SOLVED

Sensitive Label Admin

%3CLINGO-SUB%20id%3D%22lingo-sub-1085695%22%20slang%3D%22en-US%22%3ESensitive%20Label%20Admin%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1085695%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3B%20I%20have%20use%20case%20%2C%20current%20we%20test%20with%20sensitive%20label%20and%20these%20label%20encrypt%20with%20all%20email%20on%20tenant%20.%20for%20example%20label%20Co-Auth%20%2C%20Review%20%2C%20View%20Only%20if%20user01%20apply%20after%20user01%20levave%20company%20and%20admin%20detete%20user%20.Now%20all%20file%20that%20user01%20owner%20then%20how%20to%20take%20control%20admin%20%3F%20or%20when%20create%20label%20with%20encrypt%20admin%20should%20be%20add%20more%20group%20as%20%22SensitiveLableOwner%22%20to%20permission%20co-owner%20to%20always%20keep%20this%20group%20owner%20all%20file%20apply%20label%20if%20need%20then%20add%20member%20to%20this%20group%20is%20can%20open%20%3F%20please%20anyone%20suggest%20help%20me%20and%20i%20worry%20if%20encrypt%20then%20if%20office365%20problem%20then%20all%20file%20company%20will%20can%20not%20open%20%3F%3C%2FP%3E%3CP%3EBest%20Regards%2C%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1085695%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1085977%22%20slang%3D%22en-US%22%3ERe%3A%20Sensitive%20Label%20Admin%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1085977%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20an%20admin%20you%20can%20use%20the%20Super%20user%20functionality%20to%20get%20access%20to%20any%20content%20protected%20by%20your%20users%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Finformation-protection%2Fconfigure-super-users%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Finformation-protection%2Fconfigure-super-users%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1087383%22%20slang%3D%22en-US%22%3ERe%3A%20Sensitive%20Label%20Admin%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1087383%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20Now%20I%20enable%20supper%20user%20then%20this%20user%20can%20%3CSPAN%3Edecrypt%26nbsp%3Ball%20file%20that%20user%20apply%20label%20before%20that%20%3F%20or%20it%20only%26nbsp%3Bdecrypt%26nbsp%3Bthese%20file%20apply%20label%20after%20this%20time%20%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1087475%22%20slang%3D%22en-US%22%3ERe%3A%20Sensitive%20Label%20Admin%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1087475%22%20slang%3D%22en-US%22%3E%3CP%3EAny%20label%2C%20as%20long%20as%20it%20still%20exists%20in%20the%20tenant%20(so%20make%20sure%20you%20don't%20delete%20labels%20unless%20you%20are%20100%25%20sure%20they%20are%20not%20in%20use).%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1090688%22%20slang%3D%22en-US%22%3ERe%3A%20Sensitive%20Label%20Admin%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1090688%22%20slang%3D%22en-US%22%3E%3CP%3Eanother%20way%20I%20can%20add%20one%20group%20owner%20to%20all%20label%20and%20when%20need%20owner%20i%20can%20add%20user%20to%20this%20group%20and%20open%20file%20to%20take%20owner%20when%20user%20leave%20company%20%3F%20as%20picture%20is%20TestO365-Group%20is%20owner%20all%20label%20when%20created%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20864px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F163777i64C4A1CFA47AAF9F%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22image.png%22%20title%3D%22image.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Regular Contributor

Hi

    I have use case , current we test with sensitive label and these label encrypt with all email on tenant . for example label Co-Auth , Review , View Only if user01 apply after user01 levave company and admin detete user .Now all file that user01 owner then how to take control admin ? or when create label with encrypt admin should be add more group as "SensitiveLableOwner" to permission co-owner to always keep this group owner all file apply label if need then add member to this group is can open ? please anyone suggest help me and i worry if encrypt then if office365 problem then all file company will can not open ?

Best Regards,

Thanks

4 Replies
Highlighted
Best Response confirmed by Tien Ngo Thanh (Regular Contributor)
Solution

As an admin you can use the Super user functionality to get access to any content protected by your users: https://docs.microsoft.com/en-us/azure/information-protection/configure-super-users

Highlighted

If Now I enable supper user then this user can decrypt all file that user apply label before that ? or it only decrypt these file apply label after this time ?

Highlighted

Any label, as long as it still exists in the tenant (so make sure you don't delete labels unless you are 100% sure they are not in use).

Highlighted

another way I can add one group owner to all label and when need owner i can add user to this group and open file to take owner when user leave company ? as picture is TestO365-Group is owner all label when created

image.png