Forum Discussion
Approval for Sensitive Label change
Hello brenoacp!
It's possible to set up an approval process for label changes. You can use Microsoft Information Protection (MIP) to create policies that require approval before a user can apply certain sensitive labels. This approval can be routed to a manager or designated person for review. Alternatively, you could restrict label changes based on user roles or enforce automatic blocking of external sharing for specific labels. These settings can help control which labels users can apply and prevent unauthorized external sharing.
In case you're still a bit lost i would do it this way:
To implement the approval process, you would need to create a policy within Microsoft Information Protection (MIP) and use "auto-labeling" for sensitive content. You can configure the policy to restrict which labels can be applied to emails or documents, and then set up an approval workflow using Power Automate or Microsoft 365 Compliance Center.
For example, when a user tries to apply a sensitive label that permits external sharing, an approval request can be triggered to a designated manager. This can be set up so the manager has to review and approve the action before the user can proceed.
Additionally, within the Data Loss Prevention (DLP) policy, you can restrict the external sharing of content based on the selected label. You can set conditions where certain labels are automatically blocked from sharing outside the organization unless explicitly approved.
I hope it gives you some ideas!
Regards
Hello brenoacp!
It's possible to set up an approval process for label changes. You can use Microsoft Information Protection (MIP) to create policies that require approval before a user can apply certain sensitive labels. This approval can be routed to a manager or designated person for review. Alternatively, you could restrict label changes based on user roles or enforce automatic blocking of external sharing for specific labels. These settings can help control which labels users can apply and prevent unauthorized external sharing.
In case you're still a bit lost i would do it this way:
To implement the approval process, you would need to create a policy within Microsoft Information Protection (MIP) and use "auto-labeling" for sensitive content. You can configure the policy to restrict which labels can be applied to emails or documents, and then set up an approval workflow using Power Automate or Microsoft 365 Compliance Center.
For example, when a user tries to apply a sensitive label that permits external sharing, an approval request can be triggered to a designated manager. This can be set up so the manager has to review and approve the action before the user can proceed.
Additionally, within the Data Loss Prevention (DLP) policy, you can restrict the external sharing of content based on the selected label. You can set conditions where certain labels are automatically blocked from sharing outside the organization unless explicitly approved.
I hope it gives you some ideas!
Regards