In this post, we will see on how to create, publish, and apply sensitivity labels to the documents, emails and much more. In an organization it is necessary to protect sensitive information. Sensitive information depends on the organization. In financial industry, it could be credit card information, whereas in any product industry, sensitive information could be the information which are related to build the product that should not be shared externally with the competitors. So, understanding the sensitive information is the first key to protect the organization data. It is also important to classify the data internally and externally and apply the protection accordingly.

With that said, M365 has Sensitivity labels that can be created, published to protect data in emails, documents, files, etc. These labels can be used to protect SharePoint sites, MS Teams, groups as well. Also, these labels can also be applied automatically using the policies. Now, we will see the steps involved in creating, publishing the labels with the protection types and how that is applied in the emails, documents.

Login to M365 Compliance portal (recently its renamed to Purview) https://compliance.microsoft.com/ -> On the left pane, select Information Protection

Click on “Create a label”, fill in the details and click on Next

Select the scope where this label can be applied. In this, “Groups & sites” will be greyed out initially. Follow the steps mentioned here to enable the feature. Also, labels can be applied to Azure SQL, Synapse and more. Select the scope as per the requirement

Next screen is about the protection that will be applied once enabled. In the next screen, we will see the different options available for encryption

We must configure the encryption settings for the label. In this, we can set content expiration days, offline access, assign permissions to users or allow users to decide on who needs to access the document with this label

Below options will be available, if “Assign Permission now” is selected,

Below option will be available if “Let users assign permissions when they apply the label” is selected. I will be using this option as the label is internal. Based on the requirement and confidentially, options to be carefully selected for protection to be applied on the label

Once the protection is complete, next is the Content marking options. Here, we can choose custom text for header, footer, etc

Once done, preview the settings and click on “Create a label”

Great, now the label has been created. In the below screen, make sure you have an eye on the “order” column. If you have multiple labels and auto-labelling is enabled, then this order makes an impact

Next step is to publish the label so it can be visible to the users. The label which we created now will be available for files and email once published

You can select users or groups for whom the label will be available. I will be publishing it to everyone as it is internal

Next are the policy settings which are available. Using this, you can force users to apply label for every document. You can also provide a custom help page for user understanding on the classification of data using labels

You can also apply a default label to the documents, emails and more. I’m selecting none and allowing users to apply the label

Name your policy and click on next

Review and click on Submit

In outlook, label will be available as below,

Once applied, a tip will be displayed with the description we provided while creating the label

That’s it. Now, we have seen on how to create, publish, and apply Sensitivity labels using the Microsoft Purview portal. This is just the beginning of working with Sensitivity labels. There are lot more options, policies are available. Please explore more on Microsoft Learn and design the labels based on your organization sensitive and compliance requirements.

Happy learning!!

By Ashok M

Microsoft Certified Professional, Author, Blogger at Cloudexchangers.com, Real world technical contribution via Microsoft Communities (Social Technet/QnA). Extensive knowledge and experience in Messaging (Microsoft Exchange 2003 - 2019) and services including Infrastructure (Windows Server, Active Directory, ADFS, ADCS, File Servers, SCCM), Cloud (Microsoft Azure, Microsoft 365, EMS), Unified Communication (Skype for Business, Video conferencing room systems, Surface Hub), Virtualization (Hyper V), Database (SQL). Have experience in design, implementation, migration & support for various Microsoft infrastructure products across various industry verticals.