General Availability: Microsoft Information Protection sensitivity labels in Teams/SharePoint sites

Published Jun 30 2020 08:40 AM 38.8K Views
Microsoft

Ensure secure collaboration in scalable way with Microsoft Information Protection

 

Microsoft Information Protection is a built-in, intelligent, unified, and extensible solution to protect sensitive data across your enterprise – in Microsoft 365 cloud services, on-premises, third-party SaaS applications, and more. Microsoft Information Protection provides a unified set of capabilities to know your data, protect your data, and prevent data loss across Microsoft 365 apps (e.g. Word, PowerPoint, Excel, Outlook) and services (e.g. Teams, SharePoint, and Exchange).

  

Microsoft Information Protection’s sensitivity labels are central to how your business-critical data is protected, in a persistent way, throughout its lifecycle. Labels can be applied to protect documents (e.g. to encrypt an Excel file) and to containers (e.g. to restrict access to a confidential team or site from unmanaged devices).

 

We recently announced the general availability of both manual labeling in Office apps across all platforms and of automatic labeling for documents stored in SharePoint and Teams.

 

Today, we are excited to announce the general availability of sensitivity labels for Teams, SharePoint sites, and Microsoft 365 Groups. You can now associate a sensitivity label with policies related to privacy, external user membership, and unmanaged device access.

 

With users constantly creating and sharing sensitive data in Teams and on SharePoint sites, this capability allows for holistically securing sensitive content whether it is in a file or in a chat by managing access to these containers. This powerful capability, along with manual and auto-labeling of documents on SharePoint and Teams, helps you scale your data protection program to meet the proliferation of data and the challenge of secure collaboration while working remotely.

 

The first step to securing sensitive content in teams, sites and groups is to create sensitivity labels with policies. For example, you can create a sensitivity label called “Confidential” and specify that any team, site, or group created with this label will be private, that even a team or site owner cannot add users external to the organization and that unmanaged devices will be allowed web access only.

 

Figure 1: Admin specifying access policies during label creationFigure 1: Admin specifying access policies during label creation

 

Now a user creating a team, or a site can choose from your published labels, and all the underlying policies will apply automatically to that team or site. For example, if a user selects the “Confidential” label during a team creation, this new team will automatically restrict access to approved members in the organization and prevent addition of people external to the organization.

 

Figure 2: When team owner applies “Confidential” label, team and associated site are automatically set as privateFigure 2: When team owner applies “Confidential” label, team and associated site are automatically set as private

 

After a user creates the team, this “Confidential” label will appear in the upper-right corner of all channels within this team. Now, if users visit the SharePoint site associated with this team, they will also see the “Confidential” label, and all applied policies.

 

This capability enables you to protect sensitive content in a team or SharePoint site by managing people and device access to these containers. If you want to apply label-based encryption to protect individual documents stored in a team or SharePoint site, you can use auto-labeling or manual labeling. Together these powerful Microsoft Information Protection capabilities enable organizations to scale their data protection programs across a vast amount of data.

 

We are continuously expanding the capabilities of Microsoft Information Protection. You can see in this recent blog a summary of some of the investments we’ve made in the last two months. To learn more about the capability covered in this blog:

  • Read our online documentation with instructions to opt-in, configuration details, and links to a webinar with demos.
    • If you are using AAD classification, read this documentation for next steps
    • To see which apps and services support this capability, read this documentation page. To apply these labels on OneDrive, start here
  • This capability is included with Microsoft 365 E3 and Office 365 E3 plus AAD Premium P1 and above. Learn more about required licensing. If you are new to Microsoft 365, learn how to try or buy a subscription.
  • Please note that auto-labeling individual documents stored in team or SharePoint site requires either Microsoft 365 E5 or Compliance E5 or Information Protection & Governance E5 add-on SKU.

As you navigate this challenging time, we have additional resources to help. For more information about securing your organization in this time of crisis, visit our Remote Work site.

 

We’re here to help in any way we can.

 

Thank you!

 

Sesha Mani, Principal Group Program Manager, Microsoft 365 services

 

Tony Themelis, Principal PM Manager, Microsoft Information Protection

 

18 Comments
%3CLINGO-SUB%20id%3D%22lingo-sub-1500728%22%20slang%3D%22en-US%22%3ERe%3A%20General%20Availability%3A%20Microsoft%20Information%20Protection%20sensitivity%20labels%20in%20Teams%2FSharePoint%20si%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1500728%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EThank%20you.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E%22To%20see%20which%20apps%20and%20services%20support%20this%20capability%2C%20read%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Freview.docs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fsensitivity-labels-teams-groups-sites%3Fview%3Do365-21vianet%26amp%3Bbranch%3Dpr-en-us-3776%23support-for-sensitivity-labels%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ethis%3C%2FA%3E%26nbsp%3Bdocumentation%20page%22.%20-%20The%20link%20is%20broken%20and%20receiving%20%22forbidden%22%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1501907%22%20slang%3D%22en-US%22%3ERe%3A%20General%20Availability%3A%20Microsoft%20Information%20Protection%20sensitivity%20labels%20in%20Teams%2FSharePoint%20si%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1501907%22%20slang%3D%22en-US%22%3E%3CP%3EMohan%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETry%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fsensitivity-labels-teams-groups-sites%3Fview%3Do365-worldwide%23support-for-sensitivity-labels%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fsensitivity-labels-teams-groups-sites%3Fview%3Do365-worldwide%23support-for-sensitivity-labels%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1502035%22%20slang%3D%22en-US%22%3ERe%3A%20General%20Availability%3A%20Microsoft%20Information%20Protection%20sensitivity%20labels%20in%20Teams%2FSharePoint%20si%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1502035%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F32868%22%20target%3D%22_blank%22%3E%40Mohan%20Seenippandian%3C%2FA%3E%26nbsp%3B%20-%20the%20link%20is%20updated%20now%2C%20it%20is%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fsensitivity-labels-teams-groups-sites%3Fview%3Do365-worldwide%23support-for-sensitivity-labels%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ehere%3C%2FA%3E%2C%20thank%20you%20for%20pointing%20that%20out.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1502311%22%20slang%3D%22en-US%22%3ERe%3A%20General%20Availability%3A%20Microsoft%20Information%20Protection%20sensitivity%20labels%20in%20Teams%2FSharePoint%20si%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1502311%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F85036%22%20target%3D%22_blank%22%3E%40Sesha%20Mani%3C%2FA%3E%26nbsp%3B%20I%20m%20in%20the%20middle%20of%20implementation%20au-labeling%20for%20SharePoint%20and%20Onedrive%20in%20our%20organization.%26nbsp%3B%20The%20following%20are%20the%20requirements.%26nbsp%3B%3C%2FP%3E%3COL%3E%3CLI%3EDocuments%20must%20be%20classified%20automatically%20when%20a%20user%20uploads%20a%20document%20to%20the%20SharePoint%20site-%20Can%20do%20with%20Auto-labeling%20%2C%20already%20test%26nbsp%3B%3C%2FLI%3E%3CLI%3E%3CSTRONG%3EContent%20marking%3C%2FSTRONG%3E%20-%20any%20document%20classified%20must%20stamp%20with%20watermarks%2C%20as%20my%20understanding%2C%20we%20cannot%20do%20with%20auto-labeling.%20Any%20way%20to%20achieve%20this%3F%26nbsp%3B%20or%20even%20why%20when%20a%20user%20downloads%20the%20auto-classified%20document%20to%20the%20computer%20the%20user%20cannot%20see%20watermarks%20that%20we%20have%20defined%20under%20labels%3F%20is%20this%20because%20auto%20labeling%20not%20opening%20the%20document%20when%20its%20stamp%20with%20the%20label%3F%26nbsp%3B%3C%2FLI%3E%3CLI%3ETo%20overcome%20the%202nd%20issue%20I%20have%20tried%20with%20word%20templates%2C%20but%20then%20auto-labeling%20%3CSTRONG%3Edoesn't%20work%20with%20.doctx%3C%2FSTRONG%3E%2C%20will%20you%20be%20able%20to%20share%20a%20reference%20for%20all%20document%20types%20that%20support%20by%20the%20auto-labeling.%20Seems%20to%20be%20pdf%20also%20not%20supporting.%3C%2FLI%3E%3C%2FOL%3E%3CP%3EThanks.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1502715%22%20slang%3D%22en-US%22%3ERe%3A%20General%20Availability%3A%20Microsoft%20Information%20Protection%20sensitivity%20labels%20in%20Teams%2FSharePoint%20si%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1502715%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20for%20the%20great%20description%2C%20this%20will%20be%20very%20useful%20for%20sites%20%2F%20teams%20handling%20confidential%20data.%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20restricting%20access%20to%20unmanaged%20devices%20using%20sensitivity%20label%2C%20does%20this%20require%20this%20feature%20to%20be%20enabled%20at%20the%20SPO%20access%20control%20level%3F%20Or%20it%20can%20be%20controlled%20at%20individual%20site%2C%20group%20or%20team%20level%20now%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1503020%22%20slang%3D%22en-US%22%3ERe%3A%20General%20Availability%3A%20Microsoft%20Information%20Protection%20sensitivity%20labels%20in%20Teams%2FSharePoint%20si%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1503020%22%20slang%3D%22en-US%22%3E%3CP%3EDo%20you%20need%20a%20corresponding%20Session%20Control%20Conditional%20Access%20policy%20(Application%20enforced%20restrictions)%20for%20the%20unmanaged%20device%20settings%20to%20work%3F%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1503348%22%20slang%3D%22en-US%22%3ERe%3A%20General%20Availability%3A%20Microsoft%20Information%20Protection%20sensitivity%20labels%20in%20Teams%2FSharePoint%20si%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1503348%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F716667%22%20target%3D%22_blank%22%3E%40Amit_Dobhal%3C%2FA%3E%26nbsp%3Band%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F359617%22%20target%3D%22_blank%22%3E%40Chris_Clark_Netrix%3C%2FA%3E%26nbsp%3B-%20Thank%20you%20for%20your%20compliment.%20For%20unmanaged%20device%20access%20policy%2C%20yes%2C%20this%20needs%20to%20be%20enabled%20at%20the%20SPO%20Access%20Control%20level%20to%20be%20permissive%20i.e.%20Full%20Access%2C%20which%20will%20automatically%20create%20a%20conditional%20access%20policy%20in%20AAD.%20Then%2C%20you%20can%20control%20at%20the%20individual%20site%20level%20by%20using%20this%20Sensitivity%20Label.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ERefer%20to%20this%20documentation%20for%20the%20further%20instructions%20on%20enabling%20unmanaged%20device%20policy%20in%20SharePoint%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsharepoint%2Fcontrol-access-from-unmanaged-devices%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsharepoint%2Fcontrol-access-from-unmanaged-devices.%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1503358%22%20slang%3D%22en-US%22%3ERe%3A%20General%20Availability%3A%20Microsoft%20Information%20Protection%20sensitivity%20labels%20in%20Teams%2FSharePoint%20si%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1503358%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F410218%22%20target%3D%22_blank%22%3E%40Nip17%3C%2FA%3E%26nbsp%3B-%20thank%20you%20for%20your%20questions.%20On%20content%20marking%2C%20yes%20it%20is%20the%20current%20behavior%20that%20auto%20classified%20documents%20won't%20have%20content%20marking.%20We%20will%20take%20this%20feedback%20into%20consideration%20for%20future%20versions%20of%20the%20auto%20classification%20feature.%20For%20file%20types%20supported%20in%20auto%20labeling%20and%20additional%20details%20about%20this%20auto%20classification%20with%20sensitivity%20labels%20feature%2C%20please%20refer%20to%20this%20article%3A%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fapply-sensitivity-label-automatically%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fapply-sensitivity-label-automatically%3Fview%3Do365-worldwide.%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1503551%22%20slang%3D%22en-US%22%3ERe%3A%20General%20Availability%3A%20Microsoft%20Information%20Protection%20sensitivity%20labels%20in%20Teams%2FSharePoint%20si%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1503551%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F85036%22%20target%3D%22_blank%22%3E%40Sesha%20Mani%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20you%20please%20tell%20me%20the%20license%20requirement%20for%20Auto-%20labeling.%26nbsp%3B%20On%20the%20last%20Microsoft%20session%2C%20I%20have%20attend%20mentioned%20only%20a%20couple%20of%20M%2FO%20E5%20license%20and%20all%20other%20users%20required%20only%20M%2FO%20E3.%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20Microsoft%20has%20mentioned%20is%20this%20auto-classification%20is%20an%20engine%20within%20admin%20control%2C%20would%20not%20necessarily%26nbsp%3Bend-user%20license%3C%2FP%3E%3CP%3E%3CBR%20%2F%3ECan%20please%20help%20me%20urgently.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1515604%22%20slang%3D%22en-US%22%3ERe%3A%20General%20Availability%3A%20Microsoft%20Information%20Protection%20sensitivity%20labels%20in%20Teams%2FSharePoint%20si%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1515604%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20a%20customer%20(lawyer%20office)%20concerned%20about%20employee%20downloading%20files%20from%20TEAMS%20and%20OneDrive%20and%20uploading%20it%20to%20their%20personal%20email%20address%20(%40Yahoo%2C%20%40gmail%20and%20etc).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20a%20way%20to%20restrict%20that%20labeled%20files%20to%20be%20used%20only%20on%20corporate%20computers%3F%3F%3F%20Like%20and%20encryption%20where%20even%20the%20user%20copying%20to%20home%20he%20cannot%20be%20handle%20it.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20help%20is%20appreciated.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1522108%22%20slang%3D%22en-US%22%3ERe%3A%20General%20Availability%3A%20Microsoft%20Information%20Protection%20sensitivity%20labels%20in%20Teams%2FSharePoint%20si%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1522108%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F85036%22%20target%3D%22_blank%22%3E%40Sesha%20Mani%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F204493%22%20target%3D%22_blank%22%3E%40Tony%20Themelis%3C%2FA%3E%26nbsp%3B%20Thanks%20for%20the%20information.%20I%20have%20come%20across%20a%20problem%20when%20testing%20out%20the%20new%20container%20labels%20to%20Teams%20and%20SharePoint%20sites.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22%22%3EThe%20issue%20arises%20as%20there%20is%20a%20common%20process%20to%20manage%20container%20and%20content%20labels.%20Any%20MIP%20labels%20you%20set%20up%20to%20specifically%20manage%20Teams%20sites%20to%20control%20guest%20access%20are%20visible%20when%20you%20apply%20labels%20to%20content%20e.g.%20on%20Work%20or%20Outlook.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22%22%3EFor%20example%20for%20a%20client%20I%20was%20testing%20out%20two%20MIP%20labels%20to%20manage%20their%20content%20Public%20and%20Private.%20Public%20was%20a%20just%20a%20label%20with%20a%20footer%20and%20Private%20had%20encryption%20with%20a%20footer.%20These%20were%20added%20to%20a%20label%20policy%20where%20the%20default%20label%20was%20Private.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22%22%3EI%20then%20created%20two%20new%20labels%20to%20manage%20the%20guest%20access%20in%20Teams%20Internal%20and%20External.%20Internal%20would%20block%20guest%20access%20and%20External%20would%20allow%20guest%20access.%20I%20did%20not%20want%20to%20provide%20any%20controls%20to%20manage%20content.%20These%20two%20labels%20were%20created%20was%20under%20a%20separate%20label%20policy%20so%20I%20could%20set%20the%20default%20label%20to%20Internal.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22%22%3EWhen%20I%20created%20a%20new%20Team%20all%20was%20well%20as%20the%20Internal%20MIP%20label%20was%20set%20as%20default%20and%20I%20could%20only%20see%20the%20two%20options%20Internal%20and%20External.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22%22%3EHowever%20when%20I%20went%20to%20apply%20an%20MIP%20label%20in%20a%20Office%20Doc%20or%20Outlook%20when%20I%20selected%20the%20sensitivity%20icon%20I%20was%20presented%20with%204%20labels%2C%20Public%2C%20Private%20%2C%20Internal%20%26amp%3B%20External.%20Internal%20%26amp%3B%20Externa%20had%20nor%20controls%20and%20were%20set%20up%20just%20to%20manage%20Teams%20guest%20access%20yet%20the%20users%20could%20inadvertently%20select%20the%20label%20Internal%20and%20think%20that%20the%20system%20would%20provide%20relevant%20controls%20on%20the%20content%20which%20it%20would%20not%20do%2C%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20is%20possible%20to%20combine%20the%20labels%20sets%20and%20reduce%20to%20three%20%3A%3C%2FP%3E%3COL%3E%3CLI%3EPublic%20-%20add%20footer%20to%20content%26nbsp%3Bplus%20block%20external%20access%20in%20Teams%3C%2FLI%3E%3CLI%3EPrivate%2FInternal%20-%20add%20footer%20and%20encrypt%20content%20plus%20block%20external%20access%20in%20Teams%3C%2FLI%3E%3CLI%3EPrivate%2FExternal-%20add%20footer%20and%20encrypt%20content%20plus%20allow%20external%20guest%20access%20in%20Teams%3C%2FLI%3E%3C%2FOL%3E%3CP%3EThis%20still%20increases%20the%20choices%20for%20an%20end%20user%20from%202%20to%203%20when%20labeling%20content%20and%20if%20the%20client%20already%20have%20existing%20labelling%20in%20place%20then%20this%20an%20additional%20change%20the%20client%20will%20need%20to%20make.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20heard%20that%20Microsoft%20are%20looking%20to%20split%20content%20and%20container%20MIP%20labeling%20to%20mitigate%20this%20issue.%20Any%20ideas%20on%20timelines%20or%20any%20other%20advice%20we%20can%20use%20in%20the%20short%20term%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1526358%22%20slang%3D%22en-US%22%3ERe%3A%20General%20Availability%3A%20Microsoft%20Information%20Protection%20sensitivity%20labels%20in%20Teams%2FSharePoint%20si%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1526358%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F380093%22%20target%3D%22_blank%22%3E%40njc123%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20heard%20that%20Microsoft%20are%20looking%20to%20split%20content%20and%20container%20MIP%20labeling%20to%20mitigate%20this%20issue.%20Any%20ideas%20on%20timelines%20or%20any%20other%20advice%20we%20can%20use%20in%20the%20short%20term%3C%2FP%3E%3CP%3EYes%20you%20will%20be%20able%20to%20select%20the%20scope%20when%20you%20are%20creating%20the%20label%20as%20shown%20below.%20Can%20expect%20to%20see%20this%26nbsp%3B%20before%20end%20of%20this%20year%20I%20guess.%20As%20always%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F75055%22%20target%3D%22_blank%22%3E%40Sanjoyan%20Mustafi%3C%2FA%3E%26nbsp%3B%20has%20done%20a%20brilliant%20session%20yesterday%20about%20this%20%2C%20sorry%20I%20can't%20find%20the%20link%20to%20the%20session.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Scope.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205781iAA8E2F731199A8CB%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22Scope.png%22%20alt%3D%22Scope.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20is%20possible%20to%20combine%20the%20labels%20sets%20and%20reduce%20to%20three%20%3A%3C%2FP%3E%3COL%3E%3CLI%3EPublic%20-%20add%20footer%20to%20content%26nbsp%3Bplus%20block%20external%20access%20in%20Teams.%26nbsp%3B%20Why%20do%20you%20want%20to%20stop%20external%20access%20on%20Public%20label%3F%26nbsp%3B%20Normally%20Public%20label%20will%20allow%20external%20access.%20I%20hope%20you%20mean%20public%20-%20all%20internal%20staff%20except%20guest%2C%20if%20so%20you%20can%20as%20below%3C%2FLI%3E%3C%2FOL%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%223.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205785i9401D34BB660BA69%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%223.png%22%20alt%3D%223.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E2.%20Private%2FInternal%20-%20add%20footer%20and%20encrypt%20content%20plus%20block%20external%20access%20in%20Teams%20-%20yes%20you%20can%20as%20below%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%221.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205783i96DED40801783A46%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%221.png%22%20alt%3D%221.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E3.%20Private%2FExternal-%20add%20footer%20and%20encrypt%20content%20plus%20allow%20external%20guest%20access%20in%20Teams%20-%20yes%20you%20can%20as%20below%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%222.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205784iB4D3D2C86EB47063%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%222.png%22%20alt%3D%222.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20I%20create%20these%20label%20I%20will%20create%20as%20follow%3C%2FP%3E%3CP%3E1.%20Public%20-%20allow%20all%20staff%20%2B%20guest%20(%20Public%20-%20anoyone%20in%20the%20organisation%20%2B%20Let%20O365%20group%20owner%20to%20add%20gues%20in%20to%20the%20group)%3C%2FP%3E%3CP%3E2.%20Internal%20-%26nbsp%3Ballow%20all%20staff%26nbsp%3B%20(%20Public%20-%20anoyone%20in%20the%20organisation%20)%3C%2FP%3E%3CP%3E3.%20Confidential%20-%20Allow%26nbsp%3B%20only%20dedicated%20staff%20(%20Private-%20only%20members%20can%20access%20the%20site%20)%3C%2FP%3E%3CP%3EIf%20you%20really%20want%20something%20like%20dedicated%20staff%20%2B%20dedicated%20guest%20%2C%20I%20would%20recomend%20to%20go%20with%20a%20sub%20label.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20didnt%20misunderstand%20your%20question%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1532570%22%20slang%3D%22en-US%22%3ERe%3A%20General%20Availability%3A%20Microsoft%20Information%20Protection%20sensitivity%20labels%20in%20Teams%2FSharePoint%20si%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1532570%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F90460%22%20target%3D%22_blank%22%3E%40Renato%20Pereira%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECould%20you%20please%20explain%20a%20bit%20your%20business%20requirement%2C%20not%20the%20solution%3F%3C%2FP%3E%3CP%3EIf%20your%20requirement%20is%20to%20stop%20unauthorised%20access%20your%20data%3C%2FP%3E%3COL%3E%3CLI%3EUse%20unified%20labelling%20(AIP)%20to%20make%20sure%20only%20authorised%20person%20can%20use%20the%20data%3C%2FLI%3E%3CLI%3EUse%20DLP%20to%20prevent%20users%20from%20sharing%20confidential%20data%20with%20unapproved%20stakeholders%20or%20third-party%3C%2FLI%3E%3CLI%3EIf%20you%20want%20to%20stop%20accessing%20data%20from%20untrusted%20locations%2C%20then%20use%20conditional%20access%20policy.%3C%2FLI%3E%3C%2FOL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20really%20want%20to%20stop%20staff%20uploading%20documents%20into%20yahoo%20or%20google%20and%20then%20they%20download%20into%20their%20personal%20computer%20later%20date%20to%20use%20the%20data%2C%20then%20assuming%20the%20user%20is%20not%20allowed%20to%20access%20O365%20org%20data%20beyond%20the%20org%20n%2Fw-%20if%20yes%3C%2FP%3E%3CP%3Esolution%20%E2%80%93%20use%20AIP%20this%20will%20prompt%20to%20authenticate%20when%20the%20user%20opens%20the%20document%20and%20use%20conditional%20access%20policy%20to%20stop%20accessing%20data%20beyond%20your%20org%20n%2Fw%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20check%20AIP%20%2BDLP%20%2B%20conditional%20aces%20policy%20for%20unmanaged%20devices%20and%20untrusted%20locations.%20If%20possible%20MCASB%20will%20give%20you%20a%20greater%20monitoring%20and%20control%20capability.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1537467%22%20slang%3D%22en-US%22%3ERe%3A%20General%20Availability%3A%20Microsoft%20Information%20Protection%20sensitivity%20labels%20in%20Teams%2FSharePoint%20si%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1537467%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F410218%22%20target%3D%22_blank%22%3E%40Nip17%3C%2FA%3E%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethe%20customer%20concern%20is%3A%3C%2FP%3E%3CP%3E*%20Some%20employees%20uses%20laptop%20and%20some%20a%20PC%3B%3C%2FP%3E%3CP%3E*%20for%20both%20cases%20users%20should%20be%20able%20to%20handle%20.DOCX%20files%20on%20their%20daily%20basis%20routine.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20we%20use%20Exchange%20MAILFLOW%20RULES%2C%20we%20can%20detect%20some%20'strange%20behavior'%20like%20users%20sending%20files%20as%20attachment%20to%20their%20personal%20e-mail%20address%20(%40gmail.com%2C%26nbsp%3B%40hotmail.com%2C%20%40yahoo.com%20and%20etc)%20and%20then%20quarentine%20or%20just%20block%20and%20etc.%20Sometimes%20users%20just%20create%20a%20new%20e-mail%20on%20the%20MS%20Outlook%20windows%20app%20and%20then%20add%20those%20files%20as%20attachment%20but%20do%20not%20send%20-%20just%20'save%20and%20hold'%3B%20during%20the%20night%20at%20home%20they%20can%20access%20his%20accounts%20via%20%3CA%20href%3D%22https%3A%2F%2Foutlook.office.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Foutlook.office.com%3C%2FA%3E%26nbsp%3Band%20then%20download%20the%20files.%3C%2FP%3E%3CP%3EI%20know%20that%20we%20can%20access%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fcompliance.microsoft.com%2Fdatalossprevention%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fcompliance.microsoft.com%2Fdatalossprevention%3C%2FA%3E%26nbsp%3Band%20create%20a%20new%20policy%2Frule%20for%20some%20file%20share%2C%20but%20the%20problem%20is%20if%20they%20upload%2Fattach%20that%20files%20to%20their%20personal%20e-mail%20address%20using%20the%20web%20browser%20(gmail%20website%20for%20example).%20Since%20their%20credentials%20is%20still%20valid%2C%20they%20can%20save%20locally%20at%20their%20home%20computer%2C%20open%20the%20file%20for%20edit%20and%20etc.%20But%20and%20about%20the%20copy%20saved%20on%20the%20local%20'downloads'%20folder%3F%3F%3F%20How%20to%20ensure%20that%20thoses%20files%20will%20be%20deleted%20after%20work%3F%3F%3F%20Is%20there%20a%20way%20to%20limit%20user%20'logon%2Fauthentication'%20for%20non%20business%20hours%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20to%20limit%20upload%20using%20webbrower%3F%20As%20I%20know%20the%20only%20way%20is%20to%20use%20antivirus%20with%20DLP%20rules%20or%20even%20PROXY%2FFW%20with%20DLP.%3C%2FP%3E%3CP%3EIf%20these%20employes%20has%20access%20to%20'datastore'%20like%20pendrive%20or%20even%20his%20mobile%20phone%20with%20USB%20cable%2C%20how%20to%20prevent%20they%20to%20copy%20files%3F%20As%20I%20know%20we%20must%20block%20USB%20datastore%20using%20Antivirus.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20a%20way%20to%20limit%20on%20what%20'device'%20they%20can%20manage%20those%20files%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFew%20months%20ago%20I%20created%20a%20support%20ticket%20with%20MS%20O365%20team%20about%20how%20to%20limit%20OneDrive%20app%20to%20be%20unable%20to%20sync%20personal%20accounts%20because%20we%20found%20some%20guys%20copying%20from%20OneDrive%20CORP%20account%20disk%20folder%20to%20OneDrive%20PERSONAL%20account%20disk%20folder%20-%20they%20sent%20instructions%20about%20GPO%20and%20.ADMX%20files%20for%20that%2C%20but%20since%20that%20customer%20doesn%C2%B4t%20have%20local%20AD%2C%20we%20asked%20for%20more%20options%20and%20they%20send%20REG%20KEYS%20to%20be%20used%20for%20that%20situation.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26gt%3B%26gt%3B%26gt%3B%20As%20you%20can%20see%2C%20'begginers'%20employees%20can%20copy%20data%20based%20on%20senior%20employee%20effort!!!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E*%20We%20also%20have%20a%20similar%20situation%20about%20protect%20corporate%20data%2C%20where%20a%20customer%20has%20CAD%20project%20files%20to%20protect%20(Autodesk%20Powermill%20and%20Machine%20Strategist%20files).%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1538323%22%20slang%3D%22en-US%22%3ERe%3A%20General%20Availability%3A%20Microsoft%20Information%20Protection%20sensitivity%20labels%20in%20Teams%2FSharePoint%20si%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1538323%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F410218%22%20target%3D%22_blank%22%3E%40Nip17%3C%2FA%3E%26nbsp%3B%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20don't%20know%20why%20my%20reply%20was%20lost.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWith%20'conditional'%20access%2C%20can%20we%20limit%20user%20accounts%20to%20be%20used%20only%20on%20corp%20devices%3F%20The%20main%20concern%20is%20users%20using%20account%20on%20non%20protected%20devices%20and%20also%20sync%20corp%20data.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20to%20protect%20and%20avoid%20users%20to%20be%20able%20to%20upload%20documents%20to%20gmail%2Fhotmail%20websites%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1540901%22%20slang%3D%22en-US%22%3ERe%3A%20General%20Availability%3A%20Microsoft%20Information%20Protection%20sensitivity%20labels%20in%20Teams%2FSharePoint%20si%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1540901%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F90460%22%20target%3D%22_blank%22%3E%40Renato%20Pereira%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYes%20you%20can%20use%20conditional%20access%20policy%20to%20check%20IP%20address%20as%20well%20as%20the%20device%20is%20managed%20or%20not.%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22alltrusted.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F207408iC135D053A22C8612%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22alltrusted.png%22%20alt%3D%22alltrusted.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EHow%20to%20protect%20and%20avoid%20users%20to%20be%20able%20to%20upload%20documents%20to%20Gmail%2FHotmail%20websites%3F%26nbsp%3B%3C%2FP%3E%3CP%3Eas%20I%20have%20mentioned%20previously%20I%20dont%20think%20you%20need%20to%20worry%20that%20much%20on%20this%20if%20your%20documents%20are%20protected%20with%20AIP.%20When%20they%20email%20in%20to%20them%20self%20and%20try%20to%20open%20the%20document%20form%20unmanaged%20device%20the%20CAP%20will%20kicked%20in%20and%20blocking%20the%20access.%20Furthermore%20if%20you%20are%20using%20Intune%20you%20can%20use%20MAM%20and%20MDM%20to%20protect%20your%20applications%20such%20as%20Teams%2C%20SharePoint%20etc.%20You%20can%20define%20stop%20copy%20content%20from%20Teams%20to%20unmanaged%20applications%20such%20as%20note%20pad%2C%20etc.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1550022%22%20slang%3D%22en-US%22%3ERe%3A%20General%20Availability%3A%20Microsoft%20Information%20Protection%20sensitivity%20labels%20in%20Teams%2FSharePoint%20si%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1550022%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F410218%22%20target%3D%22_blank%22%3E%40Nip17%3C%2FA%3E%2C%20tks%20for%20quick%20reply.%3C%2FP%3E%3CP%3EThe%20concern%20is%20also%20with%20files%20not%20from%20Office%20where%20users%20can%20upload%20online%20to%20MegaUpload%2C%20Dropbox%20and%20etc.%3C%2FP%3E%3CP%3ECan%20Intune%20handle%20this%20DLP%20on%20upload%20process%20or%20should%20we%20use%20AV%20solution%20for%20that%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E---%3C%2FP%3E%3CP%3E.3DM%20for%20Rhino%3B%3C%2FP%3E%3CP%3E.IGS%20for%20Rhino%20exported%20to%20Machine%20Strategist%3B%26nbsp%3B%3CBR%20%2F%3E.MCO%20ou%20.MSA%20for%20Machine%20Strategist%20or%26nbsp%3B.PRG%20exported%20to%20CNC%20format).%3C%2FP%3E%3CP%3E---%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1551831%22%20slang%3D%22en-US%22%3ERe%3A%20General%20Availability%3A%20Microsoft%20Information%20Protection%20sensitivity%20labels%20in%20Teams%2FSharePoint%20si%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1551831%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F90460%22%20target%3D%22_blank%22%3E%40Renato%20Pereira%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20check%20Microsoft%20new%20feature%20endpoint%20DLP.%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-security-and%2Fannouncing-public-preview-of-microsoft-endpoint-data-loss%2Fba-p%2F1534085%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-security-and%2Fannouncing-public-preview-of-microsoft-endpoint-data-loss%2Fba-p%2F1534085%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1497769%22%20slang%3D%22en-US%22%3EGeneral%20Availability%3A%20Microsoft%20Information%20Protection%20sensitivity%20labels%20in%20Teams%2FSharePoint%20sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1497769%22%20slang%3D%22en-US%22%3E%3CP%3E%3CEM%3EEnsure%20secure%20collaboration%20in%20scalable%20way%20with%20Microsoft%20Information%20Protection%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EMicrosoft%20Information%20Protection%20is%20a%20built-in%2C%20intelligent%2C%20unified%2C%20and%20extensible%20solution%20to%20protect%20sensitive%20data%20across%20your%20enterprise%20%E2%80%93%20in%20Microsoft%20365%20cloud%20services%2C%20on-premises%2C%20third-party%20SaaS%20applications%2C%20and%20more.%20Microsoft%20Information%20Protection%20provides%20a%20unified%20set%20of%20capabilities%20to%20know%20your%20data%2C%20protect%20your%20data%2C%20and%20prevent%20data%20loss%20across%20Microsoft%20365%20apps%20(e.g.%20Word%2C%20PowerPoint%2C%20Excel%2C%20Outlook)%20and%20services%20(e.g.%20Teams%2C%20SharePoint%2C%20and%20Exchange).%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%26nbsp%3B%3C%2FP%3E%0A%3CP%3EMicrosoft%20Information%20Protection%E2%80%99s%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fsensitivity-labels%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Esensitivity%20labels%3C%2FA%3E%26nbsp%3Bare%20central%20to%20how%20your%20business-critical%20data%20is%20protected%2C%20in%20a%20persistent%20way%2C%20throughout%20its%20lifecycle.%20Labels%20can%20be%20applied%20to%20protect%20documents%20(e.g.%20to%20encrypt%20an%20Excel%20file)%20and%20to%20containers%20(e.g.%20to%20restrict%20access%20to%20a%20confidential%20team%20or%20site%20from%20unmanaged%20devices).%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20recently%20announced%20the%20general%20availability%20of%20both%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-security-and%2Fannouncing-general-availability-of-sensitivity-labels-with%2Fba-p%2F1356224%22%20target%3D%22_blank%22%3Emanual%20labeling%3C%2FA%3E%20in%20Office%20apps%20across%20all%20platforms%20and%20of%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-security-and%2Fgeneral-availability-of-automatic-classification-with%2Fba-p%2F1422249%22%20target%3D%22_blank%22%3Eautomatic%20labeling%3C%2FA%3E%20for%20documents%20stored%20in%20SharePoint%20and%20Teams.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EToday%2C%20we%20are%20excited%20to%20announce%3CSTRONG%3E%26nbsp%3Bthe%20general%20availability%20of%20sensitivity%20labels%20for%20%3C%2FSTRONG%3E%3CSTRONG%3ETeams%3C%2FSTRONG%3E%3CSTRONG%3E%2C%20%3C%2FSTRONG%3E%3CSTRONG%3ESharePoint%3CSPAN%3E%20sites%3C%2FSPAN%3E%3C%2FSTRONG%3E%3CSTRONG%3E%2C%20and%20%3C%2FSTRONG%3E%3CSTRONG%3EMicrosoft%20365%20Group%3CSPAN%3Es%3C%2FSPAN%3E%3C%2FSTRONG%3E%3CSTRONG%3E.%3C%2FSTRONG%3E%20You%20can%20now%20associate%20a%20sensitivity%20label%20with%20policies%20related%20to%20privacy%2C%20external%20user%20membership%2C%20and%20unmanaged%20device%20access.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWith%20users%20constantly%20creating%20and%20sharing%20sensitive%20data%20in%20Teams%20and%20on%20SharePoint%20sites%2C%20this%20capability%20allows%20for%20holistically%20securing%20sensitive%20content%20whether%20it%20is%20in%20a%20file%20or%20in%20a%20chat%20by%20managing%20access%20to%20these%20containers.%20This%20powerful%20capability%2C%20along%20with%20manual%20and%20auto-labeling%20of%20documents%20on%20SharePoint%20and%20Teams%2C%20helps%20you%20scale%20your%20data%20protection%20program%20to%20meet%20the%20proliferation%20of%20data%20and%20the%20challenge%20of%20secure%20collaboration%20while%20working%20remotely.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20first%20step%20to%20securing%20sensitive%20content%20in%20teams%2C%20sites%20and%20groups%20is%20to%20create%20sensitivity%20labels%20with%20policies.%20For%20example%2C%26nbsp%3Byou%20can%20create%20a%20sensitivity%20label%20called%20%E2%80%9CConfidential%E2%80%9D%20and%20specify%20that%20any%20team%2C%20site%2C%20or%20group%20created%20with%20this%20label%20will%26nbsp%3Bbe%20private%2C%20that%20even%20a%20team%20or%20site%20owner%20cannot%20add%20users%20external%20to%20the%20organization%20and%20that%20unmanaged%20devices%20will%20be%20allowed%20web%20access%20only.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22LabelsSettins.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F202098i998588249136DD8E%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22LabelsSettins.jpg%22%20alt%3D%22Figure%201%3A%20Admin%20specifying%20access%20policies%20during%20label%20creation%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EFigure%201%3A%20Admin%20specifying%20access%20policies%20during%20label%20creation%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENow%20a%20user%20creating%20a%20team%2C%20or%20a%20site%20can%20choose%20from%20your%20published%20labels%2C%20and%20all%20the%20underlying%20policies%20will%20apply%20automatically%20to%20that%20team%20or%20site.%20For%20example%2C%20if%20a%20user%20selects%20the%20%E2%80%9CConfidential%E2%80%9D%20label%20during%20a%20team%20creation%2C%20this%20new%20team%20will%20automatically%20restrict%20access%20to%20approved%20members%20in%20the%20organization%20and%20prevent%20addition%20of%20people%20external%20to%20the%20organization.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22LabelsInAction%20Teams.gif%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F202099i41F529A6543BABA4%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22LabelsInAction%20Teams.gif%22%20alt%3D%22Figure%202%3A%20When%20team%20owner%20applies%20%E2%80%9CConfidential%E2%80%9D%20label%2C%20team%20and%20associated%20site%20are%20automatically%20set%20as%20private%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EFigure%202%3A%20When%20team%20owner%20applies%20%E2%80%9CConfidential%E2%80%9D%20label%2C%20team%20and%20associated%20site%20are%20automatically%20set%20as%20private%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAfter%20a%20user%20creates%20the%20team%2C%20this%20%E2%80%9CConfidential%E2%80%9D%20label%20will%20appear%20in%20the%20upper-right%20corner%20of%20all%20channels%20within%20this%20team.%26nbsp%3BNow%2C%20if%20users%20visit%20the%20SharePoint%20site%20associated%20with%20this%20team%2C%20they%20will%20also%20see%20the%20%E2%80%9CConfidential%E2%80%9D%20label%2C%20and%20all%20applied%20policies.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20capability%20enables%20you%20to%20protect%20sensitive%20content%20in%20a%20team%20or%20SharePoint%20site%20by%20managing%20people%20and%20device%20access%20to%20these%20containers.%20If%20you%20want%20to%20apply%20label-based%20encryption%20to%20protect%20individual%20documents%20stored%20in%20a%20team%20or%20SharePoint%20site%2C%20you%20can%20use%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fapply-sensitivity-label-automatically%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eauto-labeling%3C%2FA%3E%20or%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-security-and%2Fannouncing-general-availability-of-sensitivity-labels-with%2Fba-p%2F1356224%22%20target%3D%22_blank%22%3Emanual%20labeling%3C%2FA%3E.%20Together%20these%20powerful%20Microsoft%20Information%20Protection%20capabilities%20enable%20organizations%20to%20scale%20their%20data%20protection%20programs%20across%20a%20vast%20amount%20of%20data.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20are%20continuously%20expanding%20the%20capabilities%20of%20Microsoft%20Information%20Protection.%20You%20can%20see%20in%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2020%2F06%2F11%2Fwhats-new-microsoft-365-compliance-risk-management%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ethis%20recent%20blog%3C%2FA%3E%26nbsp%3Ba%20summary%20of%20some%20of%20the%20investments%20we%E2%80%99ve%20made%20in%20the%20last%20two%20months.%20To%20learn%20more%20about%20the%20capability%20covered%20in%20this%20blog%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3ERead%20our%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fsensitivity-labels-teams-groups-sites%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eonline%20documentation%3C%2FA%3E%26nbsp%3Bwith%20instructions%20to%20opt-in%2C%20configuration%20details%2C%20and%20links%20to%20a%20webinar%20with%20demos.%3CUL%3E%0A%3CLI%3EIf%20you%20are%20using%20AAD%20classification%2C%20read%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fmigrate-aad-classification-sensitivity-labels%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ethis%20documentation%3C%2FA%3E%20for%20next%20steps%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3ETo%20see%20which%20apps%20and%20services%20support%20this%20capability%2C%20read%20%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fsensitivity-labels-teams-groups-sites%3Fview%3Do365-worldwide%23support-for-sensitivity-labels%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ethis%3C%2FA%3E%3CSPAN%3E%20documentation%20page.%20To%20apply%20these%20labels%20on%20OneDrive%2C%20start%20%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fsensitivity-labels-teams-groups-sites%23use-powershell-to-apply-a-sensitivity-label-to-multiple-sites%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehere%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3EThis%20capability%20is%20included%20with%20Microsoft%20365%20E3%20and%20Office%20365%20E3%20plus%20AAD%20Premium%20P1%20and%20above.%20Learn%20more%20about%20-ERR%3AREF-NOT-FOUND-required%20licensing.%20If%20you%20are%20new%20to%20Microsoft%20365%2C%20learn%20how%20to%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcommerce%2Ftry-or-buy-microsoft-365%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Etry%20or%20buy%20a%20subscription%3C%2FA%3E%3CSPAN%3E.%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3EPlease%20note%20that%20auto-labeling%20individual%20documents%20stored%20in%20team%20or%20SharePoint%20site%20requires%20either%20Microsoft%20365%20E5%20or%20Compliance%20E5%20or%20Information%20Protection%20%26amp%3B%20Governance%20E5%20add-on%20SKU.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EAs%20you%20navigate%20this%20challenging%20time%2C%20we%20have%20additional%20resources%20to%20help.%20For%20more%20information%20about%20securing%20your%20organization%20in%20this%20time%20of%20crisis%2C%20visit%26nbsp%3Bour%20-ERR%3AREF-NOT-FOUND-Remote%20Work%20site.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%E2%80%99re%20here%20to%20help%20in%20any%20way%20we%20can.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThank%20you!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3ESesha%20Mani%2C%20Principal%20Group%20Program%20Manager%2C%20Microsoft%20365%20services%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3ETony%20Themelis%2C%20Principal%20PM%20Manager%2C%20Microsoft%20Information%20Protection%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1497769%22%20slang%3D%22en-US%22%3E%3CP%3EToday%2C%20we%20are%20excited%20to%20announce%3CSTRONG%3E%26nbsp%3Bthe%20general%20availability%20of%20Microsoft%20Information%20Protection%20sensitivity%20labels%20in%20T%3C%2FSTRONG%3E%3CSTRONG%3Eeams%3C%2FSTRONG%3E%3CSTRONG%3E%2C%20%3C%2FSTRONG%3E%3CSTRONG%3ESharePoint%3C%2FSTRONG%3E%3CSPAN%3E%3CSTRONG%3E%20sites%3C%2FSTRONG%3E%3C%2FSPAN%3E%3CSTRONG%3E%2C%20and%20%3C%2FSTRONG%3E%3CSTRONG%3EMicrosoft%20365%20Group%3C%2FSTRONG%3E%3CSPAN%3E%3CSTRONG%3Es%3C%2FSTRONG%3E%3C%2FSPAN%3E%3CSTRONG%3E.%3C%2FSTRONG%3E%20You%20can%20now%20associate%20a%20sensitivity%20label%20with%20policies%20related%20to%20privacy%2C%20external%20user%20membership%2C%20and%20unmanaged%20device%20access.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22LabelsInAction%20Teams.gif%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F202097iB2C83999FB54BBAA%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22LabelsInAction%20Teams.gif%22%20alt%3D%22Sensitivity%20labels%20in%20action%20in%20Teams%20and%20SharePoint%20site%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3ESensitivity%20labels%20in%20action%20in%20Teams%20and%20SharePoint%20site%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1497769%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECompliance%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EInformation%20Protection%20%26amp%3B%20Governance%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20365%20Groups%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Information%20Protection%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESensitivity%20Labels%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ETeams%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Version history
Last update:
‎May 11 2021 02:03 PM
Updated by:
We support Ukraine and condemn war. Push Russian government to act against war. Be brave, vocal and show your support to Ukraine. Follow the latest news HERE