cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Sensitivity Labels without assigned permissions

Patrick Steiner
Copper Contributor

‎Jun 05 2019 06:48 AM - last edited on ‎May 24 2021 02:06 PM by

‎Jun 05 2019 06:48 AM - last edited on ‎May 24 2021 02:06 PM by

Sensitivity Labels without assigned permissions

Hi together

 

When configuring AIP Labels in Azure Information Protection, it has been possible to don't select any users and select OK on this blade, followed by Save on the Label blade.

The label is configured to apply protection such that only the person who applies the label can open the document or email with no restrictions, which is a use case at a customer.

 

When configuring a sensitivity (universal) label in the Security & Compliane Admin Center, this seems to be not possible. As soon as you choose "Encryption", you kind of have to assign at least one permission to be able to save the label.

 

Is therefore the above "Use Case" not possible anymore with Sensitivity Labels? Or do I miss something?

1,293 Views
0 Likes
3 Replies
Reply
3 Replies
Enrique Saggese

‎Jun 12 2019 09:54 PM

‎Jun 12 2019 09:54 PM

Re: Sensitivity Labels without assigned permissions

@Patrick Steiner In the short term, once User Defined Protection is available in Unified Labeling a user should be able to select a label with that option and then choose the "Only me" option in the permissions dialog. This is being worked on. 

This is slightly different form a label with admin defined permissions that only grants permissions to the owner, since it requires two more clicks for the user, but it achieves the same result. 

@Patrick Steiner wrote:

Hi together

 

When configuring AIP Labels in Azure Information Protection, it has been possible to don't select any users and select OK on this blade, followed by Save on the Label blade.

The label is configured to apply protection such that only the person who applies the label can open the document or email with no restrictions, which is a use case at a customer.

 

When configuring a sensitivity (universal) label in the Security & Compliane Admin Center, this seems to be not possible. As soon as you choose "Encryption", you kind of have to assign at least one permission to be able to save the label.

 

Is therefore the above "Use Case" not possible anymore with Sensitivity Labels? Or do I miss something?

 

0 Likes
Reply
Patrick Steiner

‎Jun 26 2019 04:51 AM

‎Jun 26 2019 04:51 AM

Re: Sensitivity Labels without assigned permissions

@Enrique Saggese Thank you for your Response.

In that context, one Mouse Click - or in this case, one additional menu might mean "the world" for some end-users concerning usability and adoption to really use the label...

...additionally it looks like, that a label configured in Azure Information Protection (without Permission configured) and synced as an "Unified Label" works as expected on a workstation with AIP Univeral Labeling Client installed. So the question is, why should it not be possible to create such a label in the Security & Compliane Admin Center directly?
0 Likes
Reply
Enrique Saggese

‎Jul 22 2019 10:44 AM

‎Jul 22 2019 10:44 AM

Re: Sensitivity Labels without assigned permissions

@Patrick Steiner 

I understand any inconsistency is a nuisance, but these are two different UIs built by different product teams (the UL management interface is part of Office 365, not AIP itself), and the UL UI has additional scenarios to consider, so it is understandable that there are and there will always be differences. That said, there's no specific reason why the UL UI would not have this same ability, so feel free to file a bug or a DCR against the Office 365 SCC portal to request that they add the ability to create a policy with protection but no rights assigned (other than to the owner). 

0 Likes
Reply