Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Setting a default sensitivity label on a SharePoint Site or Document Library

Copper Contributor

We're trying to use MCAS to solve for a customer's requirement with default sensitivity labels in Office 365 (primarily in SharePoint and OneDrive). I pulled the following diagram together to highlight the specific requirements:

  1. We need the ability to apply a general default label of ‘Internal Use’ to the customer's SharePoint and OneDrive environment.
  2. We need the ability to apply a different default label to certain sites. In the case of HR, the default label would be ‘Confidential’.
  3. We need the ability to apply a different default label to certain document libraries. In the case of HR, the default label for one of the document libraries would be ‘Restricted’
  4. We need the ability to auto-apply these labels to the documents at rest.  We have 400K+ documents and coming up with a solution that requires the document to be opened and saved to apply the label will not work.

2019-07-15_15-51-25.png

 

Is this something that MCAS can support? Thus far we see the ability to apply default labels at the folder level - but nothing higher in terms of Document Libraries or Sites. The customer has hundreds of folders, so configuring and managing things at the folder level doesn't seem sustainable.

 

Any guidance you can provide is appreciated!

2 Replies

Hi @Seth Weddon

In order to retrieve Labels from Office 365 into MCAS, you need to configure Unified Labeling in Azure Information Protection. Once enabled, you would be able to satisfy use cases 1 and 4. For use case 4, I recommend to first setup a file policy in monitoring mode to understand how many SharePoint and OneDrive files will need the Internal Use Label before setting the governance action. 

For use cases 2 and 3 you can use the native Office365 DLP where you are able to create and publish Office365 sensitivity labels to SharePoint sites / document libraries. By creating a label in the console you can then automatically apply a label by again enabling Unified Labeling with AIP.

 

SCC.PNG

 

Hi @Anisha Gupta 

 

I'm not getting it. My understanding is that the Sensitivity labels and Sensitivity Label policies allows you to define a default label based on the users to which you apply the policy. Not based on the location of the files. So I don't understand how this would work for case #2 and case #3.

 

I believe that you could use MCAS to apply the specific labels to all files and folders that are in a a selected library using the governance options.

 

Charles