(74) Microsoft Purview - Create and publish sensitivity labels

To learn more about Sensitvity labels, read here: https://learn.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide#what-a-sensitivity-label-is

To ensure that you are able to apply sensitivity labels to Microsoft 365 groups and SharePoints, ensure to follow this: https://soeintunedevice.wixsite.com/home/post/73-microsoft-purview-enable-sensitivity-labels-in-microsoft-365-groups-and-sharepints

Licensing:

• AIP P1 licenses (client-side manual sensitivity labelling)

• AIP P2 licenses (client-side and server-side automated labelling)

Permissions:

By default, Global Administrators will have access.

For limited access, the following role groups can be assigned:

• Information Protection

• Information Protection Admins

• Information Protection Analysts

• Information Protection Investigators

• Information Protection Readers

Other roles are available here: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/scc-permissions?view=o365-worldwide#role-groups-in-microsoft-defender-for-office-365-and-microsoft-purview-compliance

Instructions:

1. Navigate to https://compliance.microsoft.com/

2. Under Solutions, select Information protection then select Labels.

3. Select create a label.

4. For Label - Internal, the following will be configured:

• Items – Not Configured

• Groups and Sites – Configured

  • Privacy & external user access

    • Privacy (Teams/MS Groups) – None (Keep existing settings)

    • External User Access (Teams/MS Groups) – Disabled

  • Control external sharing from labelled SharePoint Sites – Configured

    • Content can be shared with – Only people in your organisation

Name and tooltip:

Scope:

Items:

Groups & sites:

Privacy & external user access:

External sharing & conditional access:

Schematized data assets (preview):

Select Finish.

5. For Label - External, the following will be configured:

• Items – Not Configured

• Groups and Sites – Configured

  • Privacy & external user access

    • Privacy (Teams/MS Groups) – Enabled

    • External User Access (Teams/MS Groups) – Enabled

  • Control external sharing from labelled SharePoint Sites – Configured

    • Content can be shared with – New and existing guests

Name and tooltip:

Scope:

Items:

Groups & Sites:

Privacy & external user access:

External sharing & conditional access:

Schematized data assets:

Select Finish and select Create Label.

6. There will be two labels created, select Internal then select Publish label.

7. Select Next.

Enter a policy name: Internal Policy. Then select Next.

Select Finish, then select Submit. Then select Done.

Repeat the process for External and name the policy: External policy.

With External, under sites and groups, the default label will be: External.

8. Once both policies have been published, you will see under Label policies that it shows both.

ng from labelled SharePoint Sites – ConfigureContent can be shared with – New and existing gue