of labels and sublabels and decided how content should be classified, you can use and customize the templates in the auto-labeling wizard to apply labels to content matching your classifiers.

Suppose, for example, you need to identify and classify documents that have sensitive information, such as U.S. taxpayer identification numbers or social security numbers, and have created a label called Highly Confidential. You can use an auto-labeling policy with one of the predefined templates to detect taxpayer and social security number patterns and then apply a label to those matching documents.

To create an auto-labeling policy, follow these steps:

1. In the Microsoft Purview compliance portal (https://compliance.microsoft.com), expand Information protection and select Auto-labeling.
2. Click Create auto-labeling policy, as shown in Figure 10.51.

Figure 10.51 – Selecting Create auto-labeling policy

3. On the Info to label page, select the template that you want to use to detect sensitive data. You can choose from a variety of sensitive information types including financial, medical, and privacy continuum. You can select Custom to create a policy based on your own criteria and sensitive information types. In this example, the U.S. State Breach Notification Laws Enhanced template has been selected, which includes detections for a number of personal data elements including financial information, taxpayer data, government identification (such as passports and driver’s licenses), and medical terminology.

Figure 10.52 – Selecting a category template

4. Click Next.
5. Enter a Name value for the policy and click Next.
6. On the Admin units page, choose which administrative units to use for scoping the policy. By default, the entire tenant is selected. Click Next.
7. On the Locations page, choose where you want this policy to apply labels. By default, all Exchange email, SharePoint sites, and OneDrive accounts are selected as part of the application scope. Click Next.
8. On the Policy rules page, you can select either Common rules or Advanced rules. Both Common rules and Advanced rules start off with a base template that you can customize, though Advanced rules gives you more customization ability when it comes to email conditions. Select a rules option and click Next.

Figure 10.53 – Selecting policy rules

9. Review the rules that are in place, customize if desired, and click Next to continue.
10. On the Label page, select which label you want to apply to the detected content. Click Next.

Figure 10.54 – Selecting the label to apply

11. If you have Exchange email selected as a location on the Locations page, you have an Automatically replace existing labels that have the same or lower priority option. Additionally, if the label you selected has encryption settings, you can choose Apply encryption to email received from outside of the organization if required. If you do not choose Assign a Rights Management owner, encryption will not be applied to received emails.

Figure 10.55 – Specifying additional settings for email

12. Click Next.
13. On the Policy mode page, select how the policy will be implemented. There is no setting to turn the policy on immediately, though you can choose Run the policy in simulation mode and then select the Automatically turn on policy if not modified after 7 days in simulation option. You can also choose Leave policy turned off if you’re not ready to move forward with it just yet.

Figure 10.56 – Choosing the policy mode

14. Click Next.
15. On the Finish page, review the settings and adjust if necessary. Click Create policy.

A labeling policy (whether a standard label policy or an auto-label policy) can only apply a single label to content. Additionally, an item may only have one sensitivity label applied to it at a time. If you have multiple labels and sublabels and want to automatically apply multiple labels, you’ll need to create a separate policy for each label that you want to apply. Labels also have a concept of priority— where a higher number means it has a higher priority. If a labeling policy identifies content that could potentially match two labels with different priorities, M365 will apply the label with the higher priority to the content.

Exam tip
The core takeaway from the two types of labeling policies is that label policies are generally focused on interactive activities (such as navigating a browser interface to apply a label or applying a label while creating and editing a document) while auto-labeling policies generally apply to content at rest.

ICANN (short for Internet Corporation for Assigned Names and Numbers) is a non-profit organization tasked with providing guidance and policy around the internet’s unique identifiers (domains). It was chartered in 1998. Prior to 1998, Network Solutions operated the global domain name system registry under a subcontract from the United States Defense Information Systems Agency.

You can search the list of domain registrars here: https://www.icann.org/en/accredited-registrars.

Microsoft

In addition to choosing a third-party registrar, organizations may also wish to use Microsoft as the registrar. Depending on your subscription, you may have direct access to purchasing domain names from within the Microsoft 365 admin center, as shown in Figure 1.4:

Figure 1.4 – Purchasing a domain through the Microsoft 365 admin center

When purchasing a domain through Microsoft, you can select from the following top-level domains:

• .biz
• .com
• .info
• .me
• .mobi
• .net
• .org
• .tv
• .co.uk
• .org.uk

Domain purchases will be billed separately from your Microsoft 365 subscription services. When purchasing a domain from Microsoft, you’ll have limited ability to manage Domain Name System (DNS) records. If you require custom configuration (such as configuring an MX record to point to a non-Microsoft 365 server), you’ll need to purchase a domain separately.

Configuring a domain name

Configuring a domain for your tenant is a simple procedure and requires access to your organization’s public DNS service provider. Many large organizations may host DNS themselves, while other organizations choose to pay service providers (such as the domain registrar) to host the services.

In order to be compatible with Microsoft 365, a DNS service must support configuring the following types of records:

• CNAME: Canonical Name records are alias records for a domain, allowing a name to point to another name as a reference. For example, let’s say you have a website named www.contoso.com that resolves to an IP address of 1.2.3.4. Later, you want to start building websites for na.contoso.com and eu.contoso.com on the same web server. You might implement a CNAME record for na.contoso.com to point to www.contoso.com.
• TXT: A Text Record is a DNS record used to store somewhat unstructured information. Request for Comments (RFC) 1035 (https://tools.ietf.org/html/rfc1035) specifies that the value must be a text string and gives no specific format for the value data. Over the years, Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and other authentication and verification data have been published as TXT records. In addition to SPF and DKIM, the Microsoft 365 domain addition process requires the administrator to place a certain value in a TXT record to confirm ownership of the domain.
• SRV: A Service Locator record is used to specify a combination of a host in addition to a port for a particular internet protocol or service.
• MX: The Mail Exchanger record is used to identify which hosts (servers or other devices) are responsible for handling mail for a domain.

In order to use a custom domain (sometimes referred to as a vanity domain) with Microsoft 365, you’ll need to add it to your tenant.

To add a custom domain, follow these steps:

1. Navigate to the Microsoft 365 admin center (https://admin.microsoft.com) and log in.
2. Expand Settings and select Domains.

Figure 1.5 – Domains page of the Microsoft 365 admin center

3. Click Add domain.

4. On the Add a domain page, enter the custom domain name you wish to add to your Microsoft 365 tenant. Select Use this domain to continue.

Figure 1.6 – Add a domain page

In this chapter, you learned about the capabilities of Microsoft DLP. Building on the knowledge you previously gained about classifiers such as sensitive information types, DLP policies can be used to detect sensitive information as it moves throughout your organization.

DLP policies can target workloads such as Exchange Online or SharePoint as well as endpoint devices such as on-premises file servers and client computers. Each layer helps provide additional protection against data leakage and compromise.

You also learned about the alerting and troubleshooting tools available in the platform, including the DLP Alerts dashboard and the Microsoft 365 DefenderIncidents dashboard, and the capabilities of incident management to further remediate issues with users and data.

Exam Readiness Drill – Chapter Review Questions

Benchmark Score: 75%

Apart from a solid understanding of key concepts, being able to think quickly under time pressure is a skill that will help you ace your certification exam. That’s why, working on these skills early on in your learning journey is key.

Chapter review questions are designed to improve your test-taking skills progressively with each chapter you learn and review your understanding of key concepts in the chapter at the same time. You’ll find these at the end of each chapter.

Before You Proceed

You need to unlock these resources before you start using them. Unlocking takes less than 10 minutes, can be done from any device, and needs to be done only once. Head over to thestart of Chapter 7, Managing Security Reports and Alerts by Using the Microsoft 365 Defender Portal in this book for instructions on how to unlock them.

To open the Chapter Review Questions for this chapter, click the following link:

https://packt.link/MS102E1_CH11. Or, you can scan the following QR code:

Figure 11.40 – QR code that opens Chapter Review Questions for logged-in users Once you login, you’ll see a page similar to what is shown in Figure 11.41:

Figure 11.41 – Chapter Review Questions for Chapter 11

Once ready, start the following practice drills, re-attempting the quiz multiple times:

Exam Readiness Drill

For the first 3 attempts, don’t worry about the time limit.

ATTEMPT 1

The first time, aim for at least 40%. Look at the answers you got wrong and read the relevant sections in the chapter again to fix your learning gaps.

ATTEMPT 2

The second time, aim for at least 60%. Look at the answers you got wrong and read the relevant sections in the chapter again to fix any remaining learning gaps.

ATTEMPT 3

The third time, aim for at least 75%. Once you score 75% or more, you start working on your timing.

Tip You may take more than 3 attempts to reach 75%. That’s okay. Just review the relevant sections in the chapter till you get there.

Working On Timing

Target: Your aim is to keep the score the same while trying to answer these questions as quickly as possible. Here’s an example of how your next attempts should look like:

Table 11.1 – Sample timing practice drills on the online platform

Note The time limits shown in the above table are just examples. Set your own time limits with each attempt based on the time limit of the quiz on the website.

With each new attempt, your score should stay above 75% while your time taken to complete should decrease. Repeat as many attempts as you want till you feel confident dealing with the time pressure.