In this post, we will see on how to create, publish, and apply sensitivity labels to the documents, emails and much more. In an organization it is necessary to protect sensitive information. Sensitive information depends on the organization. In financial industry, it could be credit card information, whereas in any product industry, sensitive information could be the information which are related to build the product that should not be shared externally with the competitors. So, understanding the sensitive information is the first key to protect the organization data. It is also important to classify the data internally and externally and apply the protection accordingly.
With that said, M365 has Sensitivity labels that can be created, published to protect data in emails, documents, files, etc. These labels can be used to protect SharePoint sites, MS Teams, groups as well. Also, these labels can also be applied automatically using the policies. Now, we will see the steps involved in creating, publishing the labels with the protection types and how that is applied in the emails, documents.
Login to M365 Compliance portal (recently its renamed to Purview) https://compliance.microsoft.com/ -> On the left pane, select Information Protection
Click on “Create a label”, fill in the details and click on Next
Select the scope where this label can be applied. In this, “Groups & sites” will be greyed out initially. Follow the steps mentioned here to enable the feature. Also, labels can be applied to Azure SQL, Synapse and more. Select the scope as per the requirement
Next screen is about the protection that will be applied once enabled. In the next screen, we will see the different options available for encryption
We must configure the encryption settings for the label. In this, we can set content expiration days, offline access, assign permissions to users or allow users to decide on who needs to access the document with this label
Below options will be available, if “Assign Permission now” is selected,
Below option will be available if “Let users assign permissions when they apply the label” is selected. I will be using this option as the label is internal. Based on the requirement and confidentially, options to be carefully selected for protection to be applied on the label
Once the protection is complete, next is the Content marking options. Here, we can choose custom text for header, footer, etc
Once done, preview the settings and click on “Create a label”
Great, now the label has been created. In the below screen, make sure you have an eye on the “order” column. If you have multiple labels and auto-labelling is enabled, then this order makes an impact
Next step is to publish the label so it can be visible to the users. The label which we created now will be available for files and email once published
You can select users or groups for whom the label will be available. I will be publishing it to everyone as it is internal
Next are the policy settings which are available. Using this, you can force users to apply label for every document. You can also provide a custom help page for user understanding on the classification of data using labels
You can also apply a default label to the documents, emails and more. I’m selecting none and allowing users to apply the label
Name your policy and click on next
Review and click on Submit
In outlook, label will be available as below,
Once applied, a tip will be displayed with the description we provided while creating the label
That’s it. Now, we have seen on how to create, publish, and apply Sensitivity labels using the Microsoft Purview portal. This is just the beginning of working with Sensitivity labels. There are lot more options, policies are available. Please explore more on Microsoft Learn and design the labels based on your organization sensitive and compliance requirements.