Posey's Tips & Tricks

Sensitivity Labels for Microsoft 365 Copilot, Part 2

Now that we have our data we want excluded labeled correctly, it's time to create a coordinating policy.

In Part 1 of this series, I walked you through the process of creating a sensitivity label that could be used to restrict Microsoft 365 Copilot from accessing certain types of content. Now, I want to continue the discussion by showing you how to publish your newly created label by using a label policy.

To get started, open the Microsoft Purview console, expand the Information Protection container, and then select Label Policies. When the Label Policies screen appears, click on the Publish Label icon, shown in Figure 1.

[Click on image for larger view.] Figure 1. Click on the Publish Label icon.

At this point, the console will display the Create Policy screen. Click on the Choose Sensitivity Labels to Publish link, select the label that you have just created, and then click Add, followed by Next.

The next screen that you will see is the Assign Admin Units screen. Admin Units allow you to make it so that the policy only applies to some of your users and groups. Unfortunately, this feature is only available if you have a Microsoft 365 E5 subscription.

Click Next and you will be taken to the Publish to Users and Groups screen, shown in Figure 2. The label that you have created will be available to the users and groups that you specify on this screen. Even if you have configured Microsoft 365 to apply your label automatically, users still have the option of manually applying the label to the data that they create. Make your selection and click Next.

[Click on image for larger view.] Figure 2. Choose the users and groups to whom the label should be made available.

The next screen that you will see is the Policy Settings screen. You can use this screen to configure some settings for the labels that are published by the policy that you are creating. For example, there is a check box that you can select to make it so that if a user removes the label from a document (or uses a less restrictive label) then the user is required to provide written justification for their action.

There is another checkbox that you can use to force users to apply labels to any document or email message that they create. You can also use checkboxes to require labels for Power BI content or to add a link pointing to a custom help page. You can see all of the available options in Figure 3.

[Click on image for larger view.] Figure 3. There are several policy settings pertaining to label use that you can enable.

When you are done, click Next and the interface will display a series of sub-screens. The screens that you see may vary depending on the choices that you have made thus far. In most cases however, the first of these screens will ask you if you want to apply a default label to documents. Another screen asks if you want to apply a default label to email messages. This screen also contains a checkbox that you can select if you want email messages to inherit the label that has been assigned to the message’s attachments, as shown in Figure 4. Subsequent screens give you the option of applying default labels to meetings and to fabric and PowerBI.

[Click on image for larger view.] Figure 4. You can make it so that email messages inherit labels from their attachments.
When you finish specifying the default settings that you wish to use for various types of data, you will be taken to the Name screen. Just as you were required to assign a name to the labels that you created, you must also provide a name and an optional description for your label policy. Although descriptions are not mandatory, it’s a good idea to write a detailed description simply because you can accumulate multiple label policies over time and it is important to be able to differentiate between those policies.

When you are done, click the Next button. You will now be taken to a screen that gives you the opportunity to review all of your selections before creating the policy. Just take a moment to be sure that everything is correct and then click the Submit button to create the policy.

About the Author

Brien Posey is a 22-time Microsoft MVP with decades of IT experience. As a freelance writer, Posey has written thousands of articles and contributed to several dozen books on a wide variety of IT topics. Prior to going freelance, Posey was a CIO for a national chain of hospitals and health care facilities. He has also served as a network administrator for some of the country's largest insurance companies and for the Department of Defense at Fort Knox. In addition to his continued work in IT, Posey has spent the last several years actively training as a commercial scientist-astronaut candidate in preparation to fly on a mission to study polar mesospheric clouds from space. You can follow his spaceflight training on his Web site.


comments powered by Disqus

Subscribe on YouTube