The intent of this blog series is to help customers refresh their understanding of service side auto-labeling with hero scenarios explained. In addition to the Playbook we recently released, this series will help guide you in setting up auto-labeling policies and take action to enforce those policies in simulation mode. We will add new content to this blog every few weeks to cover a range of topics related to auto-labeling.
Microsoft Information Protection (MIP) provides a unified set of capabilities to know your data, protect your data, and protect against data loss across Microsoft 365 apps and services. Foundational to Microsoft are its classification capabilities—from out-of-the-box sensitive information types to machine learning trainable classifiers to automatically finding and classifying sensitive content at scale. MIP’s auto-labeling capability helps customers to quickly classify more of their ever-increasing data and protect sensitive content.
Sensitivity labels are at their basic level a tag, that is customizable, persistent, accessible to applications, and visible to users. Labels once applied to documents and email become the basis for enforcing data protection policies throughout the tenants’ digital estate. When a label is applied to a file or email it is persisted as document metadata. When a label is applied to a SharePoint site or OneDrive for business the label persists as container metadata.
With auto-labeling policies, administrators can automatically apply sensitivity labels to email messages, OneDrive files, and SharePoint files that contain sensitive information. This labeling is applied by services rather than applications, so you don’t need to worry about what type of client the user is using. This label will be automatically applied to content that matches the rules and related conditions here. Auto-labeling also places labels on emails sent to users for whom the policy applies.
There are two different methods for automatically applying a sensitivity label to content in Microsoft 365 – Client-side labeling and Service-side labeling. For the purposes of this blog, we’re focusing on Service-side auto-labeling.
Service-side auto-labeling is sometimes referred to as auto-labeling for data at rest and data in transit. Unlike client-side auto-labeling, service-side auto-labeling does not depend on the client to analyze the document content while it is being created. Instead, service-side auto-labeling reviews content that is stored (at-rest) in SharePoint or OneDrive document libraries, or that is "in-flight" or being sent within Exchange. Because this labeling is applied by services rather than by applications, you don't need to worry about what apps users have and what version. As a result, this capability is immediately available throughout your organization and is suitable for labeling at scale. Auto-labeling policies don't support recommended labeling because the user doesn't interact with the labeling process. Instead, the administrator runs the policies in simulation mode to help ensure the correct labeling of content before applying the label.
This ability to apply sensitivity labels to content automatically is important because:
Our admin feedback feature that was made Generally Available in January 2022 now allows admins an inside view of the labeling progress of their auto-labeling policies.
After your auto-labeling policy is turned on, you can view the labeling progress for files in your chosen SharePoint and OneDrive locations. Emails are not included in the labeling progress because they are automatically labeled as they are sent.
The labeling progress includes the files to be labeled by the policy, the files labeled in the last 7 days, and the total files labeled. Because of the maximum of labeling 25,000 files a day, this information provides you with visibility into the current labeling progress for your policy and how many files are still to be labeled.
When you first turn on your policy, you will initially see a value of 0 for files to be labeled until the latest data is retrieved. This progress information updates every 48 hours, so you can expect to see the most current data every other day. We are working on reducing this SLA. When you select an auto-labeling policy, you can see more details about the policy in a flyout pane, which includes the labeling progress by the top 10 sites. The information on this flyout pane might be more current than the aggregated policy information displayed on the Auto-labeling main page.
Tip: You can also use content explorer to identify locations that have documents with sensitive information but are unlabeled. Using this information, consider adding these locations to your auto-labeling policy, and include the identified sensitive information types as rules.
If you’re not an E5 customer, you can sign up for our Compliance trial to gain access to our default policies or leverage our default MIP label schema by manually creating the labels following our documentation above. Learn about the Microsoft 365 compliance trial - Microsoft 365 Compliance | Microsoft Docs
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.