using sensitivity labels to control guest access - but Yammer . . .

Iron Contributor

We are looking into using sensitivity labels to control guest access in Teams and SPO. We have things configured so when you create a new Team, SPO site, Planner, O365 group in Office, you are required to choose a sensitivity label. That capability doesn't appear to exist with Yammer, which means that when a Yammer community is created, the backing SPO site gets no label and guests can be invited to it.

 

Is there an out of the box way to apply a default sensitivity label to SPO sites created by Yammer (we never want guests to access Yammer communities), or are we going to have to develop something?

6 Replies
Go to the Yammer site in SharePoint admin center and select the sensitivity there. It's currently not supported when being created within Yammer.

@ChristianJBergstrom thanks for the reply.  Unfortunately that's far from scalable.  

 

Documentation states that Yammer doesn't support sensitivity labels, but SPO does, so I would think that any SPO site would be included in the labeling policy.  This seems like a bug.

My understanding of what they mean is that a label cannot be selected when the site is being creating from Yammer, it's simply not available as an option. The users who are assigned a sensitivity label policy (published to them) that includes a container label will be able to select it for sites and groups. So wouldn't call it a bug. You can use PowerShell if applicable. https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-teams-groups-sites?view...

@ChristianJBergstrom Maybe not a bug, but definitely a gaping hole if you're trying to "Use sensitivity labels to protect content in Microsoft Teams, Microsoft 365 groups, and SharePoint s...".

 

Anyway - I'm looking at possibly using a flow to close the hole that triggers on site creation.

I have submitted a user voice for this in the event others find this thread looking for a solution to the problem.

https://learn.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-teams-groups-sites?vie...
I also asked Microsoft Support about this same issue. It's a very interesting marketing dilemma by Microsoft. It says several times on this page that you can use sensitivity labels to control guest access to INDIVIDUAL yammer communities:
https://learn.microsoft.com/en-us/yammer/get-started-with-yammer/azure-ad-b2b-guests-yammer#:~:text=....

However, on this page it says sensitivity labels are not currently supported in Yammer:
https://learn.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-teams-groups-sites?vie...

When I contacted Microsoft support and we tested it, we were able to manually set the sensitivity label on the connected SharePoint site but it only restricted external access at the site level...not at the M365 group level associated with the community. When we tried to set the sensitivity label at the M365 group level, you were still able to give external access to guests. So, I would also agree that it is a "Bug" or the development of "Sensitivity Labels" is not finished yet. The support tech also agreed and was not able to provide any projected date as to when that would work in Yammer. Thus, Yammer is all or nothing. You enable Guest access for ALL communities or NONE. Until they fix that, we can't enable it for any communities. Now users are creating private Facebook groups. What a shame.