Final answer:
To prevent employees from improperly sharing sensitive information outside the company, implement data loss prevention policies and use Azure Information Protection to classify and protect documents within the Microsoft 365 suite.
Step-by-step explanation:
To enforce file sharing restrictions and prevent employees from sharing documents or forwarding emails containing sensitive information outside the company, you should implement data loss prevention (DLP) policies within the Microsoft 365 suite. The Enterprise Mobility + Security E5 package includes advanced security features that allow administrators to define rules based on the sensitivity of the information.
You can create DLP policies in the Microsoft 365 compliance center to identify, monitor, and automatically protect sensitive items across Microsoft 365 services such as SharePoint Online, OneDrive for Business, and Exchange Online. These policies can be set to detect when sensitive information is being shared and apply actions like blocking access or alerting administrators.
Additionally, you can also use Azure Information Protection to classify and protect documents by applying labels. Labels can be used to enforce restrictions, such as not allowing sharing or forwarding of documents and emails outside the organization. These combined measures ensure that sensitive information remains secure within the company's digital environment.