002: Document / Identify all approved cross-boundary data sharing scenarios
Overview
List all scenarios where potentially sensitive business data is shared across internal security boundaries (e.g. R&D to general user population, privileged users to regular users) in the form of emails or files, in anticipation for classifying it by sensitivity or audience. These scenarios can be general in nature (e.g. executives disclosing strategy or plans to employees) or specific (e.g. HR sharing employee rewards information with each employee). Initial identification of common sharing patterns can be done by using tools like Activity Explorer and through analysis of the Unified Audit Log's SharePoint and OneDrive sharing logs, as well as Exchange audit logs.
Reference
- Activity Explorer: https://learn.microsoft.com/en-us/purview/data-classification-activity-explorer
- SharePoint sharing logs schema: https://learn.microsoft.com/en-us/purview/audit-log-activities#sharing-and-access-request-activities