Forum Discussion
NunoMSilva
Dec 16, 2020Copper Contributor
Sensitivity Labels Office Web
I’m doing the first configurations to use sensitivity labels. I already have labels and policies, created and published using Office 365 Security & Compliance, and is working when i use Office on-premises. But in a first approach, i want to use on Office web (online), and is not working. The icon and respective labels doesn’t show up, and I thinks is related about a definition what i have in my tenant: EnableAIPIntegration = false
My questions are: I don’t know why is disable, because in new Tenant its comes enable by default. What is the impact for the user or other apps like SharePoint, Teams, Onedrive, or even what problems could appear if i enable this feature.
Any sugestion?
Thanks for your help.
NunoMSilva It is not enabled by default, because this would have an impact on all customers using AIP. The impact is described here.
After you enable sensitivity labels for Office files in SharePoint and OneDrive, for new and changed files that have a sensitivity label that applies encryption with a cloud-based key (and doesn't use Double Key Encryption😞
For Word, Excel, and PowerPoint files, SharePoint and OneDrive recognize the label and can now process the contents of the encrypted file.
When users download or access these files from SharePoint or OneDrive, the sensitivity label and any encryption settings from the label are enforced and remain with the file, wherever it is stored. Ensure you provide user guidance to use only labels to protect documents. For more information, see Information Rights Management (IRM) options and sensitivity labels.
When users upload labeled and encrypted files to SharePoint or OneDrive, they must have at least view rights to those files. For example, they can open the files outside SharePoint. If they don't have this minimum usage right, the upload is successful but the service doesn't recognize the label and can't process the file contents.
Use Office on the web (Word, Excel, PowerPoint) to open and edit Office files that have sensitivity labels that apply encryption. The permissions that were assigned with the encryption are enforced. You can also use auto-labeling for these documents.
External users can access documents that are labeled with encryption by using guest accounts. For more information, see Support for external users and labeled content.
Office 365 eDiscovery supports full-text search for these files and Data Loss Prevention (DLP) policies support content in these files.
- braedachauBrass ContributorHello,
Apart from turning on the unified Labels in the AIP portal you will need to use PowerShell. You will need to enable WINRM if your device is managed by Intune probably also. Refer here.
https://portal.azure.com.mcas.ms/#blade/Microsoft_Azure_InformationProtection/DataClassGroupEditBlade/migrationActivationBlade
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-teams-groups-sites?view=o365-worldwide#enable-this-preview-and-synchronize-labels
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-settings-cmdlets
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-assign-sensitivity-labels
I was than able to fully enable Sensitivity labels across everything.
All mine are working as of this morning. By the way the last two links are very important
Good luck- NunoMSilvaCopper ContributorHi,
I think my problem it'sdifferent. On office web, i don't have the "icon" to put the labels. And i know, if i run the command "Set-SPOTenant -EnableAIPIntegration $True" the icon show ups with respective labels. My question is, i dont know why is disabel, and wich the impact in my tenant.
Thanks for your help and time.- JanBakkerOrphanedSteel Contributor
NunoMSilva It is not enabled by default, because this would have an impact on all customers using AIP. The impact is described here.
After you enable sensitivity labels for Office files in SharePoint and OneDrive, for new and changed files that have a sensitivity label that applies encryption with a cloud-based key (and doesn't use Double Key Encryption😞
For Word, Excel, and PowerPoint files, SharePoint and OneDrive recognize the label and can now process the contents of the encrypted file.
When users download or access these files from SharePoint or OneDrive, the sensitivity label and any encryption settings from the label are enforced and remain with the file, wherever it is stored. Ensure you provide user guidance to use only labels to protect documents. For more information, see Information Rights Management (IRM) options and sensitivity labels.
When users upload labeled and encrypted files to SharePoint or OneDrive, they must have at least view rights to those files. For example, they can open the files outside SharePoint. If they don't have this minimum usage right, the upload is successful but the service doesn't recognize the label and can't process the file contents.
Use Office on the web (Word, Excel, PowerPoint) to open and edit Office files that have sensitivity labels that apply encryption. The permissions that were assigned with the encryption are enforced. You can also use auto-labeling for these documents.
External users can access documents that are labeled with encryption by using guest accounts. For more information, see Support for external users and labeled content.
Office 365 eDiscovery supports full-text search for these files and Data Loss Prevention (DLP) policies support content in these files.
- JanBakkerOrphanedSteel Contributor
- NunoMSilvaCopper Contributor