Sensitivity labels are a part of Microsoft Information Protection (MIP). MIP is a set of capabilities built into Microsoft 365 using which you can manage and secure your organization’s digital information in the cloud, across devices, and on-premises. You can detect sensitive information wherever it resides, protect and manage it throughout its lifecycle, and respond to incidents when they arise.
The three key pillars of MIP are :
- Know your data
- Protect your data
- Prevent data loss
In this blog post, I am going to talk about Sensitivity labels and its role in the protection of information that is produced or being consumed in Microsoft 365.
Sensitivity labels from the Microsoft Information Protection framework let you classify and protect your organization’s data, while making sure that user productivity and their ability to collaborate isn’t hindered. When applied to documents and emails, it’s like a stamp that’s applied to content.
So what are the key features of a sensitivity label –
First, The sensitivity label is really like a human readable tag or metadata, meaning, the label is visible as clear text so you can really name the labels such that it is easy for end users to understand what the label is all about.
Second, After you apply a sensitivity label to information, the label is stored in the metadata of that email or document. This means that the label is always present with the information, including the protection settings that you have configured for the specific label.
Finally, sensitivity labels are really configurable. You can have different labels for different purposes targeting different kinds of information.
There are two levels at which sensitivity labels can be applied and relevant protection settings can then be applied based on where sensitivity labels are used. You can apply sesnitivity labels to
- the information itself – Documents & Emails
- Containers – Groups, Sites & Teams
- Protect office content – Sensitivity labels can be configured to apply Encryption & Visual markings like watermarks, header
- Protect containers like Sites, Teams & Groups – Apply Privacy and external sharing controls on these containers. Note that the documents within these containers don’t inherit the labels
- Apply to third-party apps – You can leverage the MIP SDK to extend labelling to third party apps or custom apps
- Simple classification – No protection settings are applied but the label is only used as a classification label
In the upcoming blog posts, I will delve into the details of these protection settings that can be applied using sensitivity labels at the container level as well as at the document/email level.