Forum Discussion
Sensitivity Labels - External Sharing in SharePoint
I have created a Sensitivity Label that prevents External Sharing. I have applied this Sensitivity Label to a new Team that I have created and it has successfully applied to the Group and the SharePoint Site associated with the Team.
It does what is expected and prevents guests from being invited to the Team/Group/Site but it does not prevent files/folders within the Site being shared with External parties. External Sharing on the SharePoint Site is enabled by default for new/existing guests but I would have expected the Sensitivity Label to change/overrule this and prevent files/folders from being shared as well as preventing guests from being invited.
Is this expected behaviour and if so is this a feature expected to be released once it goes into GA?
6 Replies
- Sensitivity Label now has control to disable external sharing for files & folders in a site based on the applied label.Label creation with no external sharing for a siteSensitivity Label applied site
Thank you for the responses guys, I am investigating the Auto-Labeling functions and they seem.. detailed!
I dont know if I need to set up a separate post for this but I need some assistance with a Sharepoint Online Powershell Script, essentially I want it to run across all SPO Sites in our environment on a schedule and do the below
Get-SPO Site where "SensitivityLabel" -eq blank
For-each SPOSite | Set-SPOSite -SensitivityLabel "GUID of Internal Sensitivity Label"
Get-SPOSite where Sensitivity Label -eq "GUID of Internal Sensitivity Label"
For each SPO Site | Set-SPOSite -SharingCapability Disabled
I am struggling to find a way in the script of identifying all SPO sites with no Sensitivity Label applied to the put into a variable and then apply a sensitivity label.
Can anyone help with a script to execute the logic above?
Craig
Hey CraigWatson,
For now, this is expected behaviour. The label settings don't apply to any content in the container, only the container. In the example of external sharing, you are prohibiting adding guests to the group or site, but not its files.
Last I checked, there is currently a private preview of applying sensitivity labels automatically to files in SPO.
Thank you for the response Ru, much appreciated 🙂
I am hoping this function in private preview prevents the file/folder that has the sensitivity label applied prevents it from being shared, regardless of the External Sharing setting on Sharepoint, as currently you CAN apply a sensitivity label to a file, but it does not prevent it from being shared
This would negate the need for a powershell script that identifies all Sharepoint Sites with an "Internal" sensitivity label and setting the SPOSharingCapability to "Disabled"
Lets see what the future brings - Thanks again!
- FYI: you can tag documents with labels automatically utilizing MCAS. Really nice to do it this way: https://docs.microsoft.com/en-us/cloud-app-security/use-case-information-protection
