Guidance: Sensitivity Labels during Mergers & Acquisitions (separate tenants, non-M365, etc.)

We’re building an internal playbook for how to handle Microsoft Purview sensitivity labels during mergers and acquisitions, and I’d really appreciate any lessons learned or best practices.

Specifically, I’m interested in how others have handled:

• Acquired organizations on a separate Microsoft 365/O365 tenant for an extended period (pre- and post-close):
  • How did you handle “Internal Only” content when the two tenants couldn’t fully trust each other yet?
  • Any tips to reduce friction for collaboration between tenants during the transition?
• Existing label structures, such as:
  • We use labels like “All Internal Only” and labels with user-defined permissions — has anyone found good patterns for mapping or reconciling these with another company’s labels?
  • What if the acquired company is already using sensitivity labels with a different taxonomy? How did you rationalize or migrate them?
• Acquisitions where the target does not use Microsoft 365 (for example, Google Workspace, on-prem, or other platforms):
  • Any strategies for protecting imported content with labels during or after migration?
  • Gotchas around legacy permissions versus label-based protections?
• General pitfalls or watch-outs between deal close and full migration:
  • Anything you wish you had known before your first M&A with Purview labels in play?
  • Policies or configurations you’d recommend setting (or avoiding) during the interim period?

Any examples, war stories, or template approaches you’re willing to share would be incredibly helpful as we shape our playbook.

Thanks in advance for any insights!