Topic: Office 365

Using Sensitivity Labels for Teams, Microsoft 365, and SharePoint

Author: Jonathan Grajeda

Today, we must be able to collaborate with coworkers, partners, and customers no matter where we are — and the data we access through various services and devices should be properly protected. Sensitivity labels are one way to do so: they protect and classify information as private, public, or sensitive to keep your data secure. 

A sensitivity label in its simplest form is a level of security applied to your content and containers such as:

  • SharePoint sites
  • Microsoft 365 groups
  • Microsoft Teams sites

Note: Sensitivity labels for containers can be enabled through PowerShell. PowerShell will need to be run as an administrator and have a global admin account. Check out How to enable sensitivity labels for containers and synchronize labels in Microsoft documentation for further information.

To create a sensitivity label, visit your tenant’s Office 365 Security & Compliance Center from the Microsoft 365 admin center.

Locate the Sensitivity Label selection under the Classification drop down and create a label,

You’ll run through the basics such as Name, Description for users and Description for admins.

Encrypting the label manages who can access the files and email messages that have the sensitivity label applied. For example:

 

You can decide if you’d like to mark your content:

An example of a watermark below:

You’ll then be guided to Auto-labeling for Office apps where you can add sensitive info types to match your content for auto labeling. Once added, you can review your settings and finish your label.

When you’ve created a label and enabled sensitivity labels in containers then you’ll notice a new section to site and group configurations. For example:

In Office 365 Groups,

Communication Site,

The content of these containers will not inherit the label and their settings. Documents and emails can have sensitivity labels automatically applied. The label can be instructed to locate sensitive information within content such as:

  • Driver license number
  • Insurance number
  • Registration identification number
  • Credit
  • Debit
  • Account numbers
  • And more

When applying a sensitivity label to a document such as Word,

To view the Word document in the list that’s stored and determine whether the file has a sensitivity label or not, you’ll need to include the sensitivity column in the view.

In the list, click on ‘Add column.’ Then at the bottom of the list, click on ‘Show/hide columns.’

On the right side of the window an ‘Edit view columns’ will appear. This is a quick way to hide/show any and all columns associated with the current list. At the very bottom you’ll see the ‘sensitivity’ column. Click on it and ‘Apply’ your changes at the very top.

Note: you can drag-and-drop the columns to put them in the order you want them to appear on the list view.

The sensitivity column will appear once you’ve applied it to the view. You’ll be able to see the label applied to each document, if any.

The sensitivity labels applied to documents, emails, sites or Office 365 Groups can be monitored in the reports dashboard in the Office 365 Security & Compliance center. Below is a screen shot of a new tenant, and so it doesn’t have any sensitivity labels; however, we see many different graphs and reports.

Sensitivity Labels is clearly a broad subject. If you want to learn more about classifying and protecting content with sensitivity labels, check out this Sensitivity Labels Microsoft documentation or, let us know how we can help!