Learn about sensitivity labels - Microsoft Purview (compliance) (2022)

  • Article
  • 17 minutes to read

.

Note

If you're looking for information about sensitivity labels that you see in your Office apps, see Apply sensitivity labels to your files and email in Office.

The information on this page is for IT administrators who can create and configure those labels.

To get their work done, people in your organization collaborate with others both inside and outside the organization. This means that content no longer stays behind a firewall—it can roam everywhere, across devices, apps, and services. And when it roams, you want it to do so in a secure, protected way that meets your organization's business and compliance policies.

Sensitivity labels from Microsoft Purview Information Protection let you classify and protect your organization's data, while making sure that user productivity and their ability to collaborate isn't hindered.

Example showing available sensitivity labels in Excel, from the Home tab on the Ribbon. In this example, the applied label displays on the status bar:

Learn about sensitivity labels - Microsoft Purview (compliance) (1)

To apply sensitivity labels, users must be signed in with their Microsoft 365 work or school account.

Note

For US Government tenants, sensitivity labels are supported for all platforms.

If you use the Azure Information Protection unified labeling client and scanner, see the Azure Information Protection Premium Government Service Description.

You can use sensitivity labels to:

  • Provide protection settings that include encryption and content markings. For example, apply a "Confidential" label to a document or email, and that label encrypts the content and applies a "Confidential" watermark. Content markings include headers and footers as well as watermarks, and encryption can also restrict what actions authorized people can take on the content.

  • Protect content in Office apps across different platforms and devices. Supported by Word, Excel, PowerPoint, and Outlook on the Office desktop apps and Office on the web. Supported on Windows, macOS, iOS, and Android.

  • Protect content in third-party apps and services by using Microsoft Defender for Cloud Apps. With Defender for Cloud Apps, you can detect, classify, label, and protect content in third-party apps and services, such as SalesForce, Box, or DropBox, even if the third-party app or service does not read or support sensitivity labels.

  • Protect containers that include Teams, Microsoft 365 Groups, and SharePoint sites. For example, set privacy settings, external user access and external sharing, and access from unmanaged devices.

  • Extend sensitivity labels to Power BI: When you turn on this capability, you can apply and view labels in Power BI, and protect data when it's saved outside the service.

  • Extend sensitivity labels to assets in Microsoft Purview Data Map: When you turn on this capability, currently in preview, you can apply your sensitivity labels to files and schematized data assets in Microsoft Purview Data Map. The schematized data assets include SQL, Azure SQL, Azure Synapse, Azure Cosmos, and AWS RDS.

    (Video) How to create and use sensitivity labels in Microsoft 365

  • Extend sensitivity labels to third-party apps and services. Using the Microsoft Information Protection SDK, third-party apps can read sensitivity labels and apply protection settings.

  • Classify content without using any protection settings. You can also simply assign a label as a result of classifying the content. This provides users with a visual mapping of classification to your organization's label names, and can use the labels to generate usage reports and see activity data for your sensitive content. Based on this information, you can always choose to apply protection settings later.

In all these cases, sensitivity labels from Microsoft Purview can help you take the right actions on the right content. With sensitivity labels, you can classify data across your organization, and enforce protection settings based on that classification. That protection then stays with the content.

For more information about these and other scenarios that are supported by sensitivity labels, see Common scenarios for sensitivity labels. New features are being developed all the time that support sensitivity labels, so you might also find it useful to check the Microsoft 365 roadmap.

What a sensitivity label is

When you assign a sensitivity label to content, it's like a stamp that's applied and is:

When viewed by users in your organization, a sensitivity label appears like a tag on apps that they use and can be easily integrated into their existing workflows.

Each item that supports sensitivity labels can have a single sensitivity label applied to it. Documents and emails can have both a sensitivity label and a retention label applied to them.

Learn about sensitivity labels - Microsoft Purview (compliance) (2)

What sensitivity labels can do

After a sensitivity label is applied to an email or document, any configured protection settings for that label are enforced on the content. You can configure a sensitivity label to:

  • Encrypt emails and documents to prevent unauthorized people from accessing this data. You can additionally choose which users or group have permissions to perform which actions and for how long. For example, you can choose to allow all users in your organization to modify a document while a specific group in another organization can only view it. Alternatively, instead of administrator-defined permissions, you can allow your users to assign permissions to the content when they apply the label.

    For more information about the Encryption settings when you create or edit a sensitivity label, see Restrict access to content by using encryption in sensitivity labels.

  • Mark the content when you use Office apps, by adding watermarks, headers, or footers to email or documents that have the label applied. Watermarks can be applied to documents but not email. Example header and watermark:

    Learn about sensitivity labels - Microsoft Purview (compliance) (3)

    Dynamic markings are also supported by using variables. For example, insert the label name or document name into the header, footer, or watermark. For more information, see Dynamic markings with variables.

    Need to check when content markings are applied? See When Office apps apply content marking and encryption.

    If you have templates or workflows that are based on specific documents, test those documents with your chosen content markings before you make the label available for users. Some string length restrictions to be aware of:

    Watermarks are limited to 255 characters. Headers and footers are limited to 1024 characters, except in Excel. Excel has a total limit of 255 characters for headers and footers but this limit includes characters that aren't visible, such as formatting codes. If that limit is reached, the string you enter is not displayed in Excel.

  • Protect content in containers such as sites and groups when you enable the capability to use sensitivity labels with Microsoft Teams, Microsoft 365 groups, and SharePoint sites.

    You can't configure protection settings for groups and sites until you enable this capability. This label configuration doesn't result in documents or emails being automatically labeled but instead, the label settings protect content by controlling access to the container where content can be stored. These settings include privacy settings, external user access and external sharing, and access from unmanaged devices.

    (Video) Microsoft Sensitivity Label settings walk through

  • Apply the label automatically to files and emails, or recommend a label. Choose how to identify sensitive information that you want labeled, and the label can be applied automatically, or you can prompt users to apply the label that you recommend. If you recommend a label, the prompt displays whatever text you choose. For example:

    Learn about sensitivity labels - Microsoft Purview (compliance) (4)

    For more information about the Auto-labeling for files and emails settings when you create or edit a sensitivity label, see Apply a sensitivity label to content automatically for Office apps, and Labeling in Microsoft Purview Data Map.

  • Set the default sharing link type for SharePoint sites and individual documents. To help prevent users oversharing, set the default scope and permissions for when users share documents from SharePoint and OneDrive.

Label scopes

When you create a sensitivity label, you're asked to configure the label's scope which determines two things:

  • Which label settings you can configure for that label
  • Where the label will be visible to users

This scope configuration lets you have sensitivity labels that are just for items such as documents and emails, and can't be selected for containers. And similarly, sensitivity labels that are just for containers and can't be selected for documents and emails. You can also select the scope for schematized data assets for Microsoft Purview Data Map:

Learn about sensitivity labels - Microsoft Purview (compliance) (5)

By default, the Items scope (previously named Files & emails) is always selected. The other scopes are selected by default when the features are enabled for your tenant:

  • Groups & sites: See Enable sensitivity labels for containers and synchronize labels

  • Schematized data assets: See Automatically label your content in Microsoft Purview Data Map

If you change the defaults so not all scopes are selected, you see the first page of the configuration settings for scopes you haven't selected, but you can't configure the settings. For example, if the scope for items isn't selected, you can't select the options on the next page:

Learn about sensitivity labels - Microsoft Purview (compliance) (6)

For these pages that have unavailable options, select Next to continue. Or, select Back to change the label's scope.

Label priority (order matters)

When you create your sensitivity labels in the Microsoft Purview compliance portal, they appear in a list on the Sensitivity tab on the Labels page. In this list, the order of the labels is important because it reflects their priority. You want your most restrictive sensitivity label, such as Highly Confidential, to appear at the bottom of the list, and your least restrictive sensitivity label, such as Public, to appear at the top.

You can apply just one sensitivity label to an item such as a document, email, or container. If you set an option that requires your users to provide a justification for changing a label to a lower classification, the order of this list identifies the lower classifications. However, this option does not apply to sublabels that share the priority of their parent label.

The ordering of sublabels is used with automatic labeling, though. When you configure labels to be applied automatically or as a recommendation, multiple matches can result for more than one label. To determine the label to apply or recommend, the label ordering is used: The last sensitive label is selected, and then if applicable, the last sublabel.

Learn about sensitivity labels - Microsoft Purview (compliance) (7)

Sublabels (grouping labels)

With sublabels, you can group one or more labels below a parent label that a user sees in an Office app. For example, under Confidential, your organization might use several different labels for specific types of that classification. In this example, the parent label Confidential is simply a text label with no protection settings, and because it has sublabels, it can't be applied to content. Instead, users must choose Confidential to view the sublabels, and then they can choose a sublabel to apply to content.

Sublabels are simply a way to present labels to users in logical groups. Sublabels don't inherit any settings from their parent label. When you publish a sublabel for a user, that user can then apply that sublabel to content but can't apply just the parent label.

Don't choose a parent label as the default label, or configure a parent label to be automatically applied (or recommended). If you do, the parent label won't be applied to content.

Example of how sublabels display for users:

Learn about sensitivity labels - Microsoft Purview (compliance) (8)

(Video) How to Implement & Manage Sensitivity Labels and Label Policies | Microsoft Purview | Microsoft365

Editing or deleting a sensitivity label

If you delete a sensitivity label from your admin center, the label is not automatically removed from content, and any protection settings continue to be enforced on content that had that label applied.

If you edit a sensitivity label, the version of the label that was applied to content is what's enforced on that content.

What label policies can do

After you create your sensitivity labels, you need to publish them to make them available to people and services in your organization. The sensitivity labels can then be applied to Office documents and emails, and other items that support sensitivity labels.

Unlike retention labels, which are published to locations such as all Exchange mailboxes, sensitivity labels are published to users or groups. Apps that support sensitivity labels can then display them to those users and groups as applied labels, or as labels that they can apply.

When you configure a label policy, you can:

  • Choose which users and groups see the labels. Labels can be published to any specific user or email-enabled security group, distribution group, or Microsoft 365 group (which can have dynamic membership) in Azure AD.

  • Specify a default label for unlabeled documents and emails, new containers (when you've enabled sensitivity labels for Microsoft Teams, Microsoft 365 groups, and SharePoint sites), and also a default label for Power BI content. You can specify the same label for all four types of items, or different labels. Users can change the applied default sensitivity label to better match the sensitivity of their content or container.

    Note

    Default labeling for existing documents is newly supported for built-in labeling for Office apps. For more information about the rollout per app and minimum versions, see the capabilities table for Word, Excel, and PowerPoint.

    Consider using a default label to set a base level of protection settings that you want applied to all your content. However, without user training and other controls, this setting can also result in inaccurate labeling. It's usually not a good idea to select a label that applies encryption as a default label to documents. For example, many organizations need to send and share documents with external users who might not have apps that support the encryption or they might not use an account that can be authorized. For more information about this scenario, see Sharing encrypted documents with external users.

    Important

    When you have sublabels, be careful not to configure the parent label as a default label.

  • Require a justification for changing a label. If a user tries to remove a label or replace it with a label that has a lower-order number, you can require the user provides a justification to perform this action. For example, a user opens a document labeled Confidential (order number 3) and replaces that label with one named Public (order number 1). For Office apps, this justification prompt is triggered once per app session when you use built-in labeling, and per file when you use the Azure Information Protection unified labeling client. Administrators can read the justification reason along with the label change in activity explorer.

    Learn about sensitivity labels - Microsoft Purview (compliance) (9)

  • Require users to apply a label for documents and emails, just documents, for containers, and Power BI content. Also known as mandatory labeling, these options ensure a label must be applied before users can save documents and send emails, create new groups or sites, and when they use unlabeled content for Power BI.

    For documents and emails, a label can be assigned manually by the user, automatically as a result of a condition that you configure, or be assigned by default (the default label option previously described). An example prompt when a user is required to assign a label:

    Learn about sensitivity labels - Microsoft Purview (compliance) (10)

    For more information about mandatory labeling for documents and emails, see Require users to apply a label to their email and documents.

    For containers, a label must be assigned at the time the group or site is created.

    For more information about mandatory labeling for Power BI, see Mandatory label policy for Power BI.

    (Video) SBD05 - Sensitivity Labels for Content - Part01 - Microsoft 365 Compliance

    Consider using this option to help increase your labeling coverage. However, without user training, these settings can result in inaccurate labeling. In addition, unless you also set a corresponding default label, mandatory labeling can frustrate your users with the frequent prompts.

  • Provide help link to a custom help page. If your users aren't sure what your sensitivity labels mean or how they should be used, you can provide a Learn More URL that appears at the bottom of the Sensitivity label menu in the Office apps:

    Learn about sensitivity labels - Microsoft Purview (compliance) (11)

After you create a label policy that assigns new sensitivity labels to users and groups, users start to see those labels in their Office apps. Allow up to 24 hours for the latest changes to replicate throughout your organization.

There is no limit to the number of sensitivity labels that you can create and publish, with one exception: If the label applies encryption that specifies the users and permissions, there is a maximum of 500 labels supported with this configuration. However, as a best practice to lower admin overheads and reduce complexity for your users, try to keep the number of labels to a minimum. Real-world deployments have proved effectiveness to be noticeably reduced when users have more than five main labels or more than five sublabels per main label.

Label policy priority (order matters)

You make your sensitivity labels available to users by publishing them in a sensitivity label policy that appears in a list on the Label policies page. Just like sensitivity labels (see Label priority (order matters)), the order of the sensitivity label policies is important because it reflects their priority: The label policy with lowest priority is shown at the top of the list with the lowest order number, and the label policy with the highest priority is shown at the bottom of the list with the highest order number.

A label policy consists of:

  • A set of labels.
  • The users and groups that will be assigned the policy with labels.
  • The scope of the policy and policy settings for that scope (such as default label for files and emails).

You can include a user in multiple label policies, and the user will get all the sensitivity labels and settings from those policies. If there is a conflict in settings from multiple policies, the settings from the policy with the highest priority (highest order number) is applied. In other words, the highest priority wins for each setting.

If you're not seeing the label policy setting behavior that you expect for a user or group, check the order of the sensitivity label policies. You might need to move the policy down. To reorder the label policies, select a sensitivity label policy > choose the Actions ellipsis for that entry > Move down or Move up. For example:

Learn about sensitivity labels - Microsoft Purview (compliance) (12)

From our screenshot example that shows three label policies, all users are assigned the standard label policy, so it's appropriate that it has the lowest priority (lowest order number of 0). Only users in the IT department are assigned the second policy that has the order number 1. For these users, if there are any conflicts in settings between their policy and the standard policy, the settings from their policy wins because it has a higher order number.

Similarly for users in the legal department, who are assigned the third policy with distinct settings. It's likely that these users will have more stringent settings, so it's appropriate that their policy has the highest order number. It's unlikely that a user from the legal department will be in a group that's also assigned to the policy for the IT department. But if they are, the order number 2 (highest order number) ensures that the settings from the legal department always take priority if there's a conflict.

Note

Remember: If there is a conflict of settings for a user who has multiple policies assigned to them, the setting from the assigned policy with the highest order number is applied.

Sensitivity labels and Azure Information Protection

The sensitivity labels that are built into Microsoft 365 Apps on Windows, macOS, iOS, and Android look and behave very similarly across these devices to provide users with a consistent labeling experience. However, on Windows computers, you can also use the Azure Information Protection (AIP) client. This client is now in maintenance mode.

If you're using the AIP client, see Why choose built-in labeling over the AIP add-in for Office apps to understand and manage your labeling choices for Windows computers.

Azure Information Protection labels

Label management for Azure Information Protection labels in the Azure portal was deprecated March 31, 2021. Learn more from the official deprecation notice.

If your tenant isn't yet on the unified labeling platform, you must first activate unified labeling before you can use sensitivity labels. For instructions, see How to migrate Azure Information Protection labels to unified sensitivity labels.

Sensitivity labels and the Microsoft Information Protection SDK

Because a sensitivity label is stored in the metadata of a document, third-party apps and services can read from and write to this labeling metadata to supplement your labeling deployment. Additionally, software developers can use the Microsoft Information Protection SDK to fully support labeling and encryption capabilities across multiple platforms. To learn more, see the General Availability announcement on the Tech Community blog.

You can also learn about partner solutions that are integrated with Microsoft Purview Information Protection.

Deployment guidance

For deployment planning and guidance that includes licensing information, permissions, deployment strategy, a list of supported scenarios, and end-user documentation, see Get started with sensitivity labels.

(Video) Planning your Security Compliance with Microsoft Purview

To learn how to use sensitivity labels to comply with data privacy regulations, see Deploy information protection for data privacy regulations with Microsoft 365.

FAQs

What is Microsoft information protection sensitivity labels? ›

Sensitivity labels from Microsoft Purview Information Protection let you classify and protect your organization's data, while making sure that user productivity and their ability to collaborate isn't hindered.

What teams features can be controlled by using sensitivity labels? ›

You can use sensitivity labels to control guest access to your teams. Teams created with a label that doesn't allow guest access are only available to users in your organization. People outside your organization can't be added to the team.

What does sensitivity label do? ›

Sensitivity labels are used to add an additional layer of protection to your files or emails. They allow you to classify documents as confidential or highly confidential labels which once applied, determine what users can do with that file.

How do I migrate azure information protection labels to unified sensitivity labels? ›

In this tutorial, you'll:
  1. Learn about planning your migration.
  2. Migrate your labels to the unified labeling platform.
  3. Learn how to configure advanced settings in the Microsoft Purview compliance portal.
  4. Copy your policies to the unified labeling platform.
  5. Deploy the unified labeling client.
1 Aug 2022

What is the difference between AIP and DLP? ›

With DLP, you can block a document from being shared or an email from being sent both within and outside of your organization if it meets the rules you have defined. AIP is a protection mechanism that lives within the document itself.

How many sensitivity labels can you apply to a file? ›

In this post, we've explained the principles of applying sensitivity labels at the container level within Microsoft 365. We showed you that there are currently three containers to which sensitivity labels can be applied.

How do you apply a sensitivity label to a team? ›

Select the Policies tab, and then select Edit for the Sensitivity setting. From the Edit sensitivity setting pane, select the sensitivity label you want to apply to the site. Unlike user apps, where sensitivity labels can be assigned to specific users, the admin center displays all sensitivity labels for your tenant.

Which three types of communication are supported by communication compliance teams? ›

User-reported messages policy: This system policy supports user reported messages from channel, group, and private chat messages. Enabled by default in the Teams admin center.

How do I enable sensitivity labels for groups and sites? ›

Sign in to the Azure AD admin center. Select Groups, and then select New group. On the New Group page, select Office 365, and then fill out the required information for the new group and select a sensitivity label from the list. Save your changes and select Create.

What type of encryption is used with sensitivity labels? ›

Encryption for a sensitivity label uses the Azure Rights Management service from Azure Information Protection.

How do you label confidential documents? ›

Clearly label all confidential information as “confidential”. This means writing “confidential” on documents or any folder you keep them in. If you are sending an email, make sure the title clearly identifies it as confidential.

How do I mark a document as sensitive? ›

Word, Excel, PowerPoint
  1. On the Home tab, select Sensitivity. ...
  2. Choose the sensitivity label that applies to your file.

Is AIP deprecated? ›

At 06.01. 2020 Microsoft released the deprication notice for Azure Information Protection client and Label management in the Azure portal. The service is deprecated as of March 31, 2021.

What must AIP labels be associated with to be effective? ›

In AIP, a classification label is used to identify data based on its level of sensitivity and the impact to your business. Most common sensitivity levels are categorized as restricted, confidential, official use, and public. AIP can apply labels (classify) to documents and emails.

What is unified Labelling? ›

The unified labeling experience in Microsoft 365 provides organizations with a more integrated and consistent approach to creating, configuring, and automatically applying comprehensive policies to protect and govern your data—across devices, apps, cloud services, and on-premises.

What is the most suitable MS AIP label while sharing a presentation? ›

When looking at what is the most suitable MS Azure Information Protection label while sharing a presentation, you might want to use Official or Confidential.

Does E3 include AIP? ›

The Microsoft 365 E3 package includes the AIP Premium Plan 1 for $32 per user, per month.

Is DLP part of MIP? ›

MIP includes data loss prevention (DLP), endpoint data loss prevention, Microsoft compliance extension, Microsoft 365 data loss prevention, and protection of sensitive information across Microsoft apps.

Can you apply sensitivity labels to PDF? ›

Within Office apps, built-in sensitivity labels were previously limited to Office documents. We're now extending this functionality, allowing you to use these labels to protect PDFs created using Word, Excel, or PowerPoint for Windows.

What is office365 sensitivity labels? ›

What are Microsoft 365 Sensitivity Labels? Sensitivity Labels are custom sets of access rules that you can define and apply to documents, Microsoft Teams, and SharePoint sites. They allow your team to precisely control exactly who can access what in a straightforward and intuitive way.

How do I add a sensitivity label to a SharePoint site? ›

View and manage sensitivity labels in the SharePoint admin center
  1. Select the site name to open the details pane.
  2. Select the Policies tab, and then select Edit for the Sensitivity setting.
  3. From the Edit sensitivity setting pane, select the sensitivity label you want to apply to the site.
21 Sept 2022

How long does it take for sensitivity labels to publish? ›

For containers, such as sites in SharePoint and Teams: The label is removed and any settings that were configured with that label are no longer enforced. This action typically takes between 48-72 hours for SharePoint sites, and can be quicker for Teams and Microsoft 365 Groups.

How do I create a label in Microsoft Teams? ›

Add labels to your plan

On the task board, select a task to open details. On the card, select Add label, and then select from one of the 25 labels in the list. To rename a label, select the pencil icon next to it in the list, and then enter a new name for it.

Is Microsoft Teams secure for confidential information? ›

Network communications in Teams are encrypted by default. By requiring all servers to use certificates and by using OAUTH, Transport Layer Security (TLS), and Secure Real-Time Transport Protocol (SRTP), all Teams data is protected on the network.

What is Microsoft 365 communication compliance? ›

Microsoft Purview Communication Compliance is an insider risk solution in Microsoft 365 that helps minimize communication risks by helping you detect, capture, and act on inappropriate messages in your organization.

Can teams messages be monitored? ›

The quick answer is yes -- IT administrators can monitor employees' messages in Microsoft Teams.

What are teams Displays? ›

Microsoft Teams displays are dedicated Teams devices with an ambient touchscreen and a hands-free mode using Cortana

Cortana
Cortana is Microsoft's personal productivity assistant that helps you save time and focus attention on what matters most. To get started, select the Cortana icon on the taskbar.
https://support.microsoft.com › en-us › topic
. All your Teams activity and notices—including chat and channel messages, meetings, and calls—are visible at a glance, without switching away from your primary work screens.

How do I add labels in SharePoint? ›

Apply a label in OneDrive or SharePoint
  1. Select the item.
  2. In the upper-right corner, select Open the details pane.
  3. Under Apply label, select Choose a label to open the list of options.
  4. Select the appropriate retention label for your document. ...
  5. If a Save option appears, select it.

How do I add Administrator to eDiscovery? ›

On the Role groups for Microsoft Purview solutions page, select eDiscovery Manager. On the eDiscovery Manager flyout page, do one of the following based on the eDiscovery permissions that you want to assign. Add. Select the user (or users) you want to add as an eDiscovery manager, and then select Add.

How do I create a sensitivity label in Outlook? ›

To create labels, navigate to the https://protection.office.com/ website and then click on the Classification section and then Sensitivity Labels, this will bring you to the area where you can create all your labels for use with Office.

What is sensitivity in Microsoft Word? ›

Sensitivity labels have been gaining increased traction lately within Microsoft 365. For those who might not be familiar with sensitivity labels, they are a mechanism that determines how certain content is to be treated. For example, a sensitivity label might be used to encrypt a document or to apply a watermark.

How do you mark an email as sensitive? ›

Click File > Options > Mail. Under Send messages, select Normal, Personal, Private, or Confidential in the Default Sensitivity level list.

What are the 3 levels of classified information? ›

(S) There are three levels of classification – TOP SECRET, SECRET, and CONFIDENTIAL. (S) There are two ways to classify a document – ORIGINAL CLASSIFICATION or DERIVATIVE CLASSIFICATION.

What are the three different types of confidential information? ›

Three main categories of confidential information exist: business, employee and management information. It is important to keep confidential information confidential as noted in the subcategories below.

What are the steps you should take before disclosing sensitive information? ›

5 Ways Successful Leaders Disclose Sensitive Information
  • Distinguish the "what" from the "how."
  • Never start with the information.
  • Embrace vulnerability to build trust.
  • Follow the "what" with "now what?"
  • Don't be afraid to ask for help.
3 May 2017

How do sensitivity labels work? ›

Unlike retention labels, which are published to locations such as all Exchange mailboxes, sensitivity labels are published to users or groups. Apps that support sensitivity labels can then display them to those users and groups as applied labels, or as labels that they can apply.

What is the purpose of applying sensitivity labels to your data? ›

Applying sensitivity labels to your content enables you to keep your data secure by stating how sensitive certain data is in your organization. It also abstracts the data itself, so you use labels to track the type of data, without exposing sensitive data on another platform.

What is AIP sensitivity settings? ›

AIP protects the sensitive information of your company. It allows your organization to encrypt, classify, and protect your emails and documents at the time of creation or modification. With AIP, you can: Manually or automatically add labels and classify emails and documents based on business rules.

What is office365 sensitivity labels? ›

What are Microsoft 365 Sensitivity Labels? Sensitivity Labels are custom sets of access rules that you can define and apply to documents, Microsoft Teams, and SharePoint sites. They allow your team to precisely control exactly who can access what in a straightforward and intuitive way.

How do I turn on sensitivity labels in Word? ›

Word, Excel, PowerPoint
  1. On the Home tab, select Sensitivity. ...
  2. Choose the sensitivity label that applies to your file.

How do I use sensitivity labels in Outlook? ›

To create labels, navigate to the https://protection.office.com/ website and then click on the Classification section and then Sensitivity Labels, this will bring you to the area where you can create all your labels for use with Office.

How do I turn off sensitivity labels? ›

If you need to turn off built-in labeling in Office apps on Windows
  1. Navigate to User Configuration/Administrative Templates/Microsoft Office 2016/Security Settings.
  2. Set Use the Sensitivity feature in Office to apply and view sensitivity labels to 0.
4 days ago

How do I create a sensitivity label in Office 365? ›

Create and configure sensitivity labels
  1. From the Microsoft Purview compliance portal, select Solutions > Information protection > Labels.
  2. On the Labels page, select + Create a label to start the new sensitivity label configuration:
21 Sept 2022

How do I enable sensitivity labels for groups and sites? ›

Sign in to the Azure AD admin center. Select Groups, and then select New group. On the New Group page, select Office 365, and then fill out the required information for the new group and select a sensitivity label from the list. Save your changes and select Create.

What is a characteristic of a sensitivity label in Microsoft 365 sc900? ›

You can use sensitivity labels to mark the content when you use Office apps, by adding watermarks, headers, or footers to documents that have the label applied. You can use sensitivity labels to mark the content when you use Office apps, by adding headers, or footers to email that have the label applied.

What is sensitivity in Microsoft Word? ›

Sensitivity labels have been gaining increased traction lately within Microsoft 365. For those who might not be familiar with sensitivity labels, they are a mechanism that determines how certain content is to be treated. For example, a sensitivity label might be used to encrypt a document or to apply a watermark.

How do I create a sensitivity label in PDF? ›

To apply sensitivity labels to your document, click the Sensitivity button on the Home tab, and then click the sensitivity label you want.

What is unified Labelling? ›

The unified labeling experience in Microsoft 365 provides organizations with a more integrated and consistent approach to creating, configuring, and automatically applying comprehensive policies to protect and govern your data—across devices, apps, cloud services, and on-premises.

What is communication compliance? ›

Microsoft Purview Communication Compliance is an insider risk solution that helps minimize communication risks by helping you detect, capture, and act on inappropriate messages in your organization.

What are retention labels? ›

Retention labels help you retain what you need and delete what you don't at the item level (document or email). They are also used to declare an item as a record as part of a records management solution for your Microsoft 365 data.

How do you mark an email as sensitive? ›

Click File > Options > Mail. Under Send messages, select Normal, Personal, Private, or Confidential in the Default Sensitivity level list.

What happens when you delete an AIP label? ›

The deletion removes the label from label policies and clients won't know that the label exists. This is an acceptable action when the label has not been applied to protect documents, but it's problematic for protected content. The metadata for the label remains in the document.

How do I remove document sensitivity? ›

To resolve this issue on any affected document, perform the following steps:
  1. Open the impacted document.
  2. Select the Sensitivity drop-down to apply a non-protected label.
  3. Wait five seconds.
  4. Use the Sensitivity drop-down to deselect the previously applied label.
  5. Close the document.
21 Jul 2022

How do I automatically label emails in Outlook? ›

Automatically send emails to their label in Outlook
  1. Open Outlook.
  2. Select an email from a contact of which you'd like to auto-forward their emails.
  3. Right-click on the email and navigate to "Rules", then select "Create Rule".
  4. Click on "Advanced Options".
  5. Select "from (contact's name)".
  6. Click "Next".

Videos

1. Azure Purview: Label Your Data Automatically
(Microsoft Security Community)
2. Deploy MIP Sensitivity Labels
(Doug Does Tech)
3. Get Started with Microsoft Information Protection
(Andy Malone MVP)
4. MIP - Sensitivity Label Overview
(Doug Does Tech)
5. Build your first Microsoft Purview DLP Policy
(Doug Does Tech)
6. SBD06 - Sensitivity Labels for Content - Part02 - Microsoft 365 Compliance
(M365 Compliance - Scenario Based Demos (SBD))

Top Articles

Latest Posts

Article information

Author: Domingo Moore

Last Updated: 01/21/2023

Views: 5491

Rating: 4.2 / 5 (53 voted)

Reviews: 84% of readers found this page helpful

Author information

Name: Domingo Moore

Birthday: 1997-05-20

Address: 6485 Kohler Route, Antonioton, VT 77375-0299

Phone: +3213869077934

Job: Sales Analyst

Hobby: Kayaking, Roller skating, Cabaret, Rugby, Homebrewing, Creative writing, amateur radio

Introduction: My name is Domingo Moore, I am a attractive, gorgeous, funny, jolly, spotless, nice, fantastic person who loves writing and wants to share my knowledge and understanding with you.