{"id":67617,"date":"2023-07-25T17:01:51","date_gmt":"2023-07-25T16:01:51","guid":{"rendered":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/?p=67617"},"modified":"2025-06-19T13:51:46","modified_gmt":"2025-06-19T12:51:46","slug":"guidance-on-protecting-government-data-using-microsoft-purview","status":"publish","type":"post","link":"https:\/\/cm-edgetun.pages.dev\/en-gb\/industry\/blog\/government\/2023\/07\/25\/guidance-on-protecting-government-data-using-microsoft-purview\/","title":{"rendered":"Guidance on protecting government data using Microsoft Purview"},"content":{"rendered":"\n

Following the recent update to the Government Security Classification Policy (GSCP), Microsoft has partnered with Government Security Group<\/a>, the Central Digital and Data Office<\/a> <\/a>and the National Cyber Security Centre (NCSC)<\/a> to provide configuration guidance for those wishing to implement the OFFICIAL tier of the GSCP using Microsoft Purview Information Protection (MPIP), available as part of Microsoft 365.<\/p>\n\n\n\n

The guidance assists those wishing to classify and protect files, control who can access them, and allow greater control when sharing information between departments, partner organisations, and customers.<\/p>\n\n\n\n

A spokesman from the Government Security Group said: \u201dThe Government Security Classifications policy (GSCP) sets out the administrative system used by HM Government (HMG) and our partners to appropriately protect information and data assets against prevalent threat actors. The GSCP was updated in 2023.<\/p>\n\n\n\n

“This gave us a significant opportunity in UK government to modernise and standardise how organisations apply technical controls in line with security classifications. Microsoft 365 is widely used across UK government, so we partnered directly with Microsoft to define a standard approach to applying sensitivity labels and data loss prevention features of Microsoft 365 in line with the GSCP.<\/p>\n\n\n\n

“The resulting technical guidance provides a baseline from which organisations can select the most relevant elements and tailor them for their specific use cases. Our objective is that this will be an enabler for the GSCP and that it will also create a better user experience for civil servants and our partners.\u201d<\/p>\n\n\n\n

Building on the Government’s Secure Configuration Blueprint<\/h3>\n\n\n\n
\n
Download Microsoft 365 Guidance for UK Government: Information Protection<\/a><\/div>\n<\/div>\n\n\n\n

This guidance builds upon the Microsoft 365 Guidance for UK Government: Secure Configuration Blueprint<\/a> for the UK Public Sector, which outlines how to configure a Microsoft 365 tenant for use at OFFICIAL (which includes OFFICIAL-SENSITIVE), and sits alongside the Cross Government Collaboration guidance and the Bring Your Own Device guidance.<\/p>\n\n\n

\"\"<\/figure>\n\n\n\n

Figure 1.<\/em> Relationship with other NCSC and Microsoft guidance.<\/p>\n\n\n\n

The guidance draws on experience gained working right across UK government and the public sector industry and incorporates existing best practice that has previously been published by Microsoft.<\/p>\n\n\n\n

We determined that a baseline configuration for government organisations would enable a more consistent and secure approach to configuring classification and protection policies by providing a starting point for technology and compliance professionals alike. The recommended configuration we\u2019ve produced focuses on these key areas:<\/p>\n\n\n\n