Forum Discussion
IvanWilson
Jun 28, 2024Iron Contributor
Purview Information Protection for internal and external emails
I'm working with an organisation that is starting to use sensitivity labels. They have Office 365 E3 licenses. The current plan is to set up a default label for documents and emails called "Internal Only". This label will encrypt contents and grant co-author permissions to all staff.
The challenge will be when emails include external recipients. Ideally, the user will change from the default label to one that grants access to any recipients. However, I can imagine that there will be many cases where they forget to do this.
If we had Office 365 E5 licenses, we would have the option to create a DLP policy to show a policy tip. I I would expect this would reduce the incidents of mislabeling.
I have seen recommendations to avoid encrypting by default and only use it where needed. However this client is keen to use encryption to protect as much content as possible.
One suggestion could be to change the default email label to only grant access to the sender and recipients, regardless of whether they are internal or external.
I'm interested in any real-world feedback on how others have tackled this issue.
- mohan1921Copper ContributorIt is not recommended to use default label with encryption
- IvanWilsonIron Contributor
mohan1921 Microsoft recently published a guide called "Secure by default with Microsoft Purview". This does recommend using a default sensitivity label for documents that does implement encryption.
- leandrogoncalvesCopper ContributorI understand your struggle...
We are also trying to adopt sensitivity labels, in order to maximize data protection in the future but also lowering user impact, this forces some automation of purview. For example if all recipients are internal the mail could be automatically labelled as internal, if there is an external recipient the label should be external while showing a warning tooltip.
Also the Inheritance of label from attachments only works for Old Outlook for Windows....
https://learn.microsoft.com/en-us/purview/sensitivity-labels-versions#sensitivity-label-capabilities-in-outlook