Sensitivity Label Properties in SharePoint Search Schema

Managed Properties for Sensitivity Labels

Sensitivity labels are on a roll at present with new developments coming along at a fast rate. A small, but important, recent update is to the SharePoint Online schema to support searching by sensitivity label.

Sensitivity labels are often used to protect documents containing confidential information. InformationProtectiondLabelId (Figure 1) is a managed property holding the GUID (identifier) for sensitivity labels applied to documents.

The InformationProtectionLabelId managed property in the SharePoint Online schema
Figure 1: The InformationProtectionLabelId managed property in the SharePoint Online schema

The presence of the managed property in the search schema means that you can search for documents stored in SharePoint Online and OneDrive for Business by GUID. Figure 2 shows the result of a search using InformationProtectionLabelId:2fe7f66d-096a-469e-835f-595532b63560. The search results are trimmed so the user only sees documents they can access.

sing the InformationProtectionLabelId property to search for SharePoint documents
Figure 2: Using the InformationProtectionLabelId property to search for SharePoint documents

Although it’s absolutely the case that not everyone will know the GUID for a label (in this case, it’s the Public sensitivity label), I believe Microsoft is working on the ability to search by label name. For now, this facility is probably only useful to the curious who want to see what documents a label is applied to, or compliance administrators in Office 365 E3 tenants who can’t use the data classification content explorer in the Microsoft 365 compliance center.

Container Labels

Sensitivity labels can be applied to “containers”: Microsoft 365 Groups, Teams, and SharePoint Online sites. In this case, the labels don’t protect the data stored in the containers but are used for classification (visual marking) and to control the access type and guest access for the container. For example, applying the “Confidential” label to a container might change its access type to Private and restrict guess access.

You can also search SharePoint for labels assigned to sites. The trick here is to create a new managed property in the schema (I called it SiteSensitivityLabelId) that’s mapped to the crawled property ows_IpLabelId (Figure 3). The new property needs to be searchable, queryable, and retrievable.

Adding a new managed property to find labeled sites
Figure 3: Adding a new managed property to find labeled sites

After updating the schema, the search index will pick up the new property the next time the sites are processed by the crawler. To make sure this happens quickly, you can force SharePoint to reindex the site (under Search and Offline Availability in Site Settings). When reindexing completes, the site will turn up in search results (Figure 4).

 Searching for sites with a sensitivity label
Figure 4: Searching for sites with a sensitivity label

Again, this isn’t something that the average SharePoint user will probably do, but you never know when this might be useful.


The detail makes all the difference in many spheres of operations, and understanding detail like this is what the Office 365 for IT Pros eBook is all about. Subscribe today!

Advertisements

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.