Managed Properties Allow Users to Search for a Sensitivity Label SharePoint Online
Sensitivity labels are on a roll at present with new developments coming along at a fast rate. A small, but important, recent update is to the SharePoint Online schema to allow users to find files stored in SharePoint Online and OneDrive for Business that are assigned a specific sensitivity label.
Sensitivity labels are often used to protect documents containing confidential or sensitive information. InformationProtectiondLabelId (Figure 1) is a managed property in the SharePoint schema that stores the GUID (identifier) for the sensitivity labels assigned to documents.
Search SharePoint Online for Documents Assigned Specific Sensitivity Labels
The presence of the managed property in the search schema means that you can search for documents stored in SharePoint Online and OneDrive for Business using the label identifier (GUID) of the sensitivity label assigned to documents. Figure 2 shows the result of a search using InformationProtectionLabelId:2fe7f66d-096a-469e-835f-595532b63560. Microsoft Search trims the search results to make sure that the user only sees documents they can access.
Although it’s absolutely the case that not everyone will know the GUID for a label (in this case, it’s the Public sensitivity label), I believe Microsoft is working on the ability to search by label name. For now, this facility is probably only useful to the curious who want to see what documents a label is applied to, or compliance administrators in Microsoft 365 tenants that don’t have the necessary licenses to use the data classification content explorer in the Microsoft Purview compliance center.
Search SharePoint Online for Container Labels
Sensitivity labels can be applied to “containers”: Microsoft 365 Groups, Teams, and SharePoint Online sites. In this case, the labels don’t protect the data stored in the containers but are used for classification (visual marking) and to control the access type and guest access for the container. For example, applying the “Confidential” label to a container might change its access type to Private and restrict guess access.
You can also search SharePoint Online for labels assigned to sites. The trick here is to create a new managed property in the schema (I called it SiteSensitivityLabelId) that’s mapped to the crawled property ows_IpLabelId (Figure 3). The new property needs to be searchable, queryable, and retrievable.
After updating the schema, the search index will pick up the new property the next time the sites are processed by the crawler. To make sure this happens quickly, you can force SharePoint to reindex the site (under Search and Offline Availability in Site Settings). When reindexing completes, the site will turn up in search results (Figure 4).
Again, this isn’t something that the average SharePoint Online user will probably do, but you never know when the feature might be useful to administrators who don’t want to use PowerShell to search for sites assigned a specific label.
The detail makes all the difference in many spheres of operations, and understanding detail like this is what the Office 365 for IT Pros eBook is all about. Subscribe today!
One Reply to “How to Find SharePoint Files with a Sensitivity Label”