Table of Contents
Making Plans to Introduce Sensitivity Labels for Meetings
I previously wrote about how sensitivity labels protect meetings created in Outlook and OWA and the way that labels can apply settings to Teams meetings, if meeting organizers have Teams Premium licenses. In that article, I said that introducing sensitivity labels for meetings requires up-front planning. This article discusses some of the topics that such a planning exercise might cover.
Scoping defines to what objects applications can apply labels. In the past, the split was simple: information protection (encryption) for files and emails or container management for groups, sites, and teams. The introduction of meetings and a recent update to introduce separate scopes for emails and files (MC514980, updated 3 Mar 2023, Microsoft 365 roadmap item 99939) means that things are a tad more complex now (Figure 1).
Looking at the options to define the scope for a sensitivity label, you can select the following for items:
- Emails: Labels are only available to Outlook clients.
- Files: Labels are available in Word, PowerPoint, and Excel (Online, subscription, and mobile). These labels are also assignable to PDFs by the Adobe Acrobat paid-for products (or by export from Office) and to files stored outside Office 365 by the AIP extension for Windows Explorer.
- Meetings: Labels are available for meetings created in Outlook and OWA and the Teams desktop and browser clients. Because meetings include elements of email (meeting notifications and responses) and files (attachments), if you select this option, you must also enable the label for Emails and Files.
In the past, I have recommended having separate sets of sensitivity labels for information protection and container management. I think this approach leads to easier management because labels serve one purpose. The question now is should we have separate labels for meetings?
It’s a harder question to answer because meetings require files and emails. If Microsoft had created a scope for meetings that implicitly includes files and emails but didn’t display these labels for users to apply to email and documents, then I’d say yes. Because they didn’t, any label created for meetings is also available for email and documents, so we need a different approach to guide users.
The obvious answer is the display name assigned to sensitivity labels for meetings. By including “Meeting” in some form in the display name of labels created to protect meetings, hopefully people will use the labels for their intended purpose and not to label documents and emails.
To start, we might create a limited set of sensitivity labels for meetings:
- Public (no protection – label is for visual marking only).
- Internal meeting (protection limits editor access to tenant members).
- External meeting (protection limits access to anyone who can authenticate against Azure AD).
As time goes by and experience develops, the need might emerge for other labels. For example, if the finance and legal departments work with external advisors, the organization might decide to create sensitivity labels for their meetings with a label policy to publish the labels to users in those departments. The protection in these labels could assign co-editor permission to people in the domains owned by the external advisors to allow them to edit documents shared in meetings.
You can create display names for sensitivity labels with a maximum of 64 characters (excluding % \ & < > | ? : and ;), so plenty of room exists for innovative naming schemes. Just remember some basic facts about labeling:
- Applications have limited space to display label names (especially mobile apps).
- If you create a wide range of sensitivity labels for different scopes, users might have difficulty deciding upon the most appropriate label to apply to items.
Figure 2 shows the effect of scoping and naming, Only four sensitivity labels in the tenant are scoped for meetings. Each has a name that is clear in its purpose (the Very Secret label is a little tongue in cheek; Confidential would be a better name). A checkmark appears beside the Internal meeting label, meaning that it is the selected label. When a label is automatically selected for new meetings, it’s because it is the default label for meetings selected in the sensitivity label policy published to this account.
Keep It Simple
Keeping it simple is key. Use scoping to make sure that applications make appropriate sensitivity labels to users. Give the labels clear and understandable names. If necessary, translate the display names of labels for use in multinational organizations. Follow those two simple rules with the sensitivity labels used for meetings and users should be happy.
Make sure that you’re not surprised about changes that appear inside Office 365 applications by subscribing to the Office 365 for IT Pros eBook. Our monthly updates make sure that our subscribers stay informed.