Home
Microsoft

Announcing the availability of unified labeling management in the Security & Compliance Center

Companies across all different industries and regulatory environments have a need to manage the lifecycle of their data – keeping sensitive data secure and ensuring that their data and records are governed in accordance with compliance requirements – all the while ensuring end-user productivity isn’t hindered. More than ever, users share and move their data across devices, apps, and services. This has made protecting important data even more challenging.

 

In our Information Protection blog we announced a new unified labeling experience in the Security & Compliance Center. With unified labels, you have a single place to manage sensitivity labels that help classify and protect your sensitive data, as well as manage retention labels that help govern the lifecycle of your data (e.g. data retention and expiration). With this update also comes interoperability between Azure Information Protection labels and labels in Office 365. This means, for example, if you have content labeled by Azure Information Protection, you won’t need to reclassify or relabel your content. With unified labels, you can assign multiple labels to a single file, helping ensure your sensitive information is protected while it’s also controlled according to your governance needs.

 

MIPlabelSCC.png

The new unified label management experience in the Security & Compliance Center

 

Getting started with sensitivity labels

Getting started with sensitivity labels is an easy two-step process. First, you want to establish your taxonomy for defining different levels of sensitive content. You should use common names or terms that make sense to your end-users. For example, many customers start with labels such as Personal, Public, General, Confidential, and Highly Confidential. Then, configure the protection settings you want associated with each label. For example, lower sensitivity content (e.g. a “General” label) might have content watermarking or header/footers applied, while higher sensitivity content (e.g. a “Confidential” label) may have access controls and encryption applied to ensure only privileged users can access it. After you define your organization’s labels, you “publish” a label policy that controls which labels users can assign to their content – and this also makes labels available in Office apps and other services. More detailed instructions are available directly in the product help at https://aka.ms/manageMIP.

 

Guidance for customers using Azure Information Protection labels

The new unified labelling is designed to interoperate with Azure Information Protection labels. If you have content that’s already been labeled by Azure Information Protection, you won’t need to re-classify or re-label it. We have made it easy to merge and re-use your existing Azure Information Protection labels with the new unified labelling in the Security & Compliance Center.

 

Azure Information Protection users are currently able to classify and label content on Windows using the Azure Information Protection add-in for Office. Customers have long requested the need for classification and labelling on other platform, and today we’re announcing a public preview for existing Azure Information Protection customers – the ability to migrate Azure Information Protection labels to the unified labeling in the Security & Compliance Center. Get started today with the preview versions of the Office apps that support native labeling (as described in our Information Protection blog). To prevent confusion, we recommend you avoid creating labels in the Security & Compliance Center. Our documentation has important information and some specific caveats – you can find out more on the Azure Information Protection portal. If you are not yet ready to migrate your production tenants to unified labels then there is no cause for concern; for the moment, your users can continue using the Azure Information Protection client and admins can use the Azure portal for management. The new reporting and analytics capabilities in Azure Information Protection are also available in public preview in the Azure portal.

 

Together, these updates for Azure Information Protection represent another step towards a complete data protection strategy. Get started today!

 

The Microsoft Information Protection team

15 Comments

Ahem, we've been waiting for this for an year now, we can wait few more days/weeks, but maybe you should be a bit more specific as to when it's expected to be rolled out. As it is NOT currently available in any of the dozen or so tenants I work with.

Microsoft
Hi Vasil, thanks for your interest in our new unified labeling capabilities! 
 
All North America customers should now have access to the feature from the Office 365 Security and Compliance Center. Is your tenant in North America? 
If not, it may take (at most) a few weeks before the rollout completes saturation for all regions. We're anxious to see this released, and will plan to post an update to this blog as soon as the WW roll out completes.
 
Thanks,
/Mas

Again with that NA stuff... annoying :) Guess I'll wait, and thanks for clarifying.

When will it become available in Japanese version?

I can find them on Home tabs, but cannot click them now.

 

Microsoft

Hi Akio - we'll post an update as soon as its available, I assure you! Just a few more days ....

Thanks.

Looking forward to announcing from you.

@Mas Libman so once i see the Sensitivity tab in my EU tenants i should be able to go in to https://portal.azure.com/?ActivateMigration=true#blade/Microsoft_Azure_InformationProtection/DataCla... and activate unified labeling?

 

 

Occasional Contributor

Is this available in the GCC or GCC High? 

Microsoft

Hey everyone - circling back real quick to confirm that all regions are now enabled for Sensitivity labels!! Just open the Security and Compliance Center, click Classification --> Labels, and look for the "Sensitivity tab".

 

@Eric Schrader We're working on GCC/etc rollout as quickly as we can, but don't have an ETA yet when it will be ready.

@Tommy Clarke - Yes, that's the expected process.

 

 

 

 

Senior Member

@Mas Libman Hi Mas, a couple of questions if that's OK?

 

Will published labels appear in OWA? under the Encrypt button?

Will published labels appear in Outlook under the Encrypt / Permissions button?

Will the watermark option for content apply to emails as well? or just documents?

 

Thanks

 

Ben.

Microsoft

Hi @Ben Harris I suggest taking a look at our product documentation that should answer most of your questions: http://aka.ms/managemip as well as further details on Office client behavior here: https://support.office.com/en-us/article/apply-sensitivity-labels-to-your-documents-and-email-within...

Frequent Contributor

Hello @Mas Libman - Are there any plans to apply unified labels to Office 365 Groups? I recently migrated my AIP labels to Office 365 Security and Compliance Center and now they are in-sync (in preview feature). However, I still see that my Office 365 Group classification labels are standalone settings and disconnected from the unified labeling. And I do not see anything on the road map, is this something in the works still? 

 

Providing a sample screenshot to be clear of which classification I am talking about. O365 Group Data Classification.jpg

 

 

Ali. 

Frequent Contributor

 

@Ali Salih I also have the same question given the above settings are only for "Unified  Groups".  Surely we want to do something similar for our newly provisioned Hub and Communication sites? Why can't all this be in done in a Site Design on PnP Provisioning template? 

Frequent Contributor

@Daniel Westerdale- I checked with couple folks and re-watched BRK2137 - Embrace Office 365 Groups: What's new and how to get started, and the Unified Labeling is definitely in the works for Office 365 Groups classification. You can see it in action towards the end of the video as well. However, no ETA yet. 

Frequent Contributor

Good call @Ali Salih I have now watched BRK2137  a couple of times and getting used to Christophe's speed talking!  Interesting about the use of labels in groups which seems to do that they described ealier custom jobs as in if Category =  Highly confidential then 

 

 

Set-SPOSite -Identity $siteUrl -SharingCapability Disabled

I think we will want this even for internal team members as we would rather they were participating in the team site from within - another reason not to mirror departments but to represent cross-team business functions..

 

 

Just got the sequel lined up to watch:  https://myignite.techcommunity.microsoft.com/sessions/66487