Įvykiai
Microsoft 365 bendruomenės konferencija
05-06 14 - 05-09 00
Įgūdžių iki di eros galutinis bendruomenės vadovaujama Microsoft 365 renginys, gegužės 6-8 Las Vegase.
Sužinokite daugiauŠi naršyklė nebepalaikoma.
Atnaujinkite į „Microsoft Edge“, kad pasinaudotumėte naujausiomis funkcijomis, saugos naujinimais ir techniniu palaikymu.
Some features in this article require Microsoft Syntex - SharePoint Advanced Management
In this article, we look at setting up a team for a sensitive level of protection. Be sure you've completed the steps in Deploy teams with baseline protection before following the steps in this article. The sensitive tier offers the following additional protections over the baseline tier:
Watch this video for a walkthrough of the procedures described in this article.
Depending on the nature of your business, you may or may not want to enable guest sharing for teams that contain sensitive data. If you do plan to collaborate with people outside your organization in the team, we recommend enabling guest sharing. Microsoft 365 includes a variety of security and compliance features to help you share sensitive content securely. This is generally a more secure option than emailing content directly to people outside your organization.
For details about sharing with guests securely, see the following resources:
To allow or block guest sharing, we use a combination of a sensitivity label for the team and site-level sharing controls for the associated SharePoint site, both discussed later.
For the sensitive level of protection, we use a sensitivity label to classify the team. We also use this label to classify individual files in the team. (It can also be used on files in other file locations such as SharePoint or OneDrive.)
As a first step, you must enable sensitivity labels for Teams. See Use sensitivity labels to protect content in Microsoft Teams, Microsoft 365 Groups, and SharePoint sites for details.
If you already have sensitivity labels deployed in your organization, consider how this label fits with your overall label strategy. You can change the name or settings if needed to meet the needs of your organization.
Once you have enabled sensitivity labels for Teams, the next step is to create the label.
To create a sensitivity label
Once you've created the label, you need to publish it to the users who will use it. For sensitive protection, we make the label available to all users. You publish the label in the Microsoft Purview compliance portal, on the Label policies page under Information protection. If you have an existing policy that applies to all users, add this label to that policy. If you need to create a new policy, see Publish sensitivity labels by creating a label policy.
Further configuration of the sensitive scenario is done in the team itself and in the SharePoint site associated with the team, so the next step is to create a team.
We'll create the team in the Teams admin center.
To create a team for sensitive information
In this tier, we restrict creating private channels to team owners.
To restrict private channel creation
Shared channels doesn't have team-level settings. The shared channel settings you configure in the Teams admin center and the Microsoft Entra admin center apply to individual users.
Each time you create a new team with the sensitive label, there are three steps to do in SharePoint:
The site sharing settings and default sensitivity label must be configured in the site itself and can't be set up from the SharePoint admin center or via PowerShell.
To update the site default sharing link type
If you want to script this as part of your team creation process, you can use Set-SPOSite with the -DefaultSharingLinkType Direct
parameter to change the default sharing link to Specific people.
Note that if you add private or shared channels to the team, each creates a new SharePoint site with the default sharing settings. You can update them in the SharePoint admin center by selecting the sites associated with the team.
To help ensure that the SharePoint site doesn't get shared with people who aren't members of the team, we limit such sharing to owners. This is only necessary for the SharePoint site that was created with the team. Additional sites created as part of private or shared channels can't be shared outside the team or channel.
You need to be a team owner to do this task.
To configure owners-only site sharing
We'll use the sensitivity label that we created as the default sensitivity label for the site document library that is connected to Teams. This will automatically apply the highly sensitive label to any new label-compatible files that are uploaded to the library. (This requires a Microsoft Syntex - SharePoint Advanced Management license.)
You need to be a team owner to do this task.
To set a default sensitivity label for a document library
In Teams, navigate to the General channel of the team you want to update.
In the tool bar for the team, select Files.
Select Open in SharePoint.
In the SharePoint site, open Settings and then choose Library settings.
From the Library settings flyout pane, select Default sensitivity labels, and then select the sensitive label from the drop-down box.
For more details about how default library labels work, see Configure a default sensitivity label for a SharePoint document library and Add a sensitivity label to SharePoint document library.
Įvykiai
Microsoft 365 bendruomenės konferencija
05-06 14 - 05-09 00
Įgūdžių iki di eros galutinis bendruomenės vadovaujama Microsoft 365 renginys, gegužės 6-8 Las Vegase.
Sužinokite daugiauMokymas
Modulis
Implement sensitivity labels - Training
This module examines the process for implementing sensitivity labels, including applying proper administrative permissions, determining a deployment strategy, creating, configuring, and publishing labels, and removing and deleting labels.
Sertifikatas
Microsoft Certified: Information Protection and Compliance Administrator Associate - Certifications
Demonstrate the fundamentals of data security, lifecycle management, information security, and compliance to protect a Microsoft 365 deployment.
Dokumentacija
Configure teams with protection for highly sensitive data
Learn how to deploy teams with protection for highly sensitive data.
Configure Teams with three tiers of file sharing security
Learn how to configure Teams for better file sharing security using three tiers of protection, balancing security with ease of collaboration.
Configure teams with baseline protection
Learn how to deploy teams with a baseline level of protection.