Protect and use data according to laws & regulations with Zero Trust

19 Nov, 2023

A key pillar in Microsoft's Zero Trust Framework is protecting (sensitive) data, as described in our first Security Blog on the Zero Trust Framework. The components of Confidentiality, Integrity and Availability - also known as the CIA triangle - apply to the data that lives within Microsoft 365 and Azure. This blog explains how the various products within Microsoft 365 ensure that the components of the CIA triangle are met, data is protected and your organization can comply with laws and regulations.

Data must be confidential (Confidentiality) so that only the right people can access it. Integrity of data is also an important aspect, in which respect the data remains consistent and is not modified at the source location or at the time of 'transport'. Availability is the third aspect of the CIA triangle, which is to ensure that data is available to the right people at all times.

Sensitivity Labeling

In order to have data read and/or edited correctly both internally and externally, it is important to have insight into which employee, groups of employees and/or external parties are allowed access to certain information. For example, sensitive information such as strategies or product developments should only be viewed by management and not by the rest of the organization or external parties. Other types of information can be shared freely within the organization but must not leave the organization. In such cases, it is necessary to apply Sensitivity Labeling.

Through Sensitivity Labeling, it is possible to secure documents, emails and Microsoft Teams, allowing only the right people to access documentation. A sensitivity label can be set up for each hierarchical layer in the organization, in which it is possible to apply specific settings. One such setting is when a document or email is given a specific sensitivity label, for example, it can be encrypted (scrambled), preventing unauthorized persons from easily opening it.

Data Loss Prevention (DLP)

Sensitive information can leave the organization in different ways. A document can be shared from Microsoft Teams, email or a Microsoft chat. Data Loss Prevention (DLP) within Microsoft 365 ensures that sensitive data cannot be shared with external parties. Microsoft 365 then automatically ensures that documents, emails or chats containing GDPR-sensitive information are not shared with external parties, for example. DLP can be used in conjunction with Sensitivity Labeling, which makes it a priori impossible to share labeled files with externals and/or specific internals.


To properly protect and handle personal data, more than 70% of countries worldwide have implemented privacy laws in recent years. One example is the GDPR within the European Union. Sensitivity Labeling and applying DLP help organizations within Microsoft 365 be GDPR-compliant. As an addition, managing and retaining information for a certain period of time - according to laws and regulations - also deserves an important place.

Data retention periods & retention labeling

Among other things, the GDPR requires personal information to be deleted after a certain period of time. Retention labeling in Microsoft 365 enables management and (automatic) deletion of data in selected applications, such as Microsoft Teams, SharePoint and Exchange.

The aforementioned Microsoft Information Protection products and their capabilities can be applied in numerous ways. Step by step, these products ensure that organizations are compliant, keeping data protected and manageable as desired on the basis of the Confidentiality, Integrity and Availability (CIA) triangle

Read more

From our Security & Infrastructure experts

Want to know how Information Protection is applied and your organization can stay compliant?

Of course, there is much more to discover about Sensitivity Labeling, DLP and the GDPR. Want to know how your organization is taking an active stance on IT security? Our Infrastructure & Security experts are ready to help

Connect with us

By using this form you agree to the storage and processing of the data you provide, as indicated in our privacy policy. You can unsubscribe from sent messages at any time. Please review our privacy policy for more information on how to unsubscribe, our privacy practices and how we are committed to protecting and respecting your privacy.