All information is not equal.
Some documents or emails have private financial or health information and others have plans for lunch.
Sensitivity Labels within Microsoft 365 provides end-users the ability to classify their documents and emails to ensure a certain level of information protection to both their and the organization’s content.
Sensitivity Labels for files and emails allow staff to identify specific documents as more or less sensitive than others.
For example, a briefing note to senior leadership could be tagged as ‘confidential’, which would then add a “confidential” watermark added to the document and restrict it from being shared externally. Compliance officers would also be able to filter reports on documents marked as confidential.
Applying labels is easy.
Once Sensitivity Labels are created and published, individuals can choose to tag content directly within the application, providing them a seamless and low friction experience.
Emails can be tagged with their “sensitivity” when being drafted, and documents anytime they are opened. These features are available in both the installed applications and online browser based versions.
Sensitivity Labels allow individuals to mark files and emails with both different controls (e.g. allow internal access only) or using an existing information classification adopted or published by the organization (e.g. Protected A).
Options for controls are:
- restrict/provide access to appropriate roles (and individuals)
- create a watermarks, header, and/or footer on the document to communicate the document’s sensitivity.
Planning Sensitivity Labels
When planning Sensitivity Labels, it is important to consider certain key factors to ensure successful implementation and adoption.
- Align to existing information security classification schemas where available
- Leverage a cross-functional team to build the label business and technical requirements
- A clear and concise set of details will ensure labels are used correctly, rather than providing too many options with language requiring a reference guide or training course
- Ensure alignment, approval from all key stakeholders (not just IT or Cybersecurity), Sensitivity Labels can mark documents (potentially impacting existing templates) and more importantly can effect the ability to collaborate (restricting documents to internal only or subsets of internal users).
- Pilot the labels with a small group and collect feedback prior to implementation
- If introduced into an active environment, consider a phased approach – avoid restricting access in bulk to focus on training and adoption, to build a cultural practice within the organization without impacting day-to-day activities
Learn about Sensitivity labels (Microsoft Docs)
Thank you for Reading
Questions? Comments? Feel free to reach out.