Security Incident Response

In case of emergency, let our security experts stop the cyberattack and minimize the impact of intruders.

Onevinn CSIRT can help you recover data from encrypted files, get the rebuilding process up to speed, and provide strategic advice moving forward. Fill out the form below and we will contact you!

Classify SharePoint sites, Teams and Groups

The demands to have a mobile way to work grows all the time. In the time of writing this article the biggest motivation is the current spread of the Covid 19 virus. More companies start using Teams, SharePoint Online and Office 365 groups as tools to access information, coworking and sharing information in or outside the organization. Information Classification and Protection is as always a mayor player when it comes to the mobile work to prevent information leakage.

The possibility to classify information grows. One of the latest update to the MIP story is the possibility to classify Teams, SharePoint sites and Office 365 groups. All these services got different settings that control if the service:

– Is Private/Public (Allows external invites)

– Only allow the owner to add members

– Allow full, limited or block access for unmanaged devices

Based on the above control settings the business (information owner) can decide what settings that meets their information classification.
A classified Team or SharePoint site will show the end users what kind of classification / sensitivity the specific site have, as well as enforcing the defined access control setting.

Classify site and teams

image

Let’s have a look how to get started and how this will affect the end user in the following video:

 

The attentive reader may have seen in the above picture that the word document is classified with a different classification/label than the SharePoint site. A classified Teams, SharePoint site will not affect document that are stored or created from this site. The purpose of the classification is to show the sensitivity for the end user of the site itself, as well as preventing information leakage by restricting permissions to different actions.

To be able to restrict different action for an unmanaged/unsanctioned device a Conditional Access policy need to be defined for the affected users, to the cloud app Office 365, with app enforced restriction for the session

image image

If there is a need to enforce a specific classification for the documents as well this can be done today by using Microsoft Cloud App Security or Auto-Labeling, but that is another (coming) article