Microsoft 365 | Planning and configuring Rights Management and compliance




View Post: 164 người truy cập bài viết
Tags :

Lab: Configuring Rights Management and compliance

Exercise 1: Configuring Rights Management in Office 365

Task 1: Activate Rights Management in Office 365

  1. On LON-CL1, open Microsoft Edge, and then connect to https://portal.office.com.
  2. Sign in to the Microsoft Office 365 portal as [email protected]yyxxxxx.onmicrosoft.com, where yyxxxxx is your unique Adatum number with the password you created in Module 1.
  3. In the app launcher, select the Admin icon.
  4. In the Microsoft 365 admin center, select Settings and then select Services & add-ins.
  5. Select Microsoft Azure Information Protection.
  6. On the Microsoft Azure Information Protection page, select Manage Microsoft Azure Information Protection settings.
  7. On the rights management page, verify that rights management is activated.

NOTE: If rights management is not activated:

  1. Select activate.
  2. When prompted with Do you want to activate Rights Management?, select activate.

Task 2: Verify Rights Management settings for Exchange Online

  1. On LON-CL1, in the search box on the taskbar, type PowerShell.
  2. In the search results, right-click Windows PowerShell, and then select Run as administrator.
  3. When the User Account Control dialog box appears, provide the following credentials and select Yes:
  • User name: Administrator
  • Password: Pa55w.rd
  1. Type the following commands, and then press Enter after each command to connect to remote Exchange Online with remote PowerShell. Use Beth’s credentials to connect.

$Cred = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $Cred -Authentication Basic -AllowRedirection

Import-PSSession $Session -DisableNameChecking

  1. Type the following command, and then press Enter to view the IRM configuration.

Get-IRMConfiguration

  1. In the result, verify that values for the first nine variables are set to True (except for TransportDecryptionSetting which can have value Optional).
  2. Type the following command, replacing yyxxxxx with your unique Adatum number, and then press Enter to test the configuration.

Test-IRMConfiguration -Sender [email protected]

  1. Verify that you receive OVERALL RESULT: PASS message at the end of the test results.
  2. Type the following command, press Enter, and then close Windows PowerShell.

Remove-PSSession $Session

Task 3: Configure Rights Management for SharePoint Online

  1. In Edge, open the Microsoft 365 admin center.

NOTE: If the Microsoft Azure Information Protection page is open, select Close.

  1. Under Admin centers, select SharePoint then Classic SharePoint admin center.
  2. Select settings.
  3. Next to Information Rights Management (IRM), select Use the IRM service specified in your configuration.
  4. Select Refresh IRM Settings, then select OK.

Task 4: Validate the Azure Rights Management functionality

  1. On LON-CL1, open Word.
  2. In the Word window, at the top right corner, select Switch account.
  3. In the Accounts dialog box, select Add Account.
  4. Verify you are signed in as [email protected]yyxxxxx.onmicrosoft.com, where yyxxxxx is your unique Adatum number with the password you created in Module 1.
  5. Close Word.
  6. Open Outlook.
  7. Create a new email with Christie Thomas as the recipient.
  8. Type a subject, and then type some text in the message body.
  9. On the Options tab, select the down arrow below Permission, and then select Connect to the Rights Management Server and get templates. If Windows Security window appears, select OK and sign in with Beth’s credentials.
  10. Select the down arrow below Permission again, and then select Do Not Forward.
  11. Send the message.
  12. In Microsoft Edge, connect to https://adatum*yyxxxxx*.sharepoint.com/sites/marketing, where yyxxxxx is your unique Adatum number.
  13. Select Documents, select the settings icon (the gear at the upper-right corner of the window), and then select Library settings.
  14. On the Settings page, under Permissions and Management, select Information Rights Management.
  15. On the Information Rights Management Settings page, select the Restrict permissions on this library on download checkbox.
  16. In the Create a permission policy title box, type Marketing Policy.
  17. In the Add a permission policy description box, type Marketing policy for downloads.
  18. Select SHOW OPTIONS.
  19. Under Configure document access rights, select the Allow viewers to write on a copy of the downloaded document checkbox.
  20. Select OK.
  21. Close Microsoft Edge.
  22. Open Microsoft Edge, and then connect to https://portal.office.com. Sign in as [email protected]yyxxxxx.hostdomain.com, where yyxxxxx is your unique Adatum number, with the password you created on Module 1.
  23. In the Office 365 portal, in the App launcher, select Outlook.
  24. On the Outlook page, if prompted, select your time zone and select Save.
  25. Verify that you received an email from Beth that is IRM protected. Select the message.

You may need to wait for Outlook Web Access to update with the IRM template.
You can also use LON-CL3 to check mail using Outlook.

  1. Select More actions (…) beside Reply all, and then verify that you do not have the option to forward or print the message.
  2. In Microsoft Edge, connect to https://adatum*yyxxxxx*.sharepoint.com/sites/marketing, where yyxxxxx is your unique Adatum number.
  3. Select Documents, and then select Document.docx.
  4. After the document opens, try to edit it in Word Online. Verify that you get a message that the document is read-only.
  5. Close Microsoft Edge.

Result: After completing this exercise, you will have configured Rights Management for Exchange Online and SharePoint Online.

Exercise 2: Configuring compliance features

Task 1: Configure Security & Compliance Center permissions and audit logging

  1. On LON-CL1, open Microsoft Edge, and then connect to https://portal.office.com.
  2. Sign in to the Office 365 portal as [email protected]yyxxxxx.onmicrosoft.com, where yyxxxxx is your unique Adatum number with the password you created in Module 1.
  3. Select Admin.
  4. Expand Admin centers and then select Security & Compliance.
  5. In the Security & Compliance Center, select Permissions.
  6. Select Compliance Administrator.
  7. On the Compliance Administrator page, next to Members, select Edit.
  8. Select Choose members, select Add, select both instances of Beth Burke, select Add, and then select Done.
  9. Select Save, and then select Close.
  10. Next to To assign permissions for archiving, auditing and retention policies select go to the Exchange admin center.
  11. Select Compliance Management, and then select Edit.
  12. On the Compliance Management page, under Members, select Add.
  13. In the Select Members window, select both instances of Beth Burke, select add, and then select OK.
  14. Select Save.
  15. Select Recipient Management, and then select Edit.
  16. On the Recipient Management page, under Members, select Add.
  17. In the Select Members window, select both instances of Beth Burke, select add, and then select OK.
  18. Select Save.
  19. Close the Role Groups window.
  20. On the Security & Compliance page, select Permissions.
  21. On the Permissions page, select eDiscovery Manager.
  22. Next to eDiscovery Manager, select Edit, select Choose eDiscovery Manager, select Add, select Christie Thomas, select Add, and then select Done.
  23. Select Save, then select Close.
  24. On the Office 365 Security & Compliance page, select Home and then under Search & investigation, and select Search for admin and user activity.
  25. On the Audit log search page, select Turn on auditing.
  26. In the Activities drop-down, select User administration activities, and then select Search.

NOTE: In production you would enter a search string, such as a user name, to find specific activities.

  1. Close Microsoft Edge.

Task 2: Configure archive mailboxes

  1. On LON-CL1, open Microsoft Edge, and then connect to https://protection.office.com.
  2. Sign in to the Security & Compliance Center as [email protected]yyxxxxx.onmicrosoft.com, where yyxxxxx is your unique Adatum number, with the password you created in Module 1.

NOTE: Beth is a member of the Compliance Administrator role, so she can connect to the protection website.

If you are signed in to Office 365 already, you may not need to sign in again.

  1. Select Data governance, and then select Archive.
  2. In the Archive window, select Christie Thomas, and then Ctrl + select Catherine Richard.
  3. Under Bulk Edit, select Enable. In the warning message, select Yes, and then select Close.
  4. Select Refresh, and then verify that Christie and Catherine have been enabled for an archive mailbox.
  5. Close Microsoft Edge.

Task 3: Configure retention tags and policies

  1. On LON-CL1, open Microsoft Edge, and then connect to https://portal.office.com.
  2. Sign in to the Office 365 portal as [email protected]yyxxxxx.onmicrosoft.com, where yyxxxxx is your unique Adatum number, with the password you created in Module 1.
  3. Select Admin.
  4. Expand Admin centers, and select Exchange.
  5. Select compliance management, then select retention tags.
  6. Select New tag, and then select applied automatically to entire mailbox (default).
  7. Type Research User 1 year move to archive as the name..
  8. Select Move to Archive as the Retention action.
  9. Type 365 as the Retention period.
  10. Select Save.
  11. On the toolbar, select New tag, and then select applied automatically to entire mailbox (default).
  12. Type Default 2 years move to Deleted Items as the name.
  13. Select Delete and Allow Recovery as the Retention action.
  14. Type 730 as the Retention period.
  15. Select Save.
  16. On the toolbar, select New tag, and then select applied automatically to a default folder.
  17. Type Purge Deleted Items 30 days as the name.
  18. Under Apply this tag to the following default folder, select Deleted Items.
  19. Select Permanently Delete as the Retention action.
  20. Type 30 as the Retention period.
  21. Select Save.
  22. On the toolbar, select New tag, and then select applied by users to items and folders (personal).
  23. Type 2 Year Delete as the name.
  24. Select Delete and Allow Recovery as the Retention action.
  25. Type 730 as the Retention period.
  26. Select Save.
  27. On the toolbar, select New tag, and then select applied by users to items and folders (personal).
  28. Type Never archive as the name.
  29. Select Move to Archive as the Retention action.
  30. Select Never as the Retention period.
  31. Select Save.
  32. Select retention policies.
  33. On the toolbar, select New.
  34. On the new retention policy page, type Research MRM Policy as the name.
  35. Select Add below Retention tags.
  36. In the select retention tags window, Ctrl+select the following retention tags:
  • Research user 1 year move to archive
  • Never delete
  • 2 year delete
  1. Select add, and then select OK. Select Save.
  2. In the left-hand menu, select recipients.
  3. On the mailboxes page, select Christie Thomas, and then select Edit.
  4. Select mailbox features and under Retention policy select Research MRM Policy, and then select Save.
  5. Close Microsoft Edge.

Task 4: Configure content deletion and preservation policies

  1. On LON-CL1, open Microsoft Edge, and then connect to https://protection.office.com.
  2. Sign in to the Security & Compliance Center as [email protected]yyxxxxx.onmicrosoft.com, where yyxxxxx is your unique Adatum number, with the password you created in Module 1.
  3. Expand Data governance, and then select Retention.
  4. Select Create.
  5. On the Name your policy page, enter Marketing Document Policy in the Name textbox and select Next.
  6. On the Settings page, under Do you want to retain content? select No, just delete content that’s older than, type 7 and verify that years is selected.
  7. Next to Delete the content based on, verify that when it was created is selected, and select Next.
  8. On the Choose locations page select Let me choose specific locations.
  9. Turn off the option for Exchange email.
  10. Next to the SharePoint sites option select Choose sites.
  11. On the Edit locations page select Choose sites.
  12. In the search box, enter https://adatum*yyxxxxx*.sharepoint.com/sites/marketing, replacing yyxxxxx with your unique Adatum number, and select the Search icon.
  13. Select the Marketing site and select Choose and then select Done. Select Next.
  14. On the Review your settings page, verify all settings and note any warnings, and then select Create this policy.
  15. Verify that the Status is On (Pending), and then select Close.
  16. Select Create.
  17. On the Name your policy page, enter Retain contract details in the Name textbox and select Next.
  18. On the Settings page, under Do you want to retain content? select Yes, I want to retain it, type 7 and verify that years and when it was created are selected.
  19. Select Use advanced retention settings.
  20. Verify that Detect content that contains specific words or phrases is selected, and select Next.
  21. In the Keywords query editor box, type Contract and select Next.
  22. On the Choose locations page, select Let me choose specific locations.
  23. On the Choose locations page, next to Exchange email, select Choose recipients.
  24. On the Edit locations page, select Choose recipients.
  25. Select Francisco Chaves, select Choose, and then select Done.
  26. On the Choose locations page, next to the SharePoint sites option, select Choose sites.
  27. On the Edit locations page, select Choose sites.
  28. In the search box, enter https://adatum*yyxxxxx*.sharepoint.com/sites/Acctsproj, replacing yyxxxxx with your unique Adatum number, and then select the Search icon.
  29. Select the Accounts Project site, select Choose, and then select Done.
  30. On the Choose locations page, turn off OneDrive accounts and Office 365 groups, and then select Next.
  31. On the Review your settings page, verify all settings and note any warnings, and then select Create this policy.
  32. Verify that the Status is On (Pending), and then select Close.
  33. Close Microsoft Edge.

Task 5: Configure data loss protection policies

  1. Open Microsoft Edge, and then browse to https://protection.office.com.
  2. Sign in to the Security & Compliance Center as [email protected]yyxxxxx.onmicrosoft.com, where yyxxxxx is your unique Adatum number, with the password you created in Module 1.
  3. In the navigation pane, select Data loss prevention and then select Policy.
  4. Select Create a policy.
  5. On the Start with a template or create a custom policy page, verify that Custom is selected, and then select Next.
  6. On the Name your policy page, type Test DLP in Name textbox, and then select Next.
  7. On the Choose locations page, select Protect content in Exchange email, Teams chats and channel messages and OneDrive and SharePoint documents and select Next.
  8. On the Customize the types of content you want to protect page, select Use advanced settings, and select Next.
  9. On the Customize the types of content you want to protect page, select New rule.
  10. On the Create a new rule page, in the Name field, type Scan for IP address.
  11. Under Conditions, select the Add a condition drop-down, select Content contains, and in the Add drop-down select Sensitive info types.
  12. In Sensitive info types window, select Add. Scroll down in the list and select IP Address, select Add, and then select Done.
  13. Select the Add a condition drop-down, and select Content is shared.
  14. Under Content is shared, select with people outside my organization.
  15. Under Actions, select Add an action, and then select Restrict access or encrypt the content.
  16. Under User notifications, enable the option to Use notifications to inform your users and help educate them on the proper use of sensitive info.
  17. Under User overrides, enable the option to Let people who see the tip override the policy and share the content.

Note the additional options.

  1. Under Incident reports, enable the option to Use email incident reports to notify you when a policy match occurs.
  2. Select Save.
  3. On the Customize the types of content you want to protect page, select Next.
  4. On the Do you want to turn on the policy or test things out first? page, select Yes, turn it on right away and then select Next.
  5. On the Review your settings page, verify your settings, and then select Create.
  6. On the Test DLP page, verify that the Status is On, and then select Close
  7. Close Microsoft Edge.

Task 6: Create compliance check content

  1. Open Microsoft Edge, and then connect to https://portal.office.com.
  2. Sign in to the Office 365 portal as [email protected]yyxxxxx.onmicrosoft.com, where yyxxxxx is your unique Adatum number, with the password you created in Module 1.
  3. On the Office 365 home page, select Outlook.
  4. Select New message, type the new Microsoft account email address that you created for this course in the To line.
  5. Type Server IP address as the Subject, type My IP is 192.168.1.15 as the message body.
  6. Wait for the policy tip appears at the top of message.

It may take up to several hours for the policy to be applied and for it to detect the message.
You may want to leave and come back to this task later.

  1. At the top of the message, select Show details.
  2. Select Override, and then select Send.
  3. Close Microsoft Edge.

Task 7: Validate the configuration

  1. Open Microsoft Edge, and then connect to https://outlook.com. Sign in with the Microsoft account you created for this course.
  2. Select the message from Beth Burke with the subject Server IP address.
  3. Close Microsoft Edge.
  4. Open Microsoft Edge, and then connect to https://portal.office.com.
  5. Sign in to the Office 365 portal as [email protected]yyxxxxx.hostdomain.com, where yyxxxxx is your unique Adatum number, with the password you created in Module 1.
  6. Select Outlook.
  7. Select your time zone, and then select Save.
  8. In the left pane of Christie’s mailbox, under Folders, select More.
  9. Verify that a folder named In-Place Archive -Christie Thomas has been created.
  10. Close Microsoft Edge.
  11. Open Microsoft Edge, and then connect to https://portal.office.com.
  12. Sign in to the Office 365 portal as Beth[email protected]yyxxxxx.onmicrosoft.com, where yyxxxxx is your unique Adatum number, with the password Pa55w.rd.
  13. Select Outlook.
  14. Verify that you have received notification about message you sent to your personal account. This message should have Rule detected words in the subject.

Exercise 3: Using Compliance Manager

Task 1: Launch and review Compliance Manager

  1. Open Microsoft Edge, and then connect to https://servicetrust.microsoft.com.
  2. Sign in Service Trust Portal as [email protected]yyxxxxx.onmicrosoft.com, where yyxxxxx is your unique Adatum number, with the password you created in Module 1.
  3. At the top of the page, select Compliance Manager and then select Compliance Manager Classic.
  4. Review the Microsoft Non-Disclosure Agreement for Compliance Materials and select Agree.
  5. Select Take the Tour, review each page of the Compliance Manager Tour, selecting Next, until you reach the last page.
  6. Select Done and review the Assessments dashboard.

Task 2: Review GDPR compliance assessments and action items

  1. On the Compliance Manager dashboard, under Assessments select Office 365 – GDPR.
  2. Expand Microsoft Managed Controls, then expand and review each item.
  3. Under Customer Managed Controls, expand PII sharing, transfer, and disclosure.
  4. Under Assign User, select Assign.
  5. In the Assign To box type Beth and select Beth Burke.
  6. In the Select Priority drop-down select High, and select Assign.
  7. Scroll to the top of the page and select Back To Dashboard.

Task 3: Review HIPAA compliance assessments and action items

  1. On the Compliance Manager dashboard, select Add Assessment.
  2. In the Enter new group box, enter HIPAA group and select Next.
  3. Set Would you like to copy the data from the existing group to No and select Next.
  4. In the Select a product drop-down select Office 365.
  5. In the Select a certification drop-down select HIPAA and select Add to Dashboard.
  6. On the dashboard, select Office 365 – HIPAA.
  7. Expand Microsoft Managed Controls and review the entries.
  8. Under Customer Managed Controls, expand Access Authorization (Addressable).
  9. Under Assigned User, select Assign.
  10. In the Assign To box type Beth and select Beth Burke.
  11. In the Select Priority drop-down, select High, and select Assign.
  12. Close Edge.
  13. Leave the virtual machines running for the next lab.

Result: After completing this exercise, you will have implemented the Office 365 compliance features.

 

0 0 votes
Article Rating
guest
0 Comments
Inline Feedbacks
View all comments