SOLVED

Sensitivity label owner

%3CLINGO-SUB%20id%3D%22lingo-sub-2163563%22%20slang%3D%22en-US%22%3ESensitivity%20label%20owner%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2163563%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3EI'm%20currently%20testing%20with%20sensitivity%20labels%20for%20some%20customers%20and%20during%20tests%20I%20found%20some%20serious%20issues%20with%20this%20technology.%3C%2FP%3E%3CP%3EAs%20far%20as%20I%20checked%20and%20the%20MS%20documentation%20wants%20to%20tell%20me%2C%20the%20first%20person%20applying%20a%20label%20is%20the%20label%2Fdocument%20owner%20for%20all%20eternity%5E%5E%3C%2FP%3E%3CP%3ESo%20how%20can%20I%20change%20this%20programmatically%20and%20what%20happens%20when%20this%20person%20has%20left%20the%20company%3F%3CBR%20%2F%3EWho%20is%20then%20the%20owner%20or%20can%20this%20label%20never%20be%20changed%3F%3CBR%20%2F%3EThanks%20and%20Regards!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2163563%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Information%20Protection%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%20%26amp%3B%20Compliance%20Center%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Contributor

Hi,

I'm currently testing with sensitivity labels for some customers and during tests I found some serious issues with this technology.

As far as I checked and the MS documentation wants to tell me, the first person applying a label is the label/document owner for all eternity^^

So how can I change this programmatically and what happens when this person has left the company?
Who is then the owner or can this label never be changed?
Thanks and Regards!

3 Replies
Hi Julian, we had a similar discussion with a client. If the file is not protected then this should be not a problem, because every user should be able to change the label. If the file is protected(encryped) than you can use the AIP Super User to decrypt the file and than you can apply the label again with the new owner. Anyhow this should be somehow included in the Joiner/Mover/Leaver process and depending on the size of the company this can get pretty complex.

@mmancinaHi mmancina, thanks for your reply.

Can you tell me what you mean with the AIP Super User? Which user account is meant or do you mena the normal change label process to unprotect and reprotect again?

Regards

Julian

best response confirmed by Julian12 (Contributor)
Solution
Check this out: https://docs.microsoft.com/en-us/azure/information-protection/configure-super-users

You can build your own business process around it and even create PowerShell scripts to do it automatically.