Forum Discussion
Sensitivity Labels Office Web
NunoMSilva It is not enabled by default, because this would have an impact on all customers using AIP. The impact is described here.
After you enable sensitivity labels for Office files in SharePoint and OneDrive, for new and changed files that have a sensitivity label that applies encryption with a cloud-based key (and doesn't use Double Key Encryption😞
For Word, Excel, and PowerPoint files, SharePoint and OneDrive recognize the label and can now process the contents of the encrypted file.
When users download or access these files from SharePoint or OneDrive, the sensitivity label and any encryption settings from the label are enforced and remain with the file, wherever it is stored. Ensure you provide user guidance to use only labels to protect documents. For more information, see Information Rights Management (IRM) options and sensitivity labels.
When users upload labeled and encrypted files to SharePoint or OneDrive, they must have at least view rights to those files. For example, they can open the files outside SharePoint. If they don't have this minimum usage right, the upload is successful but the service doesn't recognize the label and can't process the file contents.
Use Office on the web (Word, Excel, PowerPoint) to open and edit Office files that have sensitivity labels that apply encryption. The permissions that were assigned with the encryption are enforced. You can also use auto-labeling for these documents.
External users can access documents that are labeled with encryption by using guest accounts. For more information, see Support for external users and labeled content.
Office 365 eDiscovery supports full-text search for these files and Data Loss Prevention (DLP) policies support content in these files.
Apart from turning on the unified Labels in the AIP portal you will need to use PowerShell. You will need to enable WINRM if your device is managed by Intune probably also. Refer here.
https://portal.azure.com.mcas.ms/#blade/Microsoft_Azure_InformationProtection/DataClassGroupEditBlade/migrationActivationBlade
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-teams-groups-sites?view=o365-worldwide#enable-this-preview-and-synchronize-labels
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-settings-cmdlets
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-assign-sensitivity-labels
I was than able to fully enable Sensitivity labels across everything.
All mine are working as of this morning. By the way the last two links are very important
Good luck
- Hi,
I think my problem it'sdifferent. On office web, i don't have the "icon" to put the labels. And i know, if i run the command "Set-SPOTenant -EnableAIPIntegration $True" the icon show ups with respective labels. My question is, i dont know why is disabel, and wich the impact in my tenant.
Thanks for your help and time.NunoMSilva It is not enabled by default, because this would have an impact on all customers using AIP. The impact is described here.
After you enable sensitivity labels for Office files in SharePoint and OneDrive, for new and changed files that have a sensitivity label that applies encryption with a cloud-based key (and doesn't use Double Key Encryption😞
For Word, Excel, and PowerPoint files, SharePoint and OneDrive recognize the label and can now process the contents of the encrypted file.
When users download or access these files from SharePoint or OneDrive, the sensitivity label and any encryption settings from the label are enforced and remain with the file, wherever it is stored. Ensure you provide user guidance to use only labels to protect documents. For more information, see Information Rights Management (IRM) options and sensitivity labels.
When users upload labeled and encrypted files to SharePoint or OneDrive, they must have at least view rights to those files. For example, they can open the files outside SharePoint. If they don't have this minimum usage right, the upload is successful but the service doesn't recognize the label and can't process the file contents.
Use Office on the web (Word, Excel, PowerPoint) to open and edit Office files that have sensitivity labels that apply encryption. The permissions that were assigned with the encryption are enforced. You can also use auto-labeling for these documents.
External users can access documents that are labeled with encryption by using guest accounts. For more information, see Support for external users and labeled content.
Office 365 eDiscovery supports full-text search for these files and Data Loss Prevention (DLP) policies support content in these files.
I created a test Tenant, and i realized the definition is disabled by default. However to use Sensitivity labels i had to enable the configuration.
Thanks for your time and help.
