Recently M365 was updated to allow administrators to enable sensitivity labels in Microsoft 365 Groups and SharePoint sites. This means that any container in M365 that is backed by a Microsoft 365 Group or SharePoint can have sensitivity controls applied to it. This includes Microsoft Teams and OneDrive for Business. Within this post we’ll walk through the steps for enabling sensitivity labels for your tenant’s M365 Groups and SharePoint site.
Previously I provided information on sensitivity labels within Microsoft 365. Recently Microsoft updated sensitivity labels to give them scope. Sensitivity labels can be applied to files and emails, but they can also be applied to SharePoint sites and Microsoft 365 groups. A sensitivity label can be created for both aspects of Microsoft 365 at the same time, but for this post and the next, I will be focusing on a single sensitivity label type. In this post, I’ll discuss and demonstrate creating a sensitivity label for files and emails. If you are looking to create a label that applies to both you can utilize the information in this post and the post “Creating a Sensitivity Label for Sites and Groups”. In the following steps, I am going to enable all of the options available for the sensitivity label. They do not all have to be enabled. Determine your needs and select the options accordingly.
Every organization should have a method that allows its most sensitive data to be protected against access outside of the organization. Whether content is shared accidentally or maliciously, the damage of sensitive content getting into someone’s hands shouldn’t be damaging to any organization. Enter Microsoft 365 sensitivity labels.
While writing a couple of posts recently I became a bit out of step with my intended schedule by discussing sensitivity for automated processes before actually discussing how Microsoft 365 deals with sensitive content. This is fine if you are familiar with information protection within Microsoft 365, but for those of you who are not let me get back on track and discuss information protection concepts within Microsoft 365. This is the overview first in a series of posts that I will explain and demonstrate how Microsoft 365 protects an organization’s sensitive information.
I ran into an issue recently that had me stumped for quite a while. I had a client running a MIP pilot and had an encrypting MIP label missing the sensitivity drop-down options within Office Client Apps. All other labels were there (Public, Internal, Confidential, etc.), including the labels that were configured to encrypt. The only one that was missing was the restricted label. This one was also encrypted, but unlike the confidential label, which had the encryption groups configured on the label itself, the restricted label allowed users to set the encryption themselves. Keep in mind; this is expected behavior if you are working on the web version of Office, where any label that prompts users to set permissions is not supported. In this case, however, we were using the standard Office 365 client.