Managed Properties Allow Users to Search SharePoint for Sensitivity Labels
Sensitivity labels are on a roll at present with new developments coming along at a fast rate. A small, but important, recent update is to the SharePoint Online schema to allow users to find files stored in SharePoint Online and OneDrive for Business that are assigned a specific sensitivity label.
Sensitivity labels are often used to protect documents containing confidential information. InformationProtectiondLabelId (Figure 1) is a managed property in the SharePoint schema that stores the GUID (identifier) for sensitivity labels applied to documents.
The presence of the managed property in the search schema means that you can search for documents stored in SharePoint Online and OneDrive for Business using the label identifier (GUID) of the sensitivity label assigned to documents. Figure 2 shows the result of a search using InformationProtectionLabelId:2fe7f66d-096a-469e-835f-595532b63560. The search results are trimmed so the user only sees documents they can access.
Although it’s absolutely the case that not everyone will know the GUID for a label (in this case, it’s the Public sensitivity label), I believe Microsoft is working on the ability to search by label name. For now, this facility is probably only useful to the curious who want to see what documents a label is applied to, or compliance administrators in Office 365 E3 tenants who can’t use the data classification content explorer in the Microsoft 365 compliance center.
Sensitivity labels can be applied to “containers”: Microsoft 365 Groups, Teams, and SharePoint Online sites. In this case, the labels don’t protect the data stored in the containers but are used for classification (visual marking) and to control the access type and guest access for the container. For example, applying the “Confidential” label to a container might change its access type to Private and restrict guess access.
You can also search SharePoint for labels assigned to sites. The trick here is to create a new managed property in the schema (I called it SiteSensitivityLabelId) that’s mapped to the crawled property ows_IpLabelId (Figure 3). The new property needs to be searchable, queryable, and retrievable.
After updating the schema, the search index will pick up the new property the next time the sites are processed by the crawler. To make sure this happens quickly, you can force SharePoint to reindex the site (under Search and Offline Availability in Site Settings). When reindexing completes, the site will turn up in search results (Figure 4).
Again, this isn’t something that the average SharePoint user will probably do, but you never know when the feature might be useful to administrators who don’t want to use PowerShell to search for sites assigned a specific label.
The detail makes all the difference in many spheres of operations, and understanding detail like this is what the Office 365 for IT Pros eBook is all about. Subscribe today!