Hi all, thanks for the opportunity to ask questions! Does msft have an opinion or suggest guidance on whether customers should label *all* content, even if it's not sensitive and won't require protection? Personal, General, etc.? Or - is it only sensitive content that requires protection that should be labeled? I've heard guidance that auto-labeling within SPO should be reserved for sensitive content only, however, I've also heard that all content should be labeled. Should a customer lean more towards sensitive information types and DLP vs a broad labeling strategy?
@David Billedo Thank you for your question. The best practice is to apply labels to all content and to use different security measures for each label (encryption / DLP) accordingly based o the activity.
For example, use "General" as your default label for everything moving forward unless auto-labeling kicks in or user apply a different label manually.
Service based auto-labeling is designed to apply labels for your crown jewels in specific locations based on content.