Forum Discussion
Best practice basics for Labels and DLPs to protect company data
Hello experts, I've been doing some research and testing recently on Information protection and DLP as I would like to deploy it in our organization soon. I am very new into this and found lots o...
I have one more question - I've selected a group of users that will be testing the configured labels, and I have noticed that the labels are not visible at all to other users.
That means, a label is applied by a user in testing group (lets say INTERNAL label) and another user that is not part of the testing group does not have an idea about the label applied. When he sents a document labelled as "INTERNAL", it is blocked and will receive a notification email (this is done through DLP).... Wondering, is this a standard behaviour? OR do I miss something here? .... If it is standard behaviour, than it looks like I can't just test labels with group of users without informing all about the ongoing testing... I expected that users that are not part of testing group will at least see the label applied to documents/emails.... which they are not....
That means, a label is applied by a user in testing group (lets say INTERNAL label) and another user that is not part of the testing group does not have an idea about the label applied. When he sents a document labelled as "INTERNAL", it is blocked and will receive a notification email (this is done through DLP).... Wondering, is this a standard behaviour? OR do I miss something here? .... If it is standard behaviour, than it looks like I can't just test labels with group of users without informing all about the ongoing testing... I expected that users that are not part of testing group will at least see the label applied to documents/emails.... which they are not....
Hello experts,
I appreciate all your help so far... and wondering whether I can get some advice on the last part I am facing during my testing. I have Sensitivity labels configured, DLP configured, and been testing it all last few weeks... All works fine for MS users, however, facing issues with non-MS ones
I am wondering how you are dealing with confidential information that needs to be sent to external parties. For emails it works fine via OTP, however for documents - if external partner is using Google Workspace, for example - they cannot open it. From what I've read on MS sites, this is a known limitation as the app opening encrypted document needs to be able to work with them - which google docs apparently does not.
I am looking for some advice on how to deal with these situations....
I appreciate all your help so far... and wondering whether I can get some advice on the last part I am facing during my testing. I have Sensitivity labels configured, DLP configured, and been testing it all last few weeks... All works fine for MS users, however, facing issues with non-MS ones
I am wondering how you are dealing with confidential information that needs to be sent to external parties. For emails it works fine via OTP, however for documents - if external partner is using Google Workspace, for example - they cannot open it. From what I've read on MS sites, this is a known limitation as the app opening encrypted document needs to be able to work with them - which google docs apparently does not.
I am looking for some advice on how to deal with these situations....
- this was a great help!
I've tried to simulate the same and surprisingly, had the same results for gmail - when email is encrypted (can be even a different label than one used for attachment encryption), the attached encrypted document can be viewed in that temp outlook window. I did not even think to test it this way... 🙂
In this situation, I will put back "attachment to email" label inheritance as I have removed it due to issues with encrypted documents... However, looks like it will actually help 🙂
For Sharepoint - when sharing encrypted document externally with gmail account, I go through authentication, but then get error "Sorry something went wrong. An error has occurred on the server"
looks like sharepoint encrypted document sharing via link with external users (specified users) is the last bit that does not work... 😕
it is shared to "specific users", and encryption is allowing all authenticated users to access with Co-Author permissions. - I've just done some more testing with emailing office files that have encrypted Microsoft Word attachments. The Word document was assigned a sensitivity label with user-defined access.
In one test, I assigned an encrypted sensitivity label to the email. In the other test, I assigned a sensitivity label that does not apply encryption.
I sent the emails to an external Office 365 account and Gmail account that matched the sensitivity label permissions.
The external Office 365 recipient was able to view the email and attachments without any issues. Previously, I used to get an error when previewing attachments encrypted with user-defined permissions.
For the gmail recipient, the experience was different depending on whether the email itself was encrypted.
For the encrypted email, they were given a link to view the message on outlook.office365.com. This required them to authenticate with their Gmail account or get a one-time passcode to the same email address. They were also able to preview the Word document attachment on the same site.
For the unencrypted email, the gmail user was unable to preview the attachment.
An alternative option could be to send sharing links to the Google workspace users. That would allow them to view encrypted documents that they have been granted access to. - Hi! ..thanks for your response!
so the situation for scenario when sensitivity label encrypts document is:
-when sharing externally with MS users, they can open it with no issue with their M365 desktop apps?
-when sharing externally with non-MS users (e,g, google workspace), I simply need to change label to a one that does not encrypt data, and send as unencrypted
is this how it works then? Do I understand it properly? sumo83 I have experienced the same. The Office Web Apps currently do not support viewing Word, Excel or PowerPoint files that are encrypted with a label with user-defined access. An external recipient will need to use the desktop applications to access these.
PDFs encrypted with user-defined access can be opened with Microsoft Edge and some 3rd party PDF editors. This might help in some scenarios.
