Understanding sensitivity labels
In this tutorial, we will get a brief about sensitivity labels and its features.
Sensitivity labels from the Microsoft Information Protection solution let you classify and protect your organization’s data while making sure that user productivity and their ability to collaborate aren’t hindered. However, you can use sensitivity labels to:
- Firstly, providing protection settings that include encryption and content markings. For example, apply a “Confidential” label to a document or email, and that label encrypts the content and applies a “Confidential” watermark.
- Secondly, protect content in Office apps across different platforms and devices. This has the support of Word, Excel, PowerPoint, and Outlook on the Office desktop apps and Office on the web.
- Thirdly, protect content in third-party apps and services by using Microsoft Cloud App Security. With Cloud App Security, you can detect, classify, label, and protect content in third-party apps and services.
- Next, protect containers that include Teams, Microsoft 365 Groups, and SharePoint sites.
- Then, extend sensitivity labels to Power BI. After turning on this capability, you can apply and view labels in Power BI, and protect data after it saves outside the service.
- Lastly, classify content without using any protection settings. You can also simply assign a label as a result of classifying the content. This provides users with a visual mapping of classification to your organization’s label names and can use the labels to generate usage reports and see activity data for your sensitive content.
What is Sensitivity label?
When you assign a sensitivity label to content, it’s like a stamp that’s applied and is:
- Firstly, Customizable. Specific to your organization and business needs, you can create categories for different levels of sensitive content in your organization.
- Secondly, Clear text. Because a label stored in clear text in the metadata for files and emails. So, the third-party apps and services can read it and then apply their own protective actions, if required.
- Lastly, Persistent. Because the label is stored in metadata for files and emails, the label roams with the content, no matter where it’s saved or stored.
What sensitivity labels can do
After applying a sensitivity label to an email or document, you can configure a sensitivity label to:
- Firstly, Encrypt emails and documents to prevent unauthorized people from accessing this data. You can additionally choose which users or group have permissions to perform which actions and for how long.
- Secondly, mark the content when you use Office apps, by adding watermarks, headers, or footers to email or documents that have the label applied.
- Thirdly, protect content in containers such as sites and groups when you enable the capability to use sensitivity labels with Microsoft Teams, Microsoft 365 groups, and SharePoint sites. However, you cannot configure protection settings for groups and sites until you enable this capability. This label configuration doesn’t result in documents or emails being automatically labeled. But, the label settings protect content by controlling access to the container where content can be stored. These settings include privacy settings, external user access, and external sharing, and access from unmanaged devices.
- Lastly, apply the label automatically to files and emails, or recommend a label. Choose how to identify sensitive information that you want labeling. Then, the label applies automatically, or you can prompt users to apply the label that you recommend. If you recommend a label, the prompt displays whatever text you choose.
Sensitivity labels and Azure Information Protection
While using sensitivity labels in Microsoft 365 Apps on Windows computers, you have a choice to use labeling built into Office apps, or the Azure Information Protection client. However, by default, built-in labeling turns off in these apps when the Azure Information Protection client installs. And even when you use built-in labeling in Office apps, you can also use the Azure Information Protection unified labeling client with sensitivity labels for the following:
- Firstly, a scanner to discover sensitive information stored on-premises, and then optionally, a label that content
- Secondly, right-click options in File Explorer for users to apply labels to all file types
- Then, a viewer to display encrypted files for text, images, or PDF documents
- Lastly, a PowerShell module to discover sensitive information in files on-premises, and apply or remove labels and encryption from these files.
Reference: Microsoft Documentation