Technical requirements- Microsoft SC-400 Certification

To follow the chapter, you will need to have a Microsoft 365 tenant as described in the previous chapter. The tenant and your computer(s) need to at least meet the following requirements:

  1. An Azure Information Protection plan for classification, labeling, and protecting information.
  2. Azure Active Directory, to use user accounts synchronized from your on-premises Active Directory Domain Services. You also need to configure directory integration using Azure Active Directory Connect.
  3. To use the Azure Information Protection client for Windows, the following operating systems are supported:
    • Windows 10 (x86, x64)
    • Windows 8.1 (x86, x64)
    • Windows 8 (x86, x64)
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 and Windows Server 2012 R2
  4. Applications supported for labeling and protection using the Azure Information Protection client are as follows:
    • Microsoft 365 Apps for enterprise
    • Office Professional Plus 2019
    • Office Professional Plus 2016
    • Office Professional Plus 2013 with Service Pack 1
    • Office Professional Plus 2010 with Service Pack 2
  5. The requirements for using the Azure Information Protection clients are listed at the following link: https://docs.microsoft.com/en-us/azure/information-protection/rms-client/clientv2-admin-guide-install.
    Now let’s dive into our first topic and explore what Information Protection is.

What is Information Protection?

Microsoft Information Protection brings together the features of Azure Information Protection with the Information Governance features of Microsoft 365. Microsoft Information Protection helps your organization to do the following:

  • Identify your data.
  • Provide protection for your data.
  • Govern your data.

We will explore each of these in the following sections.

Identify your data

To understand the data landscape in your organization across a hybrid or cloud environment, Microsoft Information Protection offers the following capabilities:

  • Sensitive information types: These help you identify sensitive data in your organization by using a function, the provided regular expressions in the portal, or by creating your own custom regular expressions.
  • Trainable classifiers: These help you identify sensitive data by using examples you provide rather than RegEx-based pattern matches.
  • Data classification: This is a dashboard from where you can follow the amount of data using a specific retention label, sensitivity label, or classification. This dashboard will allow you to gain several insights as to what actions your users are taking on the listed items.

Now that we have covered how to identify our data, let’s take a look at what capabilities Information Protection gives us to protect it.

Provide protection for your data

In order to provide protection for your data, applying encryption, access restrictions, and visual markings, Microsoft Information Protection offers the following capabilities:

  • Sensitivity labels: This is a solution that helps you to label and protect your data regardless of which device it is stored on, which application or service it is stored in, and whether it travels inside or outside your organization.
  • Azure Information Protection unified labeling client: An extra set of features and functionality is added to the Windows client for sensitivity labels. Labeling and protecting all files from File Explorer and Powershell are included.
  • Double Key Encryption: This is a feature that guarantees that under any circumstances, only your organization can ever decrypt content using Double Key Encryption or for regulatory requirements, you must keep encryption keys within a geographical boundary.
  • Office 365 Message Encryption (OME): By encrypting email messages and attachments sent to any user on any device, this ensures that only authorized recipients can access the information contained therein.
  • Service encryption with Customer Key: This helps you protect data against viewing by unauthorized systems or personnel and complements BitLocker disk encryption in Microsoft data centers.
  • SharePoint Information Rights Management (IRM): This helps you protect SharePoint lists and libraries so that when a document gets checked out, the file is protected in order for only people with the correct authorization to be able to read and edit the file according to policies specified by you or your company.
  • Rights Management connector: For servers existing in on-premises deployments that use Exchange or SharePoint or run Windows Server and File Classification Infrastructure (FCI), the Rights Management connector offers protection using encryption from Microsoft Information Protection.
  • Azure Information Protection unified labeling scanner: This is a feature that helps you to discover, label, and protect sensitive data stored in your on-premises environment.
  • Microsoft Defender for Cloud Apps: With this feature, you can discover, label, and protect sensitive data stored in your cloud environment regardless of the cloud provider.
  • Microsoft Information Protection (SDK): This extends the usage of sensitivity labels to third-party applications and services.

That is all the protection capabilities of the Information Protection suite. Let’s delve into what it has to offer when it comes to information governance and protection from either non-malicious or malicious sharing of data.

Leave a Reply

Your email address will not be published. Required fields are marked *