メインコンテンツへスキップ

Configure Data Sensitivity

Implementation Effort: Medium
Customer IT and Security Operations teams must integrate Microsoft Purview sensitivity labels, configure thresholds, and enable sensitive data discovery features.

User Impact: Low
All actions are performed by administrators; no user-facing changes or notifications are required.

Overview

Configuring data sensitivity in Microsoft Defender for Databases allows organizations to identify and prioritize protection for critical data assets such as financial records, personally identifiable information (PII), and credentials. This is done by integrating Microsoft Purview sensitivity labels and customizing which data types are considered sensitive within Defender for Cloud.

Key Steps

  1. Enable Sensitive Data Discovery

    • Ensure that the Defender CSPM and/or Defender for Storage plans are enabled to support sensitive data discovery 1.
  2. Access Sensitivity Settings

    • In the Azure portal, go to Microsoft Defender for Cloud > Environment settings > Data sensitivity.
  3. Customize Sensitivity Categories

    • Choose from built-in categories like:
      • Finance
      • PII
      • Credentials
      • Custom (from Microsoft Purview)
      • Other (miscellaneous built-in types)
    • Select the specific info types you want to mark as sensitive.
  4. Set Sensitivity Thresholds

    • Define the minimum sensitivity level required for a label to be considered sensitive in Defender for Cloud. This helps reduce noise and focus on high-risk data 1.
  5. Import Custom Labels

    • If using Microsoft Purview, custom sensitivity labels with automatic labeling rules are automatically imported. No manual consent is needed if you have an Enterprise Mobility + Security E5/A5/G5 license 1.

This configuration supports the Zero Trust principle of "Use Least Privilege Access" by helping organizations identify and protect their most sensitive data, ensuring that access policies and monitoring are aligned with data criticality. Without this setup, sensitive data may go unclassified and unprotected, increasing the risk of data exposure or regulatory non-compliance.

Reference