3.2 Ensure SharePoint Online Information Protection policies are set up and used

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

SharePoint Online Data Classification Policies enables organizations to classify and label content in SharePoint Online based on its sensitivity and business impact. This setting helps organizations to manage and protect sensitive data by automatically applying labels to content, which can then be used to apply policy-based protection and governance controls.

Rationale:

By categorizing and applying policy-based protection, SharePoint Online Data Classification Policies can help reduce the risk of data loss or exposure, and enable more effective incident response if a breach does occur.

Impact:

The creation of data classification policies is unlikely to cause a significant impact on an organization. However, maintaining long-term adherence to policies may require ongoing training and compliance efforts across the organization. Therefore, organizations should include training and compliance planning as part of the data classification policy creation process.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

To set up SharePoint Online Information Protection:

Navigate to Microsoft Purview compliance portal https://compliance.microsoft.com.

Under Solutions select Information protection.

Click on the Label policies tab.

Click Create a label to create a label.

Select the label and click on the Publish label.

Fill out the forms to create the policy.

See Also

https://workbench.cisecurity.org/benchmarks/10751