by Contributed | Jul 2, 2023 | Technology
This article is contributed. See the original author and article here.
Based on Lesson Learned #368: Connection Retry-Logic using ODBC API code – Microsoft Community Hub I would like to share but was my lesson learned execution TSQL command. Executing a TSQL command connectivity issues or command timeouts can occur, leading to failed executions. To overcome these challenges, it is essential to implement robust error-handling mechanisms. In this article, we will explore how to leverage the ODBC API to retry the execution of TSQL commands when faced with connection drops or command timeouts.
Implementing a Retry Mechanism: The following steps outline how to implement a retry mechanism using the ODBC API.
Catch the error: Surround the TSQL command execution with a try-catch block or equivalent error-handling mechanism. In the catch block, examine the error code or exception to identify connection drops or command timeouts.
Determine the retry conditions: Define the conditions under which a retry should occur. For example, you might retry when the error code corresponds to a dropped connection (e.g., SQLSTATE 08S01) or a command timeout (e.g., SQLSTATE HYT00).
Set a maximum retry limit: To prevent infinite retries, set a maximum retry limit. It is essential to strike a balance between allowing enough retries to handle temporary issues and avoiding prolonged execution times.
Introduce a delay between retries: To avoid overwhelming the database server, introduce a delay between retries. Exponential backoff is a popular technique where the delay increases exponentially after each retry, allowing the server time to recover.
Retry the execution: Once the retry conditions are met, re-execute the TSQL command using the same connection. Remember to handle any additional exceptions that may arise during the retry process.
Track retries: Keep track of the number of retries attempted to monitor the effectiveness of the retry mechanism. This information can be useful for troubleshooting and optimizing the system.
Code
public void MainRetry()
{
// Initialize ODBC environment handle
IntPtr environmentHandle = IntPtr.Zero;
String sErrorMsg = "";
Boolean bExecution = false;
SQLAllocHandle(1, IntPtr.Zero, out environmentHandle);
//SQLSetEnvAttr(environmentHandle, 201, (IntPtr)2, 0);
SQLSetEnvAttr(environmentHandle, 200, (IntPtr)380, 0);
bExecution = bMainRetryExecution(environmentHandle, ref sErrorMsg,"WAITFOR DELAY '00:02:50'",4 );
if(!bExecution)
{
Console.WriteLine("Error: " + sErrorMsg);
}
else
{
Console.WriteLine("Execution correctly");
}
SQLFreeHandle(1, environmentHandle);
}
public Boolean bMainRetryExecution(IntPtr environmentHandle,
ref string sErrorMsg,
string sQuery = "SELECT 1",
int iRetryCount = 1)
{
// Initialize ODBC connection and statement handles
Boolean bExecute = false;
int retryIntervalSeconds = 2;
for (int i = 1; i <= iRetryCount; i++)
{
try
{
IntPtr connectionHandle = IntPtr.Zero;
IntPtr statementHandle = IntPtr.Zero;
int retcode;
Console.WriteLine("Try to execute {0} of {1} Query: {2}", i, iRetryCount, sQuery);
retcode = SQLAllocHandle(2, environmentHandle, out connectionHandle);
if (retcode == -1)
{
sErrorMsg = "Not possible to obtain the environment Handle";
}
else
{
if (RetryLogicUsingODBCAPI(connectionHandle) == -1)
{
sErrorMsg = "Connection was not possible after the retries";
}
else
{
retcode = SQLAllocHandle(3, connectionHandle, out statementHandle);
if (retcode == -1)
{
sErrorMsg = "Not possible to obtain the statementHandle";
}
else
{
SQLSetStmtAttr(statementHandle, SQL_ATTR_QUERY_TIMEOUT, (IntPtr)(30*(i)), 0);
retcode = SQLExecDirect(statementHandle, sQuery, sQuery.Length);
if (retcode == -1)
{
GetODBCErrorDetails(statementHandle, 3);
sErrorMsg = "Error: not possible to execute the query.";
System.Threading.Thread.Sleep(1000 * retryIntervalSeconds);
retryIntervalSeconds = Convert.ToInt32(retryIntervalSeconds * 1.5);
}
else
{
SQLDisconnect(connectionHandle);
SQLFreeHandle(3, statementHandle);
SQLFreeHandle(2, connectionHandle);
sErrorMsg = "Command executed correctly";
bExecute = true;
break;
}
}
}
}
}
catch (Exception ex)
{
Console.WriteLine("Error: " + ex.Message);
sErrorMsg = "Error: " + ex.Message;
}
}
return bExecute;
}
Explanation:
by Contributed | Jul 1, 2023 | Technology
This article is contributed. See the original author and article here.
As organizações estão cada vez mais dependendo de tecnologias em nuvem para melhorar a eficiência e otimizar as operações no ambiente empresarial acelerado de hoje. À medida que a adoção da nuvem cresce, também aumenta a demanda por medidas de segurança robustas para proteger dados e aplicativos sensíveis. A certificação AZ-500 Microsoft Azure Security Technologies tem o objetivo de fornecer aos profissionais as habilidades e o conhecimento necessários para proteger a infraestrutura, os serviços e os dados do Azure.
A abordagem de Segurança Zero Trust, que parte do pressuposto de que todos os usuários, dispositivos e redes são não confiáveis e requerem verificação constante, é uma das metodologias de segurança mais críticas da indústria atualmente. À medida que as empresas adotam a tecnologia de Inteligência Artificial (IA), surgem novas preocupações de segurança, tornando crucial que as organizações se mantenham atualizadas nas práticas de segurança mais recentes.
Este guia de estudos fornece uma visão geral dos objetivos do exame AZ-500, que incluem controles de segurança, gerenciamento de identidade e acesso, proteção da plataforma, proteção de dados e aplicativos, além de recursos de governança e conformidade no Azure.
O que esperar no exame
O Exame AZ-500 mede o conhecimento do aluno em implementar, gerenciar e monitorar a segurança de recursos no Azure, em ambientes multi-cloud e híbridos. Isso inclui recomendação de componentes de segurança e configurações para proteger identidade e acesso, dados, aplicativos e redes.
O exame consiste em 40 a 60 perguntas e tem duração de 180 minutos. Você pode encontrar perguntas de múltipla escolha, bem como perguntas de arrastar e soltar e perguntas de área ativa na tela.
Recursos adicionais de aprendizado
Se você não tem muita familiaridade com computação em nuvem, recomendo estudar a trilha Azure Fundamentals:
As porcentagens indicadas em cada tópico da prova são referentes ao peso / volume de questões que você poderá encontrar no exame.
AZ-500 Microsoft Azure Security Technologies
Gerenciar identidade e acesso (25-30%)
Para gerenciar efetivamente identidade e acesso, os alunos devem ser capazes de projetar e implementar soluções de acesso seguras, como multi-factor authentication e políticas de acesso condicional. Eles também devem ter um bom entendimento do Azure Active Directory e ser capazes de gerenciar contas de usuário, grupos e funções.
Tópicos abordados:
Rede segura (20-25%)
Os alunos devem ser capazes de projetar e implementar soluções de rede seguras, como redes virtuais privadas (VPNs), Azure ExpressRoute e Azure Firewall no que se refere à segurança de rede. Eles também devem entender os grupos de segurança de rede (NSGs) e a proteção contra DDoS do Azure.
Tópicos abordados:
Compute, armazenamento e bancos de dados seguros (20-25%)
Os alunos devem estar familiarizados com recursos de segurança do Azure, como Azure Security Center e Azure Key Vault, para garantir a segurança de computação, armazenamento e bancos de dados. Além disso, eles devem ser capazes de projetar e implementar soluções de armazenamento seguras, como criptografia do Azure Storage e Azure Backup. Eles também devem ser capazes de usar recursos de segurança de banco de dados, como auditoria do Azure SQL Database e Criptografia de Dados Transparente (TDE).
Tópicos abordados:
Gerenciar operações de segurança (25-30%)
Por fim, os alunos devem ser capazes de gerenciar operações de segurança de forma eficaz. Isso inclui monitorar logs e alertas de segurança, responder a incidentes de segurança e implementar políticas e procedimentos de segurança. Eles também devem ter um bom entendimento dos requisitos de conformidade, como GDPR e HIPAA.
- Planejar, implementar e gerenciar a governança para segurança
- Gerenciar a postura de segurança usando o Microsoft Defender para Nuvem
- Configurar e gerenciar a proteção contra ameaças usando o Microsoft Defender para Nuvem
- Configurar e gerenciar soluções de automação e monitoramento de segurança
Documentação técnica
Azure Active Directory: Gerencie identidades de usuários e controle o acesso a seus aplicativos, dados e recursos com o Microsoft Azure Active Directory (Azure AD), um componente do Microsoft Entra.
Azure Firewall: Saiba como instalar e configurar o Firewall do Azure, um serviço de segurança de rede baseado em nuvem.
Azure Firewall Manager: Descubra como configurar o Azure Firewall Manager, um serviço de gerenciamento de segurança global.
Azure Application Gateway: Descubra como criar gateways de aplicativos. Esta documentação ajudará você a planejar, implantar e gerenciar o tráfego da Web para seus recursos do Azure.
Azure Front Door e CDN: O Azure Front Door é um ponto de entrada escalonável e seguro para fornecer aplicativos Web globais rapidamente.
Web Application Firewall: O Web Application Firewall (WAF) protege seus aplicativos da Web contra explorações e vulnerabilidades comuns. O WAF pode ser implantado no Azure Application Gateway ou no Azure Front Door Service.
Azure Key Vault: Aprenda a usar o Key Vault para gerar e gerenciar chaves que permitem acessar e criptografar recursos, aplicativos e soluções em nuvem. Tutoriais, referências de API e muito mais estão disponíveis.
Políticas Azure virtual network service endpoint: As políticas de endpoint de serviço de rede virtual (VNet) filtram o tráfego de rede virtual de saída para contas de armazenamento do Azure no ponto de extremidade de serviço e permitem a exfiltração de dados para contas específicas. As conexões de ponto de extremidade de serviço para armazenamento do Azure permitem controle de acesso granular para tráfego de rede virtual.
Manage Azure Private Endpoints – Azure Private Link: A configuração e implantação de endpoints privados do Azure são adaptáveis. Consultas de link privado revelam GroupId e MemberName. Os valores GroupID e MemberName são necessários para configurar um endereço IP estático para um endpoint privado durante a criação. O endereço IP estático e o nome da interface de rede são propriedades de terminal privado. Crie o terminal privado com essas propriedades. Um provedor de serviços e um consumidor devem aprovar uma conexão de serviço de link privado.
Crie um serviço de link privado usando o portal do Azure: Comece desenvolvendo um serviço de Link Privado que se refira ao seu serviço. Permita o acesso do Link Privado ao seu serviço ou recurso protegido pelo Azure Standard Load Balancer. Os usuários do seu serviço têm acesso privado de sua rede virtual.
Azure DDoS Protection Standard: Saiba como a Proteção DDoS do Azure, quando combinada com as práticas recomendadas de design de aplicativos, fornece defesa contra ataques DDoS.
Endpoint Protection em VMs Windows no Azure: Saiba como instalar e configurar o cliente Symantec Endpoint Protection em uma máquina virtual (VM) existente do Windows Server. Este cliente completo inclui proteção contra vírus e spyware, um firewall e prevenção contra invasões. Usando o VM Agent, o cliente é instalado como uma extensão de segurança.
Políticas de uso e segurança – Azure Virtual Machines: É fundamental manter sua máquina virtual (VM) segura para executar aplicativos. Proteger suas VMs pode incluir um ou mais serviços e recursos do Azure que cobrem o acesso seguro à VM e o armazenamento de dados. Este artigo ensinará como proteger sua máquina virtual e seus aplicativos.
Security – Azure App Service: Descubra como o Serviço de Aplicativo do Azure pode ajudá-lo a proteger seu aplicativo Web, back-end de aplicativo móvel, aplicativo de API e aplicativo de funções. Ele também demonstra como proteger ainda mais seu aplicativo usando os recursos integrados do Serviço de Aplicativo. Os componentes da plataforma do Serviço de Aplicativo, como máquinas virtuais do Azure, armazenamento, conexões de rede, estruturas da Web, gerenciamento e recursos de integração, são ativamente protegidos e reforçados.
Azure Policy: Com definições de política que impõem regras e efeitos para seus recursos, o Azure Policy ajuda você a gerenciar e prevenir problemas de TI.
Visão Geral do Microsoft Defender for Servers: O Microsoft Defender for Servers protege seus servidores Windows e Linux em execução no Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP) e on-premises. A detecção e resposta de endpoint (EDR) e outros recursos de proteção contra ameaças são fornecidos pela integração do Defender for Servers com o Microsoft Defender for Endpoint. Descubra como projetar e planejar uma implantação bem-sucedida do Defender for Servers.
Microsoft Defender for Cloud: O Microsoft Defender for Cloud protege cargas de trabalho de nuvem híbrida com gerenciamento de segurança unificado e proteção avançada contra ameaças.
Visão Geral – Microsoft Threat Modeling Tool: O ciclo de vida de desenvolvimento de segurança da Microsoft depende da ferramenta de modelagem de ameaças (SDL). Ele permite que os arquitetos de software identifiquem e mitiguem potenciais problemas de segurança desde o início, quando eles são relativamente simples e baratos de corrigir. Reduz significativamente os custos de desenvolvimento. Projetamos a ferramenta para especialistas que não são de segurança para simplificar a modelagem de ameaças para todos os desenvolvedores, fornecendo orientações claras sobre como criar e analisar modelos de ameaças.
Azure Monitor: Serviços de monitoramento no Azure e no local. Métricas, logs e rastreamentos podem ser agrupados e analisados. Envie alertas e notificações ou use soluções automatizadas.
Microsoft Sentinel: Saiba como começar a usar o Microsoft Sentinel por meio de casos de uso. Com o SIEM reinventado para o mundo moderno, você pode ver e interromper as ameaças antes que elas causem danos. O Microsoft Sentinel oferece uma visão panorâmica da empresa.
Azure Storage: O Armazenamento do Azure fornece armazenamento para objetos, arquivos, discos, filas e tabelas. Há também serviços para soluções de armazenamento híbrido, bem como serviços para transferência, compartilhamento e backup de dados.
Azure Files: Compartilhamentos de arquivos em nuvem de nível empresarial que são simples, seguros e sem servidor.
Azure SQL: Encontre documentação para os produtos do mecanismo de banco de dados SQL do Azure na nuvem, incluindo banco de dados SQL do Azure, instância gerenciada do Azure SQL e SQL Server na VM do Azure.
Espero que este guia tenha sido útil na preparação para o exame de certificação AZ-500 e deseja a você boa sorte em sua jornada de certificação!
by Contributed | Jun 30, 2023 | Technology
This article is contributed. See the original author and article here.
One of the easiest ways to curate metadata is to pull all the information you need into a csv file so you work quickly in a spreadsheet, then make updates in bulk by importing information. You can now do this in Microsoft Purview.
Right now, you can only export one asset type at a time, and this only works for business assets. We plan to offer import and export for data assets in the future.
Exporting assets is easy. Just go to any collection, select business assets, and export:
Select the asset type you want to export. Reminder, we only support one asset type at time:
You’ll get csv of your assets, their guides, and the fields you chose to export. To import, just update the file with the information you want, and import into the right collection.
Thanks for reading!
by Contributed | Jun 29, 2023 | Technology
This article is contributed. See the original author and article here.
Introduction:
Have you ever found yourself in a situation where you needed to stream Microsoft Defender for Cloud data to another system? Microsoft Defender for Cloud provides the option of streaming data like recommendations and security alerts, to a Log Analytics workspace, event hub, or another SIEM solution. This capability is called continuous export.
Imagine if the system you want to stream Microsoft Defender for Cloud data is located behind the firewall. How would you go about doing that? This article teaches you how to accomplish this scenario by configuring export as a trusted service.
To configure Continuous export as a trusted service, you need to perform the following steps in sequence:
- Identify the destination event hub.
- Add the relevant role assignments on the destination event hub.
- Configure continuous export as a trusted service to use the destination event hub.
- Verify data is being exported to the destination event hub.
The first step is identifying the event hub used to stream data from Defender for Cloud, to the system located behind the firewall.
Identify the destination event hub
Event hub provides you with a way to ingest data and integrate with other Azure services, like Defender for Cloud. For the purposes of configuring continuous export to stream data located behind a firewall you can either use an existing event hub or create a new one.
To learn how to create a new event hub you can start at https://learn.microsoft.com/en-us/azure/event-hubs/event-hubs-quickstart-cli.
After you identify the event hub to be used as the destination for your Defender for Cloud data, you need to grant the continuous export service access the necessary permissions.
Add the relevant role assignment on the destination event hub
To add the necessary permissions, perform the following actions:
- Navigate to the Event Hubs dashboard.
- Click the destination Event Hub.
- Select Access Control > Add role assignment > Azure Event Hubs Data Sender.
- Click + Select members > Windows Azure Security Resource Provider (like in figure 1).
- Select > Review + assign.
Figure 1. Adding the relevant role assignment on the destination event hub
After you add the relevant permissions to the event hub, you can proceed to the next step of configuring continuous export.
Configure continuous export as a trusted service to use the destination event hub
To configure continuous export, you need to have write permissions on the event hub policy. Imagine you wanted to stream data related to recommendations and security alerts in near real-time, to a system located behind a firewall. To achieve this scenario, perform the following actions:
- Navigate to the Cloud for Cloud dashboard.
- Select Environment settings.
- Click the desired subscription.
- On the left, select Continuous export.
- Select Event hub.
- Select Security recommendations and Security alerts.
- Under Export frequency select streaming updates.
- Ensure Export as a trusted service is selected (like in figure 2).
- Choose the destination event hub.
Figure 2. Ensure that Export as a trusted service is selected
If you need further guidance on how to configure continuous export as a trusted service you can start here.
After you perform these actions, you can optionally verifying that data is being sent to the destination event hub.
Conclusion:
Configuring continuous export as a trusted service to event hub, allows you to stream Defender for Cloud data to a system located behind a firewall. For the purposes on this article, I focus on teaching you how to configure continuous export with the portal. However, for large organizations it’s recommended to use something like Azure policy to configure this scenario at scale. To configure continuous export as a trusted service to event hub you can use the following Azure policy: Deploy export to Event Hub as a trusted service for Microsoft Defender for Cloud data. The respective policy definition ID is af9f6c70-eb74-4189-8d15-e4f11a7ebfd4.
Reviewers:
Arik Noyman, Principal Group Software Engineering Manager,
Or Serok Jeppa, Senior PM Lead,
Sulaiman Abu Rashed, Software Engineer II
by Contributed | Jun 28, 2023 | Technology
This article is contributed. See the original author and article here.
Before we start, please not that if you want to see a table of contents for all the sections of this blog and their various Purview topics, you can locate the in the following link:
Microsoft Purview- Paint By Numbers Series (Part 0) – Overview – Microsoft Tech Community
Disclaimer
This document is not meant to replace any official documentation, including those found at docs.microsoft.com. Those documents are continually updated and maintained by Microsoft Corporation. If there is a discrepancy between this document and what you find in the Compliance User Interface (UI) or inside of a reference in docs.microsoft.com, you should always defer to that official documentation and contact your Microsoft Account team as needed. Links to the docs.microsoft.com data will be referenced both in the document steps as well as in the appendix.
All of the following steps should be done with test data, and where possible, testing should be performed in a test environment. Testing should never be performed against production data.
Target Audience
The Information Protection section of this blog series is aimed at Security and Compliance officers who need to properly label data, encrypt it where needed.
Document Scope
This document is meant to guide an administrator who is “net new” to Microsoft E5 Compliance through.
We will be covering the recommendation of labels for new files and emails based on the Sensitive Information Type within those files and emails.
It is presumed that you already have a Sensitive Information Type that you want to use in your Information Protection policy. For the purposes of this document, I will be using a previously created Data Classification called “Recommended_Label_Contoso_medicine”. The keyword I am tracking within that data classifier is “Contoso_medicine”. I am doing this to avoid labeling any files by accident by using an out-of-the-box classifier. For information on how you create your own data classifier, refer back to “Part 1 – Sensitivity Information Types” of this blog series.
This document is only meant to be an introduction to the topic of multiple Sensitivity labels. Always refer back to official Microsoft documentation or your Microsoft account team for the latest information.
Out-of-Scope
This document does not cover any other aspect of Microsoft E5 Purview, including:
- Data Classification
- Data Protection Loss (DLP) for Exchange, OneDrive, Devices
- Data Lifecycle Management (retention and disposal)
- Records Management (retention and disposal)
- eDiscovery
- Insider Risk Management (IRM)
- Priva
- Advanced Audit
- Microsoft Cloud App Security (MCAS)
- Information Barriers
- Communications Compliance
- Licensing
It is presumed that you have a pre-existing of understanding of what Microsoft E5 Compliance does and how to navigate the User Interface (UI).
For details on licensing (ie. which components and functions of Purview are in E3 vs E5) you will need to contact your Microsoft Security Specialist, Account Manager, or certified partner.
We will not be covering the auto-labeling of data at rest. That will be covered in another blog post and those auto-labeling policies should not be done until after you have locked down your Sensitivity labeling of all “net new” data.
Overview of Document
- Create a recommended Sensitivity Label
- Create a recommended Sensitivity labeling policy
- Verify that the user is prompted to apply the specific Sensitivity Label to a new file
- Verify that the user is prompted to apply the specific Sensitivity Label to a new email
Use Case
- The prompting of users to apply a Sensitivity Label when sensitive data is detected within a new file or email.
Definitions
- Sensitivity Label – a metadata tag
- Publish Label – making the metadata tag available to your tenant
- Policy – The monitoring and applying of Sensitivity labels through the Microsoft tenant
Notes
- Types of labels:
- Automatic labels are applied to data at rest in Exchange mailboxes, SharePoint/Teams sites and users’ OneDrives.
- Default labels are applied to data upon creation (and based on what is in the file/email).
- Recommended labels do not label data, but appear when a specific piece of Sensitive Information Type (ex. Contoso_Medicine) are added to a file/email. It is up to the user to apply or not apply the recommended label.
Pre-requisites
- You have read Parts 0, 1 and 2 of this blog series
- You have a Sensitive Information Type (SIT) that will be tied to this automatic label.
Part 1 – Create a Recommended Sensitivity label
We will first set up our recommended label.
- Give the label a name and description (and color marker, if you wish). Then click Next.
- For the Scope, select Items and be sure that Files and Emails are selected. Then click Next.
- Under the Items section of the wizard, select Apply or remove encryption and Apply content marking, then click Next.
- We now arrive at Encryption. Click Configure encryption settings.
- Assign Permissions now or let users decide? and chose Let users assign permissions when they apply the label.
- For the purpose of this blog, under In Outlook, enforce one of the following restrictions -> Do Not Forward.
- We want this label to be applied to MS Office related workloads. So, select In Word, Powerpoint, and Excel, prompt users to specify permissions.
- Click for Apply content watermarking, I like to use the header option as it is the easiest because it is at the top of each electronic page. I will be using this watermark – “Contoso Medicine (Blog Recommended Label)”.
- Next, we will Enable auto-labeling for files and emails.
- At the top of this page, for the Content contains, we will select the SIT that we created previously. In my case, I am using the “Recommended_Label_Contoso_medicine”. The keyword I am tracking within that data classifier is “Contoso_medicine”.
- At the bottom of this page, for the When content matches these conditions select Recommend that the users apply the label.
- Note – this is the proverbial switch that needs to be flipped for a label to enable Recommend vs. Automatic vs Default labels.
- We also want to provide an explanation in Word, Excel, etc. for the users. So in the field Display this message to users when the label is applied, type the message you want your user to see when the label is recommended. Then click Next.
- On the protection settings for Groups and Sites, we will not be enabling anything as they are not applicable for this label and policy. Accept the defaults and click Next.
- On the schematized data assets, we will leave this at the default of Off. Click Next.
- Review your label and click Create Label.
- Accept the defaults and then click Done and then Create Policy and then Close.
- You are now ready to publish your policy.
Part 2 – Publish your Recommended Sensitivity label
We will now publish your label to your tenant.
- On the left click on Information protection -> Label policies.
- Click Publish label to start the publication wizard.
- On the first step of the wizard, click Choose sensitivity labels to publish.
- Select your recommended above label and click Add.
- Note – you can publish (or republish) 1, many or all your labels in a Publish label wizard.
- Click Next.
- In the next step of the wizard, you can assign a specific administrative team to manage this policy. We will not be doing that in this blog. Click Next.
- Next, you can decide who will see the published label. I will be using the default of all Users and groups, but I recommend you only use your own test user accounts here to limit the who will be seeing this label.
- Under Policy Settings, you can leave all of these boxes blank. I will leave the first 3 boxes blankc and enter a URL into the last box (Provide users with a link to a customer help page). When you are ready, click Next.
- On Default settings for documents, we will not be selecting any Default labels. Accept the default and click Next.
- On Default settings for emails, leave things as the default of Same as docuemtn. Click Next.
- On Default settings for meetings and calendar events, leave things as the default of None. Click Next.
- On Default settings for Power BI content, leave things as the default of None. Click Next.
- Now give your policy a name and description and click Next.
- Tk Review your settings. When you are satisfied, click Submit and Done.
- You are not ready to start the testing phase of this blog.
Note – it can take 24-48 hours for labels and policies to replicated within a tenant.
Part 3 – Test Recommended label on new file
Before we start our file and email tests, remember that labels and policies can take a while to replicate throughout your tenant. One hour is usually a good amount of time to wait, but it might be quicker or slow to populate based on several variables in your tenant we will not cover at this time.
- Open Word, Excel or PowerPoint
- Create a New File.
- Type in the Sensitive Information Type that you have associated with your recommended Sensitivity label. I am using the compound word “contoso_medicine”.
- When you do, you will see a Policy Tip bar appear at the top of your document. Here is an example.
- Here is a magnification of the left side above.
- Here is a magnification of the left side above.
- This is the end of the file testing.
Part 4 – Test Recommended label on new email
We will now test this recommended label against a newly created email.
- Open Outlook.
- Create a New Email.
- Type in the Sensitive Information Type that you have associated with your recommended Sensitivity label. I am using the compound word “contoso_medicine”.
- When you do, you will see a Policy Tip bar appear at the top of your document. Here is an example.
- Here is a magnification of the left side above.
- Here is a magnification of the left side above.
- This is the end of the email testing.
You have now reached the end of this blog entry.
Appendix and Links
Note: This solution is a sample and may be used with Microsoft Compliance tools for dissemination of reference information only. This solution is not intended or made available for use as a replacement for professional and individualized technical advice from Microsoft or a Microsoft certified partner when it comes to the implementation of a compliance and/or advanced eDiscovery solution and no license or right is granted by Microsoft to use this solution for such purposes. This solution is not designed or intended to be a substitute for professional technical advice from Microsoft or a Microsoft certified partner when it comes to the design or implementation of a compliance and/or advanced eDiscovery solution and should not be used as such. Customer bears the sole risk and responsibility for any use. Microsoft does not warrant that the solution or any materials provided in connection therewith will be sufficient for any business purposes or meet the business requirements of any person or organization.
Recent Comments