Secure by default with Microsoft Purview and protect against oversharing
Article
Microsoft Purview sensitivity labeling provides an efficient and robust capability to protect data. This protection is centered around encrypting your data and preventing oversharing. Labels can then be used as conditions in other solutions such as Microsoft Purview Data Loss Prevention (DLP) and Microsoft Purview Insider Risk Management.
The traditional 'crawl-walk-run' approach is often challenging or slow to adopt due to:
Defining the label taxonomy
Concerns about encryption affecting end users and line of business applications
Limited adoption through manual labeling and/or only using auto-labeling to label
In this guide, we provide a deployment model focusing on a different approach. We show how to:
Configure secure by default sensitivity labeling.
Use label publishing defaults and auto-labeling in the Office client.
Use contextual defaults in SharePoint sites to rapidly achieve deployment velocity.
When you derive Teams and SharePoint site labeling to file labels, you can reach high labeling volumes with limited end user interactions. This will also achieve a measured approach that helps overcome traditional challenges.
Tip
Securing by default by deriving labels from SharePoint sites, your organization can quickly reduce the risk associated with unintentional and intentional oversharing. Training end users on how to manage exceptions, instead of when to protect, helps accelerate adoption velocity.
Before you begin
This guide is for administrators with knowledge of Microsoft Purview Information Protection, DLP, and Insider Risk Management. If you're new to Purview, refer to these articles to learn more about Purview:
Simplify your deployment strategy with the following actions
Secure by default and protect information to All employees (and users within your identity ecosystem).
Derive file labels from site (container) labels to quickly reach scale.
Train users to update labels for sharing exceptions (instead of when to protect).
Auto-labeling is for higher sensitivity recommendations and more restriction.
Accelerate Data Loss Prevention deployment to restrict sharing of labeled content.
Insider Risk Management to identify suspicious user labeling and sharing behaviors (intentional and unintentional).
Why labeling matters in protecting your content?
Protection travels with your document – Easy to use encryptions for all users
Simple, integrated, and consistent – Built-in Office, Acrobat Reader, Teams, Power BI, Defender for Cloud Apps, and more
Copilot – End-to-end protection of sensitive information with Copilot interactions
Protection beyond Microsoft 365 – Protect data assets in Azure, Amazon Web Services (AWS), and more
Purview deployment blueprint
The blueprint provides:
a recommended label taxonomy to get your organization started
options for end users to manage exceptions, if encryption prevents them from working effectively
help to enable your organization to augment its data security rapidly
It’s important to review and adapt this blueprint based on your existing deployment, data security objectives, and experience. There are more options to help you deploy in stages. You're in complete control of your deployment experience.
Microsoft Purview sensitivity labels enable you to classify and protect sensitive data throughout your organization, including in the cloud and on devices. This module covers how to classify and protect sensitive information to ensure its security and compliance.