TagMicrosoft365

Using the new Sensitivity labels in Teams and SharePoint

These days the preview of Sensitivity labels in Microsoft Teams and SharePoint is rolling out, and I got the new feature up and running in my tenant allready!

If you have been waiting on this feature you may have noticed that the rollout came in stages and is taking some time to be rolled out.

After opt-in to the preview feature by following the guide lines from docs.microsoft.com. You can start creating your new Sensitivity labels tailord for Office 365 groups, SharePoint sites and Microsoft Teams.

Head into Compliance center and create a new label and set the settings you want to test! In my case i created two new labels (naming is for test and to make it easy for me to divided these two :))

Basicly now you finally can block untrusted devices to gain access to higly confidential information stored within SharePoint or Teams – AND also prevent guests to be invited into the site.

For this to be working you need to be using Intune aswell so that company devices such as computers, laptops and mobile devices can be marked as compliant devices.

A usefull scenario also for this is when you only allow Limited, web only access to site or team then you block downloads from untrusted devices such as kiosk, home computers etc.

What do you think of this new feature?

I can`t wait to be going production with this!

Automated Investigation & Response

The Automated Investigation & Response feature under Threat management in Security & Compliance admin portal is a pritty new and amazing feature in Office 365.

To use this feature you need to have “Office 365 Advanced Threat Protection Plan 2” licenses witch you can purchase standalone or it`s included in the Office 365 E5 license and yes – you need to be a “Global Administrator” or “Security Administrator” to configure the service. Once configured you can also use “Security Reader” or “Security Operator” to see whats happening.

Have a look here to see all capabilities within “Advanced threat protections”.

So over to Automated Investigation & Response (AIR) – have a look at this screenshot

As we see her we have two detection on-going which waiting on user action. The first one in the picture is automatically found by the system and the second one is a email which I reported through the “Message Report” add-in for Outlook which are deployed to all users (Both Outlook and Outlook Web).

In the overview of the case (the one i reported) we see what`s going on with the message, the Trigger alert, what threats  who where found, how many emails are “infected” and which users that have the infected email in their mailbox (could be a mass-phishing attack)

When we navigate to the Email tab we see what section of the email that are found malicious and in this case the Advanced Threat Protection has matched the URL to a malicious URL

Moving to the Action tab – we are given several a big tool belt meaning that we can do a soft delete from the users mailboxes (in this case only one user, but if this malicious email was delivered to 100 users we can in one click remove the email from the users mailboxes) and block the URL in Safe Links.

So this was very short on how to easily use AIR in your tenant if you have the right license.

© 2020 IdefixWiki

Theme by Anders NorénUp ↑