MENU
REQUEST URGENT HELP

Security Incident Response

If you think you have or know you have a Security Incident please fill in the form and our experienced Onevinn CSIRT team will reach out shortly.
 
The team has long experience in supporting customers in Incident Response and Compromised Recovery.
 
Keep calm and we will be with you shortly!

Classify SharePoint sites, Teams and Groups

The demands to have a mobile way to work grows all the time. In the time of writing this article the biggest motivation is the current spread of the Covid 19 virus. More companies start using Teams, SharePoint Online and Office 365 groups as tools to access information, coworking and sharing information in or outside the organization. Information Classification and Protection is as always a mayor player when it comes to the mobile work to prevent information leakage.

The possibility to classify information grows. One of the latest update to the MIP story is the possibility to classify Teams, SharePoint sites and Office 365 groups. All these services got different settings that control if the service:

– Is Private/Public (Allows external invites)

– Only allow the owner to add members

– Allow full, limited or block access for unmanaged devices

Based on the above control settings the business (information owner) can decide what settings that meets their information classification.
A classified Team or SharePoint site will show the end users what kind of classification / sensitivity the specific site have, as well as enforcing the defined access control setting.

Classify site and teams

image

Let’s have a look how to get started and how this will affect the end user in the following video:

 

The attentive reader may have seen in the above picture that the word document is classified with a different classification/label than the SharePoint site. A classified Teams, SharePoint site will not affect document that are stored or created from this site. The purpose of the classification is to show the sensitivity for the end user of the site itself, as well as preventing information leakage by restricting permissions to different actions.

To be able to restrict different action for an unmanaged/unsanctioned device a Conditional Access policy need to be defined for the affected users, to the cloud app Office 365, with app enforced restriction for the session

image image

If there is a need to enforce a specific classification for the documents as well this can be done today by using Microsoft Cloud App Security or Auto-Labeling, but that is another (coming) article
blog author image
Anders Olsson anders.olsson@onevinn.se

Latest Blogposts

Karin Bui 16 Apr 2024

Welcome to us Patrik Jonsson

1 min
Olov Norman 12 Feb 2024

Welcome to us Kim Nordqvist

2 min
Rikard Rönnkvist 22 Dec 2023

Merry Christmas to all hackers

4 min
/feature
Onevinn

Göteborg

Kvarnbergsgatan 2
411 05 Göteborg

Lund

Scheelevägen 17
223 70 Lund

Karlstad

Lagergrensgata 2
652 26 Karlstad

Örnsköldsvik

Magasinallen 2
890 30 Örnsköldsvik
Onevinn Map
MISA_RGB_MemberBadge_Main_Landscape_FullColor_Dark
Microsoft Solutions Partner
Yubico Preferd Partner
Microsoft Advanced Specializations
Security
Lookout Mobile EDR Defense Partner
Threat Protection
Modern Work
EBF Onboarder
Identity and Access Management
Infrastructure
Entrust Hardware Security Modules
Information Protection & Governance
Cloud Security