008: Manually classify sensitive assets
Overview
Train and evaluate users for manually applying sensitivity labels. Start with a group of pilot users who are trained to use labels, and after a period of a few weeks identify (using Content Explorer) files which they have labeled manually, as well as known files you would expect to have been labeled, and compare the results with the expected label for each asset as evaluated by the security team. When implementing labels, you should initially deploy them without usage restrictions, watermarks and other controls in order to assess users behavior without consideration of the impact of such restrictions.
This step precedes using recommended and automatic labeling mechanisms that don't rely on the end user making a decision to apply a label.
Reference
- Create and publish sensitivity labels https://learn.microsoft.com/en-us/purview/create-sensitivity-labels
- Content Explorer: https://learn.microsoft.com/en-us/purview/data-classification-content-explorer
- Content Explorer PowerShell: https://learn.microsoft.com/en-us/powershell/module/exchange/export-contentexplorerdata
- Activity Explorer: https://learn.microsoft.com/en-us/purview/data-classification-activity-explorer