Audit records are a great way to gain an understanding of what happens inside Office 365. We use PowerShell to report actions taken with sensitivity labels such as protecting files and containers. The latest development is the addition of support in the Microsoft 365 apps for enterprise (Office desktop) to log audit events when users interact with sensitivity labels. Unsurprisingly, more events are often logged by the desktop apps than their online equivalents.
The container management settings of sensitivity labels can now manage the external sharing capability of SharePoint Online team sites. The same settings as available in the SharePoint admin center or PowerShell can be applied through a label. Caching means that new settings in a label might not be picked up by SharePoint Online for up to 24 hours.
The latest version of the Edge Chromium browser can read files protected by Office 365 sensitivity labels stored in SharePoint Online and Exchange Online. This might not be the feature that causes you to dump Chrome, but it’s very useful when your tenant uses sensitivity labels.
Power BI support for Office 365 sensitivity labels is now generally available. Inside Power BI, the labels are visual markers. Encryption is applied when Power BI objects are exported. The interesting thing is that the user who exports content doesn’t have the right to change the label.
A recent Teams Live Event hosted by Microsoft’s Information Protection team discussed the automatic assignment of sensitivity labels to SharePoint Online and OneDrive for Business content. A preview is now available and Microsoft hopes to make this functionality available at the end of March 2020. You’ll need Office 365 E5 or Microsoft 365 E5 licenses.
The process of introducing Office 365 sensitivity labels to a tenant can be long and complicated because of the need to plan how to manage encrypted content. As you go through the process, don’t delete labels if they’ve already been used to protect content. Instead, remove them from the label policies used to publish information to clients. The labels will then remain intact in documents and other files.
Microsoft released an update for the unified labeling version of the Azure Information Protection client needed for Office 365 sensitivity labels, which now boast auto-label support. Solid progress is being made to move sensitivity labels to the point where they are considered to be generally available, probably later this year. In the meantime, pay attention to the premium features like auto-label which require more expensive licenses.
Microsoft announced that the Office 365 E3 and E5 plans will receive new Information Protection licenses. They’re preparing for the introduction of sensitivity labels and the increased use of encryption to protect access to content in Office 365 apps like SharePoint Online, Exchange Online, OneDrive for Business, and Teams. You don’t have to do anything to prepare for the new licenses, but it’s nice to know what they are and how the licenses are used.
Microsoft has released details of an Exchange Online transport rule to encrypt outbound email containing sensitive data types like credit card numbers. The rule works (after fixing the PowerShell), but needs to be reviewed and possibly adjusted to meet the needs of Office 365 tenants.
The Microsoft-Adobe initiative to support Azure Information Protection for PDF files has reached general availability. Things look good and the issues encountered in the preview are removed. You can store protected PDFs inside Office 365, but be prepared to download the files to be able to view them.
The availability of Azure Information Protection and Office 365 sensitivity labels allow tenants to protect important and confidential files. That’s nice, but it’s even better when you know what files are protected. Here’s how to use PowerShell to create a report about those files.
On October 12, Microsoft and Adobe launched the public preview of the native integration of Azure Information Protection for PDF files. Knowledge about protection is built into the latest version of the Acrobat reader, meaning that third-party tools are no longer needed to process protected PDFs.