SharePoint Online and OneDrive for Business will soon gain the ability to apply default sensitivity labels to document libraries. The feature is currently in preview and requires some complicated PowerShell to configure, but Microsoft is working on the GUI and expects to make the capability generally available later this year.
In a surprising December 21 announcement, Microsoft put its Information Protection labeling client into maintenance mode effective January 1, 2022. Making an announcement as the IT industry was closing down for the holiday period is no good way to make certain customers learn about a development, and it’s curious that Microsoft left it until nine days before the client entered maintenance mode to let people know.
A change in how Office apps apply mandatory labeling as dictated by sensitivity label policies means that both new and old documents are processed. New documents have always been dealt with; the change being made ensures that Office apps detect the lack of a label when opening an existing document and will apply mandatory labeling at that point. It’s a change to help customers move on from the unified labeling client.
The Office 365 for IT Pros team will be at the European Collaboration Summit (ECS) in Dusseldorf. Come to listen to Tony talk about sensitivity labels on Tuesday or Paul discuss tenant to tenant migration on Wednesday. ECS is a great community-led event that’s well worth attending if you find yourself in Europe and have the ability to travel to Germany. Don’t forget your mask!
A preview for Sensitivity Labels show how they can use Azure AD authentication contexts and conditional access policies to protect SharePoint Online sites. Although you can link conditional access policies to sites with PowerShell, it’s a lot easier to make the connection through sensitivity labels. Any SharePoint Online site which receives a label configured with an authentication context automatically invokes the associated conditional access policy to protect its contents.
New PowerShell commands for sensitivity labels can configure default sharing link settings for SharePoint Online sites. Any site assigned a label configured for default sharing links inherits those settings within 24 hours. The new settings are in public preview now with general availability expected later this year. They build on the existing set of controls for container management available for sensitivity labels and show how powerful it is for organizations to be able to deploy management policy settings via labels.
OneDrive for Business now stores Teams meeting recordings. You can protect files with sensitivity labels, but does this have any side effects for Teams? As it turns out, it does because the protective wrapper which encrypts the recording breaks the link to Teams. This might not be important if you need to protect a confidential recording and restrict access to a known set of users, but it’s something to consider before applying any labels.
Audit records are a great way to gain an understanding of what happens inside Office 365. We use PowerShell to report actions taken with sensitivity labels such as protecting files and containers. The latest development is the addition of support in the Microsoft 365 apps for enterprise (Office desktop) to log audit events when users interact with sensitivity labels. Unsurprisingly, more events are often logged by the desktop apps than their online equivalents.