Restrict information sharing based on sensitivity

Both Teams and SharePoint are good solutions for sharing and collaborating with sensitive information internally as well as externally.

With help of Sensitivity labels, we can define rules and permissions for everything from allow/block external guests, sharing of files, as well as conditions for accessing different Teams and SharePoint sites.

In the most cases a certain team or project often includes different kinds of files with different sensitivity. Everything from public non-sensitive information to more confidential information that all have different rules and regulations.

All settings around “Groups & Sites” that we can define in Sensitivity Labels are based on existing Teams/SharePoint settings.

The biggest challenge is most often when we use Teams or restricted channels in Teams to restrict access to certain information. Even if we set a Team or a Teams channel as private, the default setting for sharing is that files can be shared to anyone within your organization.

image

In the most cases we have specific private Team and/or private channel to restrict access to only the members. But…

Regardless of the private setting of the team and channel that restrict access to the specific location, files within this team can be shared to users outside of the Team/Channel.

image

This is due to the following global setting in SharePoint

image

Within information security, it is of course most advantageous to change the global settings for Shares to ”Specific people”. This does not allow files to be shared to anyone other than those who have access to the Team or channel.

However, it is often difficult to change the global setting as there is uncertainty about the need for information sharing. After all, it is usually a small part of our information that is actually more sensitive.

This week we have got new functionality within Microsoft Information Protection that solves this challenge.

We can now, based on the sensitivity of both the team and specific documents, control just sharing settings. This applies both to who we can share files with, and to control whether we allow edit or view only access to the shared document.

Some examples, if we have Team sites including private channels where we need to restrict sharing to only members of the Team/Channel, we can define this setting on the sensitivity label of the site.

image image

If sensitive information is located in a nonrestrictive team we can restrict the sharing setting only on these files.

TeamShareBasedOnSensitity

For more information how to configure sensitivity labels with default sharing link type in SharePoint and OneDrive:

Use sensitivity labels to configure the default sharing link type for sites and documents in SharePoint and OneDrive – Microsoft 365 Compliance | Microsoft Docs

Detta inlägg publicerades i Microsoft Information Protection och märktes . Bokmärk permalänken.

Kommentera

Fyll i dina uppgifter nedan eller klicka på en ikon för att logga in:

WordPress.com-logga

Du kommenterar med ditt WordPress.com-konto. Logga ut /  Ändra )

Twitter-bild

Du kommenterar med ditt Twitter-konto. Logga ut /  Ändra )

Facebook-foto

Du kommenterar med ditt Facebook-konto. Logga ut /  Ändra )

Ansluter till %s