SOLVED
Home

Sensitive Label Admin

%3CLINGO-SUB%20id%3D%22lingo-sub-1085695%22%20slang%3D%22en-US%22%3ESensitive%20Label%20Admin%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1085695%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3B%20I%20have%20use%20case%20%2C%20current%20we%20test%20with%20sensitive%20label%20and%20these%20label%20encrypt%20with%20all%20email%20on%20tenant%20.%20for%20example%20label%20Co-Auth%20%2C%20Review%20%2C%20View%20Only%20if%20user01%20apply%20after%20user01%20levave%20company%20and%20admin%20detete%20user%20.Now%20all%20file%20that%20user01%20owner%20then%20how%20to%20take%20control%20admin%20%3F%20or%20when%20create%20label%20with%20encrypt%20admin%20should%20be%20add%20more%20group%20as%20%22SensitiveLableOwner%22%20to%20permission%20co-owner%20to%20always%20keep%20this%20group%20owner%20all%20file%20apply%20label%20if%20need%20then%20add%20member%20to%20this%20group%20is%20can%20open%20%3F%20please%20anyone%20suggest%20help%20me%20and%20i%20worry%20if%20encrypt%20then%20if%20office365%20problem%20then%20all%20file%20company%20will%20can%20not%20open%20%3F%3C%2FP%3E%3CP%3EBest%20Regards%2C%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1085695%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1085977%22%20slang%3D%22en-US%22%3ERe%3A%20Sensitive%20Label%20Admin%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1085977%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20an%20admin%20you%20can%20use%20the%20Super%20user%20functionality%20to%20get%20access%20to%20any%20content%20protected%20by%20your%20users%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Finformation-protection%2Fconfigure-super-users%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Finformation-protection%2Fconfigure-super-users%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1087383%22%20slang%3D%22en-US%22%3ERe%3A%20Sensitive%20Label%20Admin%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1087383%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20Now%20I%20enable%20supper%20user%20then%20this%20user%20can%20%3CSPAN%3Edecrypt%26nbsp%3Ball%20file%20that%20user%20apply%20label%20before%20that%20%3F%20or%20it%20only%26nbsp%3Bdecrypt%26nbsp%3Bthese%20file%20apply%20label%20after%20this%20time%20%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1087475%22%20slang%3D%22en-US%22%3ERe%3A%20Sensitive%20Label%20Admin%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1087475%22%20slang%3D%22en-US%22%3E%3CP%3EAny%20label%2C%20as%20long%20as%20it%20still%20exists%20in%20the%20tenant%20(so%20make%20sure%20you%20don't%20delete%20labels%20unless%20you%20are%20100%25%20sure%20they%20are%20not%20in%20use).%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1090688%22%20slang%3D%22en-US%22%3ERe%3A%20Sensitive%20Label%20Admin%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1090688%22%20slang%3D%22en-US%22%3E%3CP%3Eanother%20way%20I%20can%20add%20one%20group%20owner%20to%20all%20label%20and%20when%20need%20owner%20i%20can%20add%20user%20to%20this%20group%20and%20open%20file%20to%20take%20owner%20when%20user%20leave%20company%20%3F%20as%20picture%20is%20TestO365-Group%20is%20owner%20all%20label%20when%20created%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20864px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F163777i64C4A1CFA47AAF9F%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22image.png%22%20title%3D%22image.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Tien Ngo Thanh
Regular Contributor

Hi

    I have use case , current we test with sensitive label and these label encrypt with all email on tenant . for example label Co-Auth , Review , View Only if user01 apply after user01 levave company and admin detete user .Now all file that user01 owner then how to take control admin ? or when create label with encrypt admin should be add more group as "SensitiveLableOwner" to permission co-owner to always keep this group owner all file apply label if need then add member to this group is can open ? please anyone suggest help me and i worry if encrypt then if office365 problem then all file company will can not open ?

Best Regards,

Thanks

4 Replies
Highlighted
Solution

As an admin you can use the Super user functionality to get access to any content protected by your users: https://docs.microsoft.com/en-us/azure/information-protection/configure-super-users

Highlighted

If Now I enable supper user then this user can decrypt all file that user apply label before that ? or it only decrypt these file apply label after this time ?

Highlighted

Any label, as long as it still exists in the tenant (so make sure you don't delete labels unless you are 100% sure they are not in use).

Highlighted

another way I can add one group owner to all label and when need owner i can add user to this group and open file to take owner when user leave company ? as picture is TestO365-Group is owner all label when created

image.png