How to Apply Sensitivity Labels to Your Data in Data Map

  • Article

Important

Labeling in the Microsoft Purview Data Map is currently in preview and operates under a pay-as-you-go billing model. It’s important to note that the Supplemental Terms of Use for Microsoft Azure Previews contain additional legal terms applicable to Azure features that are in beta, preview, or not yet generally available.

Applying Sensitivity Labels to Enhance Data Governance in Data Map

If you are new to sensitivity labels, you’ll need to create them and ensure they are scoped for Files & other data assets. For users already leveraging Microsoft Purview Information Protection, existing sensitivity labels can be modified to include this scope, making them readily available within Data Map. This guide will walk you through the essential steps to effectively edit data scan configurations and apply sensitivity labels, enhancing your data governance posture.

Step 1: Understanding Licensing Prerequisites

The foundation of sensitivity label creation and management lies within Microsoft Purview Information Protection. To begin, ensure you possess an active Microsoft 365 license that includes the benefit of automatic sensitivity label application, alongside the setup of a pay-as-you-go billing model.

For a detailed understanding of the asset-protected pay-as-you-go billing, refer to this pay-as-you-go billing model documentation. For specifics on required licenses, consult the comprehensive information on sensitivity labels. To explore Microsoft 365 E5 trial licenses for your tenant, navigate here from your environment. A complete list of licenses is available in the Sensitivity labels in Microsoft Purview FAQ. If you lack the necessary license, consider signing up for a Microsoft 365 E5 trial.

Step 2: Creating or Modifying Labels for Data Map Scope

To either create new sensitivity labels or adjust existing ones to be compatible with Data Map, follow these steps:

  1. Go to the Microsoft Purview portal and select the Information Protection card, or View all solutions and then Information Protection from the Data Security section if the card isn’t immediately visible.

  2. Click on Create a label.


    Creating a new sensitivity label within the Microsoft Purview compliance center, highlighting the initial steps in the label creation process.

  3. Assign a name to your label. In the Define the scope for this label section, ensure you select Files & other data assets. This critical step makes the label available for use within Data Map.

  4. Proceed through the prompts to tailor the label settings to your needs. Detailed information on configuration options can be found in the Microsoft 365 documentation: What sensitivity labels can do.

  5. Repeat these steps to create any additional labels required for your data classification strategy. Sub-labels can be created by selecting a parent label, then > More actions > Add sub label.

  6. To modify existing labels, navigate to Information Protection > Labels, and select the label you wish to change. Click Edit label to access the Edit sensitivity label configuration panel, where you can adjust the settings initially defined during label creation.

  7. Once you have created and modified your labels, it’s important to review and organize their order.

    To reorder labels, select > More actions > Move up or Move down. The order of labels is important as explained in the documentation for label priority (order matters).

Step 3: Setting Up Auto-Labeling Policies for Non-Microsoft 365 Workloads

To automate the application of sensitivity labels, create an auto-labeling policy specifically for non-Microsoft 365 workloads. This involves defining a policy scoped to “Azure Storage” or “Azure SQL,” encompassing either All assets or specific assets within these locations. You will then define the built-in classifications that, upon detection during the next data scan, will trigger the automatic assignment of the chosen sensitivity label.

Note

Auto-labeling policies are rule-based systems that automatically apply labels based on predefined conditions. When a data scan is performed, Microsoft Purview Data Map evaluates whether these conditions are met and automatically assigns the corresponding label. If a data source is not appearing for selection in the auto-labeling policy scope, confirm that the data source has been correctly registered and is visible in the Data Map. The locations available for auto-labeling policy scoping are dynamically populated based on the assets that have been registered.

Step 4: Scanning Your Data to Automatically Apply Sensitivity Labels

After creating an auto-labeling policy, allow approximately 15 minutes for the policy to propagate through the system. Initiate a data scan within the Data Map. This scan will automatically apply the sensitivity labels you’ve configured, based on the auto-labeling policies you have defined. Effectively, this is how you edit data scan results by pre-defining labeling rules.

For detailed guidance on setting up scans for different assets within Microsoft Purview Data Map, refer to these resources:

| Source | Reference

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *