Forum Discussion

Deleted's avatar
Deleted
Feb 10, 2020

Way to assign a Sensitivity labels policy to all employees (no guests)

When I try and assign a sensitivity label policy to users/groups from the Compliance centre I am unable to select a security group. The text description explans I can select from users, office 365 groups, mail enable secuoty group or a distribution group.

 

I have already set up security groups in Azure AD to manage conditional access policies and had assume I could reuse groups. For example I already have 'all employees - no guests' SG and a 'guests only' SG. Why do I need to create mail enabled SG as I do not want to be able email these groups.

 

We do no have a Team or Office 365 group for all employee as the organization is too large.

 

I have read through all the Microsoft docs but cant see to find anything

Any help appreciated

 

 

 

 

  • Nip17's avatar
    Nip17
    Brass Contributor

    Deleted 

    1. AIP policies requires a ‘mail-enabled’ distribution group
    2. You cannot use a security group (dynamic or static) because this group type doesn't have an email address
    3. You also cannot use a dynamic distribution list from Exchange Online because this group isn't replicated to Azure AD

Resources