All Microsoft Microsoft 365 Certified: Security Administrator Associate certification exam dumps, study guide, training courses are prepared by industry experts. Microsoft Microsoft 365 Certified: Security Administrator Associate certification practice test questions and answers, exam dumps, study guide and training courses help candidates to study and pass hassle-free!

AIP (Azure Information Protection)

4. Publishing AIP Labels in Microsoft 365

So the first thing we've done is create a sensitivity label. We've gone through the process of doing that and configuring it the way we want it. But the next piece of that, of course, is that we've got to actually publish it so that it can be utilized. OK, so after the creation of a label, you've got to go through the process of setting up a label policy and then creating and publishing that to make that available to your users. Okay? Another thing that happens is that once a label is published and a policy is in place, that policy is applied to the user's app. The users are going to be using Outlook, Word, SharePoint, their Office, 365Groups, and all of that good stuff.

These labels can show up in that environment, and the users can utilise them, or they can also be automatically applied. So if you take a look at the way that these labels actually get applied, it's different depending upon how somebody's going about dealing with the label. So in the first scenario here, you've got somebody who's got Microsoft Word open and a document that possibly has sensitive information in it possibly. And the person can now manually change the label if they want. In this case, it's saying you're getting this message, saying it is recommended to label this file as confidential, and that's because some sensitive information has been detected inside this file. And so, Word is giving you some advice here. It's saying that you need to consider labelling it, okay? And so you could click "change."

You can now do the sensitivity, and you can set the sensitivity label right here if you want. That's what it would look like in Microsoft Word. Now over here, you're looking at things from an email perspective. So you've got a user here who is typing an email; say hi to all. A friendly reminder: this report is due for review by the end of the week. And it's got some information in it, some sensitive information. Right now the sensitivity is being marked as general, okay? But at that point, the user could change that sensitivity label. We can also have rules that would not allow this user to share this document with other people if we didn't want to. That's something we're going to look at a little bit later as well.

By not allowing this user to share this email or whatever contains sensitive information with other users, we can flag that as allowing this user to share that with people inside the organisation and restrict it from going to people outside the organisation if we want. We can also, of course, restrict it from going to certain people inside the organization. We can also make exceptions for it being sent to people outside of our organization. So that's all going to be stuff that we're going to be taking a look at. Another thing we've got here, down towards the bottom, is the ability to right-click a folder in this case, and as you can see, you can click Classify and Protect. So at that point, classification comes into play through AIP. A rights management solution, which includes the ability to encrypt that data, would be protecting. So as you can see, in different aspects here, depending upon the way you're going about using this data, whether it's through a Word app, Excel, or something like that, via email, or even on your File Explorer, you can do this. You can use AIP to classify and protect applications using documents.

5. Demonstration on publishing AIP Labels

Taking a look at applying AIP label policies We'll do this again through the Microsoft 365Admin Center, and we'll begin there. We're going to click on "Show All" again and go to Security. This is going to take us into the Security and Compliance Center. Okay? So again, just a quick reminder on how to get back into that Security and Compliance Center again. You can also, of course, go straight to ProtectionOffice.com if you want. Okay, so now that's loaded, I'm going to click to drop down the classification. You're going to go to SensitivityLabels, and we've got our label from the previous demonstration, PII included. And then from there, we can do this in a couple of ways. We can say "publish label" or we can go to label policies. In the end, it's going to be the same thing.

So I'm going to click "publish labels" here. Choose a sensitivity label to publish. So we'll go here and choose sensitivity labels to publish. And there is our sensitivity label that we've got available, PII included. That's the one we created previously. We're going to click Add, click Next at this point, and publish to users and groups. It's all happening right now. If you do not want it to go to everyone, you can direct it to specific users or groups. It's pretty simple there. We're going to click next, and then at that point, it will ask you how you want this to be applied. So apply this label by default to documents and emails. Some argue that PII should be included if I do so. And then users must provide justification to remove or lower a classification label. So I could have that selected if I want.

That means that in order for somebody to remove this label from a document, they would have to give a reason. Require users to apply a label to their emails or documents. You could require all users to always apply labels to emails and documents if they're going to send information back and forth. I'm not going to do that right now. Provide users with a link to a custom help page. So this is useful if you've set up a small SharePoint site that can serve as a tutorial for your users. If they're not really comfortable or familiar with any of this—maybe they haven't gone through any training on any of this—then this little tutorial could help them. You could even provide a link to a YouTube video where you've recorded something and have an explanation on how to set all that up. So you have quite a few options there that you can go with.

Again, I'm not going to enable any of that unless I'm asked to. If I'm doing this on the exam, if this is a lab scenario, then I would only do these options if I was asked to, okay? if it was something they told me to do. I know I keep saying it, but it bears repeating. But you don't want to assume things. You don't want to just turn things on unless it's requested. Okay. If this was an actual type of scenario you were having to go through, all right, I'm going to click next. Give it a description, whatever you want to call it. I'm going to call it the "PII policy." a name and description. Next. Okay. That point gives you an opportunity to review stuff. If you wanted to change anything at that point, you could edit any of that stuff there. And then you would click "Submit," and then you would click "Done." And that's it. You've now set up your policy up.The policy is now available and can be added to your office applications such as SharePoint and Office 365. So any of the apps that can support AIP, Azure, or Information Protection can now utilise this policy.

6. Stepping through the hands on tutorial for publishing AIP Labels

Click "show all." Go down to the security button here. That's going to take you to the Security and Compliance Center. We'll select Classification and then Sensitivity Labels. As you can see, there's our SSN policy that we've created. And then we're going to click on Label Policies, publish labels, choose sensitivity labels to publish, select the policy that we want to publish or the label we want to publish, and click Next. All right? From there, it's going to ask us again if we want to do it for users or groups. We're doing it for everyone. That was what was requested of us. So we're going to click "Next." From there, we can select some of these policy settings. Again, we're not going to select any of these because none of this was asked of us. So we're going to click Next, give it a name, and then we're going to submit it. And that's it. So it's pretty simple and straightforward. Again, the hardest part about all of this is just remembering where to go and where the steps are. So that's why you want to practise it.

7. Demonstration for using keyword based AIP Policies

I'm now going to go through the process of showing you how you can use Azure information protection to create a label based on a keyword. So here we are in the admin area of Microsoft.com. We're going to go to the "Show all ellipses" symbol here. And then we're going to click on the secure security button here, which is going to take us into security and compliance. So we're letting that load up here, and we're now in the Security and Compliance Center. All right. We're going to go back over here where it says classification. We're going to drop that down, and we're going to click on sensitive information types this time. So we're going to go there.

You have a bunch of default sensitive information types that are already created here, as you can see. But first, we'll go ahead and click Create. We're going to give this a name. So let's say that we were looking for the keyword "payroll" inside of a document, an email, or something like that. We were wanting a document to be labelled based on that keyword. So we can give this a name. We're going to call it a payroll label. And then, of course, you've got to give it a description as well. I'm just going to label it the same thing. Obviously, in the real world, you can be a lot more descriptive about that if you want to. We're going to click next, all right. At that point, it will request that I add an element.

So the element is going to contain the keyword that I'm actually looking for. So I'm going to click "add an element." All right. Detect content containing So I'm going to drop that down. I'm going to click on keywords. All right. Notice that I can put keywords in. It will also allow me to put a comma and a string of keywords if I want. I can use things like double quotes with my keywords. In my case, I'm going to say "payroll" just like that. All right. If you were doing this on the test, if it was a lab scenario or something, they would tell you exactly how they wanted it capitalised or not capitalised or whatever. And, of course, I'm going to give you the same advice I've always given you: type it exactly the way they want you to.

If they've got a capital letter, use a capital letter. If it's not, then don't. Okay. Okay. The other thing it says here is that you don't have any supporting elements. I wanted to add some other supporting elements. I could do regex, the regular expression that I mentioned in a previous lecture. You can do "contains" like a dictionary option with "large keywords" if you want to. It gives you a few different options there, and then the confidence level is how confident it is that it all matches up properly. So if you start doing large dictionary keywords and all that, you've also got character proximity, so that gets into a certain number of characters that it defaults to, that it looks at to try to match in very large keyword formats.

But in this case, we're just doing a pretty simple one. We're just putting the word "payroll" in there. We want our Microsoft 365 system to look for that keyword and see if it appears in an email, a document, or something else. So we're going to click next, and it gives us a chance to sort of review and finalise, making sure we're happy with everything. Of course, we can always go back and review and change things. Okay, so at that point, we click Finish, and it says, "All right, sensitive type is successfully saved. It is recommended that you test the sensitive type," so we could test it out if we want to.

All right? So at that point, if I've got a document, like a Word document or something like that, or a spreadsheet, then you could test this out. So if you bring up a Word document or a spreadsheet or something, you can drag and drop that document into this box, and it's going to tell you if it's true or false. In other words, it's going to let you know if that document contains that keyword.

It's just a great way for you to test it out, make sure it works like it's supposed to, and all that. I highly recommend doing that—obviously in the real world. But again, if this is not something you were asked to do on the exam, if this was a lab scenario, then you would not choose to test it. Okay? So I'm going to cancel that. Alright? And at that point, I would have created my payroll entry. OK? And I've now got myself a sensitive information type for payroll.

Microsoft 365 Certified: Security Administrator Associate certification practice test questions and answers, training course, study guide are uploaded in ETE files format by real users. Study and pass Microsoft Microsoft 365 Certified: Security Administrator Associate certification exam dumps & practice test questions and answers are the best available resource to help students pass at the first attempt.