cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Guide: Creating an exception to your organisations sensitivity label policies

vicwingsing
Brass Contributor

‎May 20 2024 01:11 PM - edited ‎May 20 2024 01:16 PM

‎May 20 2024 01:11 PM - edited ‎May 20 2024 01:16 PM

Guide: Creating an exception to your organisations sensitivity label policies

Why Create an Exception?

 

Creating an exception to your sensitivity label policies can be essential in certain situations where these labels interfere with automated processes.

 

For instance, in a recent incident I managed, a Robotic Process Automation (RPA) system faced an issue due to the Default and Mandatory label policy. The process involved an SAP automated workflow that needed to create a new Excel document. However, the process was interrupted because the policy required a sensitivity label to be selected for the document, something the automated system couldn't do. By creating an exception for this specific process, we were able to ensure smooth operation without compromising the overall security and compliance framework.

 

vicwingsing_1-1716234233124.png

 

This is very similar to what this SAP user has encountered: https://community.sap.com/t5/technology-q-a/how-to-setup-sensitivity-level-label-while-sending-an-em...

 


How to Set Up an Exception (Step-by-Step Guide)

 

Scenario: Your organization has a standard set of sensitivity labels (example: Public, Internal, Highly Confidential) and Default and Mandatory label policies turned on for the entire organization.

 

The requirement is to turn off the Default and Mandatory policies for a small set of specific users (in my case RPA users). In the steps below, assume that the policy has already been created and we need to create a "duplicate" policy and make it rank higher than the current policy but without the offending policies.

 

Step 1: Create a Duplicate the Existing Policy

  1. Recreate the policy that you need to create an exemption

 

Step 2: Modify the Duplicated Policy

  1. Name and Describe: Provide a new name and description for the duplicated policy, such as "Exception Policy for Specific Users".
  2. Users and Groups:
    • Remove the current users or groups.
    • Add the specific users or groups that will be exempt from the Default and Mandatory label policies.
  3. Policy Settings:
    • Turn off Require users to apply a label.
    • Turn off Apply a default label to documents and emails.
  4. Click Next.

 

Step 3: Review and Submit the New Policy

  1. Review the configuration details of the new label policy to ensure accuracy.
  2. Click Submit to create and apply the policy.

 

Step 4: Adjust Policy Ranking

  1. Return to the Label policies section.
  2. Locate the new exception policy you just created.
  3. Use the Reorder or Priority settings to move the new policy above the existing standard policy. This ensures that the exception policy is applied first for the specified users. Reference: https://learn.microsoft.com/en-us/purview/sensitivity-labels#label-policy-priority-order-matters

vicwingsing_2-1716235682521.png

 

The last and very important step to make sure that this is a success is:

 

  • Inform the selected users of the change.
  • Monitor the application of the new policy to ensure that the Default and Mandatory label requirements are turned off for the specified users.

 

 

208 Views
1 Like
0 Replies
Reply
0 Replies