DLP-01HighEnhanced Security

Enable Sensitive Data Classification

Data Protection control for Microsoft 365 and Entra ID

Why This Control Matters

Without data classification, you cannot protect what you cannot identify. Sensitivity labels enable targeted protection policies, ensuring sensitive data receives appropriate controls regardless of where it is stored or shared.

Expected State

When this control is compliant, your tenant should meet these criteria:

1Microsoft Purview sensitivity labels are configured
2At least 3 sensitivity levels are defined (e.g., Public, Internal, Confidential)
3Labels are applied to sensitive data in SharePoint and OneDrive

Enforcement

Default Mode

Advisory

Alerts on deviations but does not make changes

Auto-Remediation

Manual Only

Requires Microsoft Purview license and configuration

Ready to implement this control?

TrueConfig continuously monitors your Microsoft 365 tenant for compliance with this and 50+ other security controls.