Sensitivity Labels#
Sensitivity labels are the tags applied to data to assign policies and support security by design. In Purview they are customisable and persistent, and in many cases are cross platform to 3rd party applications. The tag label is stored in clear text (outside any encryption), so while the file may not be readable by external applications or internally, the clasification is known.
Labels can be applied automatically or manually, and if multiple apply (in an automatic basis), then they can be given a priority. The priority is 0->n, where the higher number takes priority. Labels can also have sub-labels which can be used to control an audience for the file. For example, financial reports may be confidential, but that doesnt mean someone senior in customer service should be able to access the file.
If a label is editited globally (or deleted globally), the orginal policy still applies.
Sensitivity labels are a feature of Purview Information Protection.
Assigning Labels#
Assigning labels to allow employees to use them is known as publishing. Labels are publsihed to individual users or groups. You can also set policies to automatically assign labels to specific content types (such as documents, emails, teams meetings etc). One published, policies can also be applied
Justification for label changes (such as lowering a level)
Mandatory labeling for actions (such as creating or saving)
Help links to support labeling decisions
Priority (in case of conflict)
The configuration for service side (auto labeling) has definable criteria.
Scope#
The scope options are
Items
Files (MS office documents etc)
Emails (outlook & web outlook)
Meetings (teams & outlook)
Groups & Sites (shareporint, teams etc)
Assets (Purview Data map items, SQL, asure, RDS etc)
Auto Labels#
Auto labes are based on previous definitions or SITs. You can also define specific conditions. Auto labeling cannot be done until a simulation is run and confirmed.