Office 365 Sensitivity Labels

Use a Super User Group for Privileged Access to Encrypted Office 365 Content

by Tony Redmond

Controlling Access to Sensitive Content A recent Microsoft Technical Community article covers how to use Azure AD Privileged Identity Management to control access to the super-user permission for Azure Information Protection. An account holding super-user permission can access any content protected (encrypted) by an Azure Information Protection or Office 365 sensitivity label. I don’t intend… Read More

Scoping Office 365 Sensitivity Labels

by Tony Redmond

The Evolution of Sensitivity Labels When Microsoft launched sensitivity labels in late 2018, the implementation was simple: you defined labels that could mark and protect Office files and email and published them to users, who then applied the labels as needed. Over time, Microsoft has increased the usefulness of sensitivity labels by building native support… Read More

Using Office 365 Sensitivity Labels with Teams, Groups, and Sites

by Tony Redmond

Office 365 Sensitivity Labels can now be applied to "containers" - Teams, Office 365 Groups, and SharePoint sites. Sensitivity labels replace the old text-only classifications that have been available since 2016. The labels don't affect the contents of the containers, but they can control some container settings, like whether a team allows guest access or if it's open to any tenant user to join. It's yet another development in the label and protection story for Office 365.

SharePoint Online Embraces Office 365 Sensitivity Labels

with 2 Comments by Tony Redmond

SharePoint Online is embracing Office 365 Sensitivity Labels to allow protected documents to be processed by indexing and available to content searches. The Office Online apps (Word, Excel, and PowerPoint) also support the application of sensitivity labels. The only disappointment is that the SharePoint Online and OneDrive for Business browser interfaces don't allow labels to be applied to documents.

Microsoft Releases Sensitive by Default Upload for SharePoint Online

by Tony Redmond

A new SharePoint Online feature blocks access to newly uploaded files until Office 365 Data Loss Prevention processes the files to detect policy violations due to the presence of sensitive data. DLP processing for SharePoint Online can take several hours to reach new files, so enabling sensitive by default stops users inadvertently sharing sensitive content until DLP can process files. The downside is that you can't apply sensitive by default to individual sites. It's all or nothing...

Support for Office 365 Sensitivity Labels Now in Office ProPlus for Windows

by Tony Redmond

The September update of the Office ProPlus monthly channel delivers support for Office 365 sensitivity labels without the need to install the Azure Information Protection client. This is a step forward to make it easier for Office 365 users to be able to protect their most confidential information with encryption. More work remains to be done to upgrade the Office Online apps (including OWA), Outlook Mobile, and SharePoint and OneDrive. Will all this happen before Ignite?

Is Exchange Online Threatened by Ransomware?

with 4 Comments by Tony Redmond

Some people worry that Exchange Online mailboxes could be compromised by ransomeware and people will be forced to pay BitCoin to decrypt their messages. It's certainly a possibility, but out-of-the-box solutions exist if you're unlucky enough to be infected. That is, if you've done the necessary up-front planning to prepare for the worst to happen.,