MS-500 Microsoft 365 Security Administration Topic: AIP (Azure Information Protection)
December 16, 2022

8. Stepping through the hands on tutorial for using keyword based AIP Policies

Admin Microsoft.com. Either way, it takes you to the same place. You then click on “Show All.” We’re going to go to the Security and Compliance Center. Drop-down classification, sensitive information types We’re going to create our sensitive information type. Give it a name. This case just got given the name “payroll” right next. And then add the element dropdown to the element list here. It’s going to be a keyword. Specify what the keyword is going to be. In this case, it’s going to be the word “payroll.” We’re going to click next. We would confirm everything, and then we would click Finish. All right. And that is the tutorial for how to create that keyword label through IP. And you’ll get a chance to give it a shot as well.

9. Using AIP to block actions based upon keywords

I’m now going to demonstrate the concept of using these labels that we’ve created, such as the keyword label, to have something blocked. I’m going to go into our configuration here, the security compliance center. We’ll look into blocking using Microsoft Exchange. Prevent that keyword, payroll keyword, from being used. So here’s what we’re going to do. We’re on the administration side of Microsoft.com.

I’m going to drop the show all the way here and go to the Security and Compliance Center. This time I’m going to be looking at the data loss prevention area. So I’m going to drop the data loss prevention down here. We’re going to click on “Policy,” and from there, we have different policies that we could enable here. The policy that I’m going to use is one that I’m going to create. So I’m going to click “create a policy.” All right? And in this case, I’m going to create a custom policy. Now in a later demonstration, I’ll explain what some of this other stuff is here, but I’m going to go with custom. All right? At that point, I would give this policy a name.

So in my case, I’m going to call this block payroll keyword. There was an error there. Let’s try that again. Block the payroll keyword in exchange. Okay, give it a description if you want. We’ll click next. OK. It’s important to note that I’m only willing to do this in exchange for something. This goes back to if I were doing this on an exam. If the exam was telling me that I needed to perform an action, they may say something like, “You know, only do it in exchange.” So I need to go here, and I’m going to click on “Let me choose specific locations.” So we’ll choose that, and I’m going to turn off these other locations here. I’m not going to do SharePoint, I’m not going to do OneDrive, I’m not going to do Teams, or any of that. I’m just going to turn on the ones that need to be turned on. In this case, just exchange, right? So from there, I’m going to go ahead and click Next. Then it says, “Find contents that contain.” It says you must select at least one classification type. Well, lucky for us, we created a classification type previously.

So we’re going to click Edit. All right, we’re going to now click Add, and we’re going to go with the sensitive information type. From there, we’ll click “add” and “sensitive infotype.” If we scroll down, we should have a sensitive information type called Payroll Label, which we created previously. We’re going to select that one, right? And then we’re going to click “Add that,” adding that sensitive “Payroll” label keyword. We’re going to click “Done.” All right? So that’s what we want. And I’ve explained accuracy before, but we’re going to click “Save” on that now, all right? And then from there, now that we’ve added that, we’re going to click next. By the way, I’ll actually be getting into some of the advanced settings with you in a later video, by the way.So we’re going to click next, and then one of the other things that we wanted to do in this scenario is make it so that if one instance of this keyword shows up, it’s going to be detected and blocked. So we’ll change that to a one so that we can detect when the contents being shared are set to at least one.

We could also do notifications. I’m also going to do more with notifications in alternate video and send reports to someone. We’re going to talk more about that. But in our case, we’re going to block and not just encrypt. We’re going to block it. Okay? So from there, we’re now going to click “Next.” All right, say block these people in this case. So if I wanted to block specific people, I could block everyone or only people outside my organization. In my case, I want to block people outside my organization. Okay. I could have said, “Let people whose tips override the policy.” I could turn that on. In other words, a policy could pop up on the screen, and the user could choose to go ahead and do it anyway. Now, of course, you can also turn that off if you want. It’s important. Again, if it depends on what I’m being asked to do here in the real world, it’s really up to you and your company. But obviously, if this was the exam, it may tell me to turn that on or turn it off, whatever. If it doesn’t say, then just leave it alone.

Leave it as whatever the default is that they’re asking you to perform. You don’t want to do extra things that they’re not asking you to do. And I know I’ve said that before. I’m just kind of reiterating the same thing there. Okay, so that’s the one I’m going to click next, and it’s asking me if I would like to go ahead and turn this on right away or if I want to test it out. Now, in the real world, I would say to test it out. But if this was an exam scenario and they’re wanting you to turn this on right now, then that’s what you’re going to do. You’re going to say, “Yes,” and turn this on right away. So click next. You could verify everything, make sure you got everything the way you wanted it, and then click create. And you’ve now officially created that sensitivity type, that data prevention policy, that’s going to block payroll keywords in Microsoft Exchange.

10. Stepping through the tutorial for using AIP to block actions based on keywords

We’re going to click “Show all” under “Security.” That’s going to take us to the Security Compliance Center. This time, we’re going to go with data loss prevention. So we’re not doing classification. We’re doing data loss prevention. We’re going to drop that policy. We’re going to create a policy. It’s going to be a custom policy. Give the policy a name. As always, they may or may not tell you if this was a lab scenario on the test. They may or may not tell you what to call it. So you just name it what you want. We’ll click next. At that point, we would choose specific locations, and we’re going to turn off everything but Exchange, and we’re going to click next.

All right? We finally got to specify the keyword policy. So we’ll click edit, then add sensitivity information or sensitive infotypes. Click “Add” on that. We’re going to find that sense of type that we created earlier. Click Add. Click done. Save going to “next.” We’re going to set the instance to one instead of ten. Click next. All right? From there, we’ve confirmed everything. We’re pleased with everything except the people outside our organization. We could let people override. If we’re not told to change that, we don’t change it, right? So we’re going to click next. We’re going to go ahead and turn it on. Click next, and we’re done. We’ve created it, and we’ve now finished the tutorial. So now you can give it a shot.

Leave a Reply

How It Works

img
Step 1. Choose Exam
on ExamLabs
Download IT Exams Questions & Answers
img
Step 2. Open Exam with
Avanset Exam Simulator
Press here to download VCE Exam Simulator that simulates real exam environment
img
Step 3. Study
& Pass
IT Exams Anywhere, Anytime!