Ensure secure collaboration in scalable way with Microsoft Information Protection
Microsoft Information Protection is a built-in, intelligent, unified, and extensible solution to protect sensitive data across your enterprise – in Microsoft 365 cloud services, on-premises, third-party SaaS applications, and more. Microsoft Information Protection provides a unified set of capabilities to know your data, protect your data, and prevent data loss across Microsoft 365 apps (e.g. Word, PowerPoint, Excel, Outlook) and services (e.g. Teams, SharePoint, and Exchange).
Microsoft Information Protection’s sensitivity labels are central to how your business-critical data is protected, in a persistent way, throughout its lifecycle. Labels can be applied to protect documents (e.g. to encrypt an Excel file) and to containers (e.g. to restrict access to a confidential team or site from unmanaged devices).
We recently announced the general availability of both manual labeling in Office apps across all platforms and of automatic labeling for documents stored in SharePoint and Teams.
Today, we are excited to announce the general availability of sensitivity labels for Teams, SharePoint sites, and Microsoft 365 Groups. You can now associate a sensitivity label with policies related to privacy, external user membership, and unmanaged device access.
With users constantly creating and sharing sensitive data in Teams and on SharePoint sites, this capability allows for holistically securing sensitive content whether it is in a file or in a chat by managing access to these containers. This powerful capability, along with manual and auto-labeling of documents on SharePoint and Teams, helps you scale your data protection program to meet the proliferation of data and the challenge of secure collaboration while working remotely.
The first step to securing sensitive content in teams, sites and groups is to create sensitivity labels with policies. For example, you can create a sensitivity label called “Confidential” and specify that any team, site, or group created with this label will be private, that even a team or site owner cannot add users external to the organization and that unmanaged devices will be allowed web access only.
Figure 1: Admin specifying access policies during label creation
Now a user creating a team, or a site can choose from your published labels, and all the underlying policies will apply automatically to that team or site. For example, if a user selects the “Confidential” label during a team creation, this new team will automatically restrict access to approved members in the organization and prevent addition of people external to the organization.
Figure 2: When team owner applies “Confidential” label, team and associated site are automatically set as private
After a user creates the team, this “Confidential” label will appear in the upper-right corner of all channels within this team. Now, if users visit the SharePoint site associated with this team, they will also see the “Confidential” label, and all applied policies.
This capability enables you to protect sensitive content in a team or SharePoint site by managing people and device access to these containers. If you want to apply label-based encryption to protect individual documents stored in a team or SharePoint site, you can use auto-labeling or manual labeling. Together these powerful Microsoft Information Protection capabilities enable organizations to scale their data protection programs across a vast amount of data.
We are continuously expanding the capabilities of Microsoft Information Protection. You can see in this recent blog a summary of some of the investments we’ve made in the last two months. To learn more about the capability covered in this blog:
Read our online documentation with instructions to opt-in, configuration details, and links to a webinar with demos.