Document sensitivity refers to the classification of documents based on their level of confidentiality. It is a way of ensuring that sensitive information is protected from unauthorized access and disclosure. Sensitivity labels can be applied to files and emails to keep them compliant with your organization’s information protection policies. The labels can be applied manually or automatically, and they may come with pre-defined restrictions or prompt you to select who can read or change the file.
For instance, Microsoft 365 allows you to apply sensitivity labels to your files and emails. You can choose from a set of pre-defined labels that are customized for you by your organization.
As business owners are coming into compliance with the various data privacy laws, such as the GDPR and the CMMC, these classifications of documents are becoming very important.
What Sensitivity Labels Can Do
The purpose of these labels is to mark to the degree of how documents can be shared, and how they can be marked accordingly. For example, if you mark a file as “Confidential” or “Proprietary”, then this indicates to the team members involved in the project that it should not be shared with anybody else. Typically, any labels that you apply will stand out clearly as a distinct watermark.
Sensitivity labels are managed by your organization’s Data Loss prevention (DLP) policies.
Some of the ways in which you can apply sensitivity labels include the following:
- Provide encryption:
Every time you mark a document as “Confidential”, it becomes automatically encrypted, and only available for viewing by the designated team members. - It can be used in other parts of M365:
You can even protect the apps that are in your M365 subscription such as Excel, PowerPoint, and Outlook. Even the web-based version of these apps can also be protected. - Various platforms are also used:
It’s not just Windows based devices that you can apply sensitivity labels to. You use them in macOS, iOS, and Android. They can also be applied to various third-party apps such as SalesForce, Box, and DropBox. - Use them for containers:
Examples of this include any M365 groups that you might create, and SharePoint sites. - Protect conversations:
You can apply sensitivity labels to encrypt and record sessions in M365, such as video conferencing calls, chat, meeting invites, etc. - Keep your data analytics private:
Data is the lifeblood of any kind of business, and any leakage of it can cause detrimental effects. Protect this by applying sensitivity labels to your Power BI apps,
The Characteristics Of Sensitivity Labels
There are two very important properties in this regard, which are:
- Labels are customizable:
Although there is a default set of labels that you can use in M365, you can also create and apply them specific to your own security requirements. The default set includes the following:- Personal
- Public
- General
- Confidential
- Highly Confidential
- It remains persistent:
This simply means that whatever sensitivity label is applied to a file, it will become a permanent part of it. The only way it can be changed is for you to create a newer version of it.
All of this can be seen in the illustration below:
(SOURCE: 1).
The Creation & Deployment of Sensitivity Labels
The diagram below illustrates this process:
(SOURCE: 2).
The Prioritization Of Sensitivity Labels
As you create your own labels, it is imperative that you organize them in such a way that it reflects the corresponding priority. For example, “Confidential” should appear first, and “Public” should be last. Once you have created the labels, they can be seen at “Information Protection > Labels”. An illustration of this is below:
(SOURCE: 1).
You can also create sub labels as a parent – child relationship in M365. For example, if you designate “Confidential”, this is can be followed by the following:
- Highly Confidential
- Medium Confidential
- Low Confidential
This is illustrated in the diagram below:
(SOURCE: 1).
Conclusions
If you need help with this aspect of M365 (e.g. licensing), please contact us today.
Sources
