Recently M365 was updated to allow administrators to enable sensitivity labels in Microsoft 365 Groups and SharePoint sites. This means that any container in M365 that is backed by a Microsoft 365 Group or SharePoint can have sensitivity controls applied to it. This includes Microsoft Teams and OneDrive for Business. Within this post we’ll walk through the steps for enabling sensitivity labels for your tenant’s M365 Groups and SharePoint site.
I ran into an issue recently that had me stumped for quite a while. I had a client running a MIP pilot and had an encrypting MIP label missing the sensitivity drop-down options within Office Client Apps. All other labels were there (Public, Internal, Confidential, etc.), including the labels that were configured to encrypt. The only one that was missing was the restricted label. This one was also encrypted, but unlike the confidential label, which had the encryption groups configured on the label itself, the restricted label allowed users to set the encryption themselves. Keep in mind; this is expected behavior if you are working on the web version of Office, where any label that prompts users to set permissions is not supported. In this case, however, we were using the standard Office 365 client.