Trainable Classifiers

1. Understanding Trainable Classifiers

Now, what are trainable classifiers? This is a feature that is available to us in Microsoft 365 that allows us to gather a bunch of documents together that are used in the same category. For example, legal documents. Maybe you've got a bunch of legal documents in your environment and you would like to have these certain types of legal documents classified. Or maybe you are in a more sensitive environment; maybe you're military or something like the government, and you've got some sensitive documents that a lot of these sensitive documents may have the same types of information in them. And you would like to have the trainable classifiers recognise that content and then automatically classify that content for security reasons, compliance reasons, all that. So that is exactly what Trainable Classifiers are going to let you do. You're going to be able to gather a bunch of documents, you're going to actually need about 50 samples of these types of documents, and you're going to have the trainable classifier AI actually analyse that information. It could take about 24 hours, believe it or not, for this to run through, depending on how big the documents are. Okay, once that information has been gathered up,you can build your classifier policy so that it's able to utilise that in things like retention labels, sensitivity labels, and communication compliance policies. All right, now let's consider a few things with this feature. First off, the licencing requirements: you have to have at least a Microsoft 365 E Five or Office 365 E Fivecompliance feature in order to have this capability. So you've got to make sure that your license, of course, is going to support it. Secondly, the permissions the global admin needs to basically opt in for the tenant to be able to create custom classifiers. And all that's going to involve is just a little message that's going to pop up when you first go into it. You've just got to agree to it. Another option, another thing you can do if you're not a global admin, is to assign a complianceadministrator role and the compliance administrator role will have this capability to handle these as well. All right, something else. If you're going to be using this for different scenarios, there are the three main scenarios: retention labels, sensitivity labels, and communication compliance policies. You need to consider what roles can be assigned to do this. If you want to use the retention label policy method, you must have record management and retention management roles. With the sensitivity label policy, you can use a security administrator, a compliance administrator, a compliance stateadministrator role, and then a communication compliance policy scenario, which essentially is the insider risk management administrator and supervisory risk administrator. To have full functionality on those three things, you must ensure that whatever user is dealing with that specific scenario has that role. Of course, if you're a global admin, then you're fine. And then one last thing of note here. By default, only the user who creates a custom classifier can train and review predictions made by that classifier. So if you're the global admin or whatever, and you go in and you set 50 documents to be analysed for a custom classifier, you've got to be the one that goes through and reviews the results of all that. Unfortunately, you can't pass this on to somebody else. At least as of right now, you can't. All right, so here's a quick timeline. And the big thing to understand is that this takes time. This is not something you're going to do within a few minutes. And it also involves you having to gather a lot of documents to try this out. So here's an example though. You have twelve days to start. The first day, it says basically the first time you're opting in to use Trainable Classifiers, right. Once you've basically opted in, you get the license, you've opted in. You can now start collecting documents. You'll need to collect at least 50 documents, okay. And then as far as the indexing of those documents, it's usually going to take about a day. Once that collection of the Trainable Classifier indexes, once the AI, the artificial intelligence is done, you can then go through a testing process and basically recommend about ten days of testing. That's where you're going to take about 200 documents. Yeah, that's right. You're going to need 50 documents to cede all of this. And then they recommend having about 200 other documents that are similar to what you're looking for. And then you're going to test it all to see what the seed information isable to find in these new documents. all right? Once everything's good and you're happy with it,it will let you fine tune it. But if you're happy with it, you can publish it, and then you can make it available things like retention policies, as they're showing you here. So this could take a month or over a month in order to get this to where it needs to be. And that's because of using machine learning. It's going to take time for that machine learning to go through to be able to do all that. So a couple of other facts. With seeding content, you're going to select the content. So a human being is going to do that. You're going to grab the content you want this thing to seed, to actually analyse and gather information on. You need at least 50 positive samples and up to 500. Okay? It'll let you do up to 500, and you can grab that information. Keep in mind, the more of that information you've got, the more files you've got that you're actually analyzing, the longer this is going to take. Okay? So that is what the idea of Trainable Classifiers are.It is kind of a long-drawn process to set this up and configure it. It's for somebody that you're going to need to have a little bit of patience, and you're also going to have access to a bunch of documents if you want to actually try this out and test it out.

2. Getting Started with Trainable Classifiers

So to get started with trainable classifiers, what you're going to do is start here on portal dot Microsoft.com. You're going to click the "show all lips" symbol here. You're then going to click on Compliance. That's going to bring you into the compliance center. And then you're going to click on Data Classification. From there, you're going to click on Trainable Classifiers. Now here is the fun part. As soon as you get into Trainable Classifiers for the very first time, you're going to get a little pop-up message. The pop-up message is going to basically say this right here. Get started with trainable classifiers. To create your own trainable classifier, we first need to scan your content locations to generate analytics. And this is going to basically help the machine learning algorithm, right? Now here's the kicker. It will take seven to 14 days for the scanning to be completed. So if you don't want this to start,they're basically telling you that you can cancel. You can play around with some of their looks in some of the built-in ones. But basically, what you're going to then do is just click to start the scanning process, which is going to take seven to 14 days. And you'll see we've got some stuff that's greyed out. So we can't take advantage of really utilising everything until that's completed. So once that gets going, you're going to get this little message here. It's going to tell you to setup your for creating Trainable Classifiers.We're currently scanning, which takes seven to 14 days. Okay, So meanwhile, you also have some TrainableClassifiers you can take a look at. There really isn't a whole lot of information on these yet because it's got to actually analyse your environment and all that. But you have discrimination, offensive language, profanity, resume source code,targeted harassment, threats, all that. Those are all built in. You'll see, they're for different languages that I have available here. I can click on these. If I click on this profanity one and pull that up on the screen again, there's really a whole lot to look at. You've got to wait for everything to scan through and look at everything. And then you'll be able to click on matched items and all that fun stuff. So I have no data right now because we're still going through the seven to 14 day scan. All right, but this is the starting point, and the thing to remember about trainable classifiers is that it's going to take seven to 14 days to do the scan. You need to have 50 C documents that are samples of the kinds of things you're looking for. And then you have to have another 200 documents that are similar to the things you're looking for so you can compare and do a scan to make sure it's actually able to find the things you're looking for. So, for example, if I was working for a law firm, And I had certain legal documents. I would need 50 samples of these legal documents that I'm wanting to build a classifier for, and then I would need another 200 documents to test it against. So, unfortunately, with training classifiers, this is not something that you can just jump right into and try out. You've got to actually take some time and have some documents and put these documents together in order to really build up a bunch of good information.

Implementing and Managing Sensitivity Labels

1. Understanding Sensitivity Labels

What are sensitivity labels? So sensitivity labels are going to be used to help my organization, business organizations,whatever, be able to determine and identify what is considered sensitive information. And of course, we have what are known as sensitive infotypes and sensitive infotainment to allow us to recognise a sense of information. But then we need to create what's known as a sensitivity label so that we can apply rules and conditions and determine if we should have something labelled and classified so that we can apply other rules to that, such as data loss prevention rules. which is going to do things like prevent somebody from sharing data that shouldn't be shared if it's got a certain sensitivity label applied to it. These sensitivity labels can be manually applied by your users, and you can also have rules that automate this process as well, but users can manually apply these documents, emails, and all that good stuff as well. Now, how labels actually get applied, how labels apply with sensitivity, that's going to involve the documents themselves or emails. Those are your two big things you want to be thinking about in regards to all the different ways that we work with documents, whether it's SharePoint teams, we've got OneDrive,we've got Exchange online or email services. Not only that, but we also have applications that we've installed on our local computer. So one thing I want to clarify right out of the gates: Let's go ahead and get this out in the open. A lot of people think that these labels are only going to work if the documentor whatever is out in the cloud. Technically, these labels can be downloaded to local machines that are associated with our Microsoft 365 cloud services. And if you have the proper licensing, it will apply to their local installed office products as well. So Word, Excel, all of that, Outlook, all of that is going to have this stuff applied, these rules applied even locally on people's machines. So it's not just the online versions of these apps, but it's also the downloaded or installed versions of these locally on your computer as well. Mobile platforms and versions are also available. So these sensitivity labels can be applied, classified information can have these labels applied to it, and the labels can be visually watermarked, such as with a header or footer, or you can have a diagonal watermark that runs along the screen, as I'll show you in a moment. Here's the basic flow of using labels. So an administrator is going to create the sensitivity labels that they want, basically setting up how they want things to be labeled. They're going to publish these sensitivity labels in what's called a label policy. The policy can be applied to specific users or groups. Okay, so a pretty simple idea. You create the label, you set up the policy that's going to apply to users and groups. Now the end users themselves are going to beable to utilise these via email products, Outlook, whatever,whether it's Outlook on the web or if it's the download or installed version of Outlook, mobile version of Outlook, and then you also have documents with this as well, where your documents themselves, Word, Excel, all that fun stuff, can have labels associated as well. all right? And so the end user can interact with all of this and have documents classified with the labels that they want. So if I had a label that was called topSecret or something, or business confidential or something along those lines, I could have that available to the user so they could apply it to the actual product itself, or the actual document through the product itself. Okay? So the office or third party app services can have enforced protection settings that get put on it. This can all tie into data loss prevention policies and we can have automated things happen where labels get automatically applied and rules get applied that force things to be encrypted or stop a user from sharing data and basically give us a greater measure of control over our data. Now here are the licencing requirements. Basically, the key word here is the key number, which I should say is the number five. Any of the E fiveA, or even F five with F five compliance, will provide you with what you require as a user. So your users will have to have one of these licences in order to really interact and associate classification, sensitivity labels and all that in a product. They must have one of these licences that you see here in these four bullet points. all right? So keep that in mind. You would need to make sure that you've got licences for one of these associated with your users before they can really take advantage of sensitivity labels. signing sensitivity labels. So sensitivity labels are customizable; you can create and name them whatever you want, and there are various settings and options available. There are some examples of that would be things like personal, public, general, confidential,highly confidential, and you can come up with some others based on your business. These are clear text labels, so they get applied in cleartext and they're part of the metadata of the file. So they get associated with the metadata file, which is really cool because it also means that third party products that can understand the metadata, sensitivity label tags, and all that, they can recognise it as well. So it's not just Office that supports it, other products can support it as well. And then these also have a persistency to them. So the labels are stored as part of the metadata; they're not part of the actual payload of the data itself. Like the document itself, it's associated metadata is connected to that. So you can basically have this associated metadata and you can have policies that apply to it based on that metadata. If you look at the little image I've got for you here, you'll see that the user is looking at Outlook, and you'll see that the message is flagged as public. So this is public information as it has a sensitivity label associated with it saying that it's see that the meAnd finally, what sensitivity labels can do. Well, again, you can apply rules to sensitivity labels. These rules are going to make it so I can have things like encryption rules, where a document is forced to be forcibly encrypted, and this will tie in with data loss prevention and all that. To do that, there's a feature called Rights Management that we have supported that does the encryption for us. And the great thing about it is it encrypts your data in all three states. So it encrypts the data once at rest, in use, and in transit. Which means that even if somebody copies it somewhere, or maybe they accidentally send it to somebody that they weren't supposed to send it to, the documents are going to be encrypted. So even if you somehow managed to get it on a flash drive or it got emailed to somebody or copied somewhere, it's going to be encrypted in all the different states that it's being used in. The other thing is that you can trademark it. You can do marketing. And that's what you're seeing in the little image here. You'll see that it has a mark on it. You've got watermarked headers and footers, and then you can have that little background watermark that you see there. It says "highly confidential." That can show up on all the pages of the document. So that's another nice little feature about it. The other thing that I haven't shown here is that you can have these things called policy tips whereby your system automates the process of locating that maybe there needs to be a label on that document. You can have a little message that pops up on the screen that tells a user that they should probably set a sensitivity label for this document. And that's one of the neat things about sensitivitylabels is the automation side of all this. Some of it can be automated where when sensitive information gets discovered, you get a policy tip that basically says, hey, this document needs to be labelled as sensitive. And of course, if you mix this with data loss prevention, you can force that sort of thing to happen so that a user, whether they do it or not,it's going to be enforced. So all in all, sensitivity labels are a really powerful feature that we can utilise in our environment to basically set these labels up so that they can be applied by our users or even automated. And with that, we can set restrictions based on those labels.

2. Identifying Roles and Permissions for Administering Sensitivity Labels

If you're going to get into sensitivity labels and compliance, one of the things that you want to consider is the actual roles or role permissions that are involved in giving out access. And so I want to take a look at that with you right now. So here we are on portal dot Microsoft.com. We're going to go ahead and click the show alllip symbol, we're going to click this little rolesdrop down blade, and we're going to click Role Assignments. Okay? So once we get there, I want to show you that there are three main roles here that are going to really play a part in our sensitive lives. Now obviously, well, there's really four, the global admins. But obviously, global admins can do anything. But ultimately, these three other roles are sort of geared towards the rights that are going to let you get into sensitivity labels. So the first one that I want to look at with you is called a compliance administrator. all right? So if we click on a compliance administrator, we can see what rights the compliance administrator has told you. It's going to help your organisation stay compliant. Regulatory requirements, managing discovery, and maintaining data governance policies across onlinelocations, identities, and apps. If you click the permissions tab here, you can see the permissions that they've got. all right? And the main one here we look at is this: manage all aspects of Microsoft compliance manager, which, of course, is going to involve sensitivity labels. So ultimately, that's really the permission that's doing it. Okay? Now we've also got the compliance data admin,so let's take a look at that one. All right, of course, general permissions, keeptrack and protect the organization, and then get insights into issues to help mitigate risk. And here's the permission. So create and delete resources with the cloud app security manager to manage all aspects of Azure information protection. Of course, Azure information protection also involves sensitive labels within the Azure environment, but manageall aspects of the compliance manager. So that's going to be your big one right there. And then, of course, there is another one I want to look at with you. So we have the compliance admin, the compliance data admin, and then we have the security administrator. So let's go and find the security admin. Alright, we're going to click on that one. and of course, the security admin role. This is for users who need the followingcontrol: your organization's overall security. Security must be created and managed. Policies, review security policies, reports monitor the threat landscape and then the permissions Read all the configurehelp support Tickets manage payloads Create and manage simulations as well as the security center. Read the entire service. health care service request management create conditional policies Access crossTenants, so keep scrolling here. Delete a bunch of delete policies modified updating policies so they get read permission. OK, there's a lot of a lot of stuff here. We keep on scrolling. A lot of things that they get access to. Of course, if you're like most people, And one of the points I'm trying to make here is that when you first arrive, you're a little confused about what all the rights are and what the differences between these different roles are. So Microsoft gives us a really helpful way of doing that, of checking that. So let's go here. We've selected the security admin. Let's go ahead and select the other two as well. So we'll look at the compliance state admin and the compliance admin. So we now have three of these roles selected. And if we look up here, you've got a little button that says "compare roles." We're going to go ahead and click on that, and it builds a nice little table for us that shows what the differences are in these roles. So if you take a look closely, you'll see that the compliance admin gets all these things. The compliance administrator receives all of these items, and the security administrator receives all of these items. One thing to keep in mind is that this does not include the ability to manage all aspects of Microsoft Compliance Manager. So the security admin is not going to get full-blown access to the steady video labels. They will have read access to thestuff but not full blown access. Okay? So just take note of that. You can kind of see the differences between compliance admin and compliance data admin. You'll see there are a couple of extra options down here. So I encourage you to open that on your own too and just kind of analyse what these permissions are that they're getting. Of course, you can also do things. You can actually create your own custom role group if you want. You can pick and choose some of the rights. For example, if I wanted to create a readonlyadmin or something, someone who can only read the information rather than having full access to labels, I could do so without granting security admin rights. The way I could do that is if we come down here and go to the compliance blade, all right, we're going to load that up and then from there we're going to click on permissions and we have our compliance centre roles here. Select roles. All right, so here are our different roles. Again, we can click if we want to create. Okay, just give it a name. I'll just call it, I don't know, label Reader. Just give it a simple name. Click next and then I'm going to say, "Okay, which roles do I want to choose?" I'm going to click "Add." You have 77 roles to choose from. These are going to give permission. I'm just going to do a search for the word "label." And I've got a couple here. So I've got a sensitivity label administrator or Sensitivity Label Reader.So I could give you admin rights over this. But in my case, I want to label readers. I'm going to go with this one. This is going to give the permission just to be an label reader, so they can go in and they can read all this stuff, but they can't modify all this stuff. So then we'll click done, click next, choose our members,whoever we want to be a part of this. All right, so whichever users, okay, I'll just pick a user like Alex Jones here. Click Done. I'm going to click next. And by the way, you can select more than one of everything, but I'm going to go with creating a role group. And then we have officially now created that role group, and I could assign users to that role group if I wanted to. All right, and that's how you would build an acustom role group that's going to basically be applied so that you could apply for sensitivity labels. All in all, though, it is pretty straightforward as far as managing the labels goes. I would just encourage you to kind of focus on those three that we looked at just a minute ago and pull those up on the table and kind of compare them and understand a little bit about that. If you're taking the exam, that's going to be something that you're going to want to watch out for.

ExamSnap's Microsoft SC-400 Practice Test Questions and Exam Dumps, study guide, and video training course are complicated in premium bundle. The Exam Updated are monitored by Industry Leading IT Trainers with over 15 years of experience, Microsoft SC-400 Exam Dumps and Practice Test Questions cover all the Exam Objectives to make sure you pass your exam easily.