Automatic Removal of Sensitive Data | Microsoft Editor

Reading Time: 3 minutes

I’m having (nerd) fun testing out the new auto-apply Sensitivity Label capabilities in Office Apps with the Built-in Office labeling client. The primary advantage of auto-apply is how it removes the responsibility of labeling a document from the information worker – it’s automatically done for them. Nice!

A sensitivity label can either be recommended or automatically applied based on sensitive information found within the document.

In the scenario for this post, there are 2 sensitivity labels, each one recommended under a different condition:

  • Label “A” to be recommended if a Canadian Social Insurance Number (SIN) is detected
  • Label “B” to be recommended if a Credit Card # is detected

Priority matters with Sensitivity labels. The higher the priority, the more weight a sensitivity label’s conditions has when content is evaluated within a document.

In this setup, Label “A” has a higher priority than Label “B” which means if Label “A”s condition is met, the auto-apply engine will recommend Label “A” even if conditions for Label “B” are also met. You will only see the Policy tip for one sensitivity label at a time, Label “A”.

Note: In case it’s relevant, I’m on the Current Channel (Preview) of Microsoft Office within Microsoft Word.

Through the testing process, I came across the new, very helpful feature in Word called Microsoft Editor.  It provides a fly-out pane with lots of helpful writing guidance (grammar, clarity, etc.), however a pleasantly surprising key piece of functionality it also provides is a section titled Sensitive Content (image). This feature can help end-users remediate sensitive content in their document in-the-moment during the editing process.


Here it is in action

If sensitive information is detected in a document and there is a sensitivity label recommended when it’s detected, you will see a yellow toolbar with a Policy Tip showing the recommendation. At this point, an information worker has 1 of 2 options:

  • Apply sensitivity – this will apply the recommended Sensitivity label
  • Show sensitive content – an Editor pane will open up on the right-hand side of the Microsoft Word editing pane

The Editor fly-out pane chronologically highlights all sensitive information within the document for the sensitivity label being recommended. This provides an opportunity for the information worker to remove (~redact) the information from the document from within the Editor pane if this is the preferred course of action.

In the Editor pane image below, a Canada Social Insurance Number has been detected and previously removed (green check mark indicates it is no longer there) as well as 3 Credit Card numbers still existing in the document that have NOT been removed:

 

In the video below, I’ve added a SIN and 3 Credit Card numbers in a document which meets the conditions for both Label “A” and Label “B” to be recommended. Because Label “A” is higher priority, it is recommended first. Once I remove the SIN (the condition for Label “A”), the remaining content is evaluated against the label policy and Label “B” is recommended. I then sequentially remove all Credit Card information from the document eventually making it so neither Label “A” nor Label “B” are recommended.


​Parting thoughts

We need to continually strive to strike an acceptable balance between implementing security/protection controls and the end-user experience… something easier said than done. The feature shown in this post should be included in your end-user training to ensure they know it exists, and how to remove sensitive content if/when required.

Thanks for reading.

-JCK


Credit: Photo by Andrea Davis on Unsplash

Would you like to connect with me to ask  a more complex/involved question or consulting engagement? I’d love to support you in anyway I can. I have several services I offer on Microsoft Bookings to suit your needs! (There is a charge for these services)

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.