Microsoft Purview Sensitivity Labels Guide 2023
Image Source:
Microsoft Purview
Sep 26, 2023 11:45 AM

Microsoft Purview Sensitivity Labels Guide 2023

by HubSite 365 about Practical 365

Pro UserMicrosoft PurviewSecurityM365 Hot News

Discover Microsoft Purview Sensitivity Labels: evolving functionality from 2018 to 2023, advancements in protection, and container management insights.

Sensitivity Labels in Microsoft's Purview: An Overview and Changes Through The Years

Sensitivity labels for Office 365 were released by Microsoft in September 2018, as a replacement for Azure Information Protection (AIP) labels. While initially their functionality was limited and required users to install a separate client to label Office documents, Microsoft has consistently updated them with new features and capabilities. Microsoft Purview Information Protection product houses these sensitivity labels and anyone with an Office 365 license can read documents or emails that are protected by these labels. However, to apply a label manually or automatically, users require the Office 365 E3 or Microsoft 365 E5 compliance licenses.

The Microsoft Purview Compliance portal manages sensitivity labels through its Information Protection section. Each label carries a priority number starting from zero (lowest priority) which SharePoint Online uses to determine storage sites for confidential information. Tasks involved in managing labels include defining label usage, individual label settings, and publishing labels through policies to target audiences such as user accounts. Labels need to be made available to users by Publication before documents and emails can be labelled.

Label functionality is broadly divided into two categories - Protection and Container Management. The original focus, Protection, uses Azure Information Protection rights management to protect content. Users can only access protected content if the creator permits them to, defining their allowed actions like reading a document but not printing it. Sensitivity labels apply visual markers on documents and use color to indicate the importance of the labeled content. Keys used for encryption of the content can be managed by Microsoft by default or by the tenant. Double-key encryption (DKE) and S/MIME for emails are also options for encryption.

Container Management controls the meetings and sites where sensitive materials can be shared. It enables organisations to enforce policies for items like access to guest users and document sharing abilities. Sensitivity labels can be applied to meetings as well. To facilitate users in understanding the concept of sensitivity labels, care is required even in the labelling like clear and precise names along with limited choices. This allows users to make appropriate decisions about sensitive information.

Support for sensitivity labels within applications has improved remarkably over the years. The labels no longer depend on a separate client for labelling and applications like Microsoft 365 enterprise desktop apps and Adobe Acrobat can interact with sensitivity labels directly. Although the unified labelling client is now in maintenance mode, it is still needed for applying sensitivity labels to files that do not support information protection.

Sensitivity labels have seen support within SharePoint Online as well. An integrated approach is conceived for SharePoint Online where it can decrypt content before storage and encrypt files when users access the content. This not only makes it possible for other services to access protected content stored in SharePoint Online and OneDrive for Business, but also enables availability of metadata and indexing of encrypted content by services like Microsoft Search.

Despite these advancements there still remain some challenges in the implementation of sensitivity labels. With no APIs to apply these labels to content, management of protected files can be difficult especially for third-party applications. The question of handling protected content also looms in cases of tenant-to-tenant migrations or backup by end users which renders access to their files uncertain.

In conclusion, Microsoft has extended and inflated the functionality of sensitivity labels significantly ever since its inception in 2018. Although minor challenges persist, with time and engineering efforts, Microsoft strives to make the use of sensitivity labels easy and intuitive.

Continue Reading about Microsoft Purview here.

Read the full article All About Microsoft Purview Sensitivity Labels (2023)

Microsoft Purview - Microsoft Purview Sensitivity Labels Guide 2023

Learn about All About Microsoft Purview Sensitivity Labels (2023)

Microsoft's implementation of sensitivity labels for Office 365 has undergone multifunctional shifts since they were first introduced in September 2018, replacing Azure Information Protection (AIP) labels. Their purpose was simple; tag the content in Office documents with sensitivity ratings that determined access. However, the initial setup required users to install a separate client, limiting functionality and adopting said norm.

Fast forward to our current year, we see constant improvements and functionality enhancements. Maybe now, your organization is considering implementing sensitivity labels for the protection and classification of information across Exchange Online and SharePoint Online.

You may commence deployment by understanding that these sensitivity tags are part of the Information Protection product structure within Microsoft's data governance framework. But what does this mean for Office 365 license holders? It means they can access labeled documents or emails freely. However, to manually apply a label, users require an Office 365 E3 license or above. Automatic policy-driven labels necessitate an Office 365 E5 or Microsoft 365 E5 compliance license.

Non-tenant Microsoft 365 users can also access protected content. Attempts to do so will redirect users to the Office 365 Message Encryption (OME) portal. After successful authentication, users are granted reading rights.

Managing sensitivity labels occurs through the Information Protection portal within Microsoft's compliance management suite. Users should note that each label has a priority number, from 0 (zero- being the lowest priority), which SharePoint Online uses to decide if users intend to store confidential information on sites intended for public access.

  • Defining the usage of labels.
  • Defining settings for individual labels.
  • Publishing labels through label policies to target audiences (user accounts).

These tasks are fundamental to managing sensitivity labels. Moreover, publishing labels via label policies must be done before users can apply them to documents and emails. Sensitivity label functionality can be broadly categorized into two: Protection and Container Management.

Protection was the primary focus of sensitivity labels when introduced; aiming to subdue access to protected content unless granted the right to by the content creators. The rights granted enable users to perform specific actions over the protected content.

On the other hand, Container Management extends sensitivity labels' functionality towards teams, groups, and sites within an organization. This allows the application of policy through tags, for example, limiting guest access to certain teams and controlling sharing capabilities for particular SharePoint sites.

Constructing a clear, precise, and easy-to-follow naming scheme for your sensitivity labels is an essential task. Users are more likely to protect sensitive information appropriately when guided by accurate names, descriptions, and having limited choices. Too many labels with ambiguous names can cause confusion and, consequently, errors.

The incorporation of sensitivity label functionality within applications has significantly improved over the years. The integration has been made possible through Microsoft's Information Protection SDK, which allows the application to apply, read, and respect sensitivity labels. This is a significant shift from the previous dependency on a standalone client to facilitate labeling.

However, some challenges still occur with the implementation of sensitivity labels that Microsoft continues to address. For instance, the need for APIs to allow organizations to apply sensitivity labels to content. Despite these challenges, there is optimism due to the continuous enhancements of the software tools since their initial release.

More links on about All About Microsoft Purview Sensitivity Labels (2023)

All About Microsoft Purview Sensitivity Labels (2023)
Jan 16, 2023 — Microsoft released sensitivity labels for Office 365 in September 2018 to replace Azure Information Protection (AIP) labels.
Learn about sensitivity labels
Sep 15, 2023 — Sensitivity labels from Microsoft Purview Information Protection let you classify and protect your organization's data, while making sure ...


Microsoft Purview 2023, Sensitivity Labels, Microsoft Purview Sensitivity, MS Purview 2023 Features, Microsoft Purview Updates, Sensitivity Labels Purview, 2023 Microsoft Purview, MS Purview Sensitivity Labels, Microsoft Purview Labels 2023, Purview Sensitivity 2023