New features for Sensitivity labels: SharePoint, Teams, Office Online Sanjoyan Mustafi Senior Program Manager SharePoint & OneDrive Security & Compliance https://www.linkedin.com/in/Sanjoyan/
Admin: New label creation flow for content & container separation End users: What is the impact? Agenda New features coming up Roadmap
Sensitivity Labels journey in Office 365 so far… Already GA https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels- teams-groups-sites?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels- sharepoint-onedrive-files?view=o365-worldwide
“New” Label creation, publishing flow & usage experience
Recap 1. Create labels with various combinations of policies Admin 2. Labels can be separate for content and containers 3. Can have separate default labels for content and container End user No need to be a policy expert , just choose the right label for right occasion
New features coming up
Control “external sharing” for sites via contain iner la labels ls - beta Set-Label - Identity ‘General' - AdvancedSettings @{ sharingcapability ="ExternalUserAndGuestSharing"} or Set-Label -Identity ' Confidential' - AdvancedSettings @{ sharingcapability ="Disabled"} Admin Disabled - don't allow sharing outside your organization. ExistingExternalUserSharingOnly - Allow sharing only with the external users that already exist in your organization's directory. ExternalUserSharingOnly - allow external users who accept sharing invitations and sign in as authenticated users. ExternalUserAndGuestSharing - allow sharing with all external users, and by using anonymous access links.
Other capabilities 1. Ability to remove container labels from Ux and PowerShell Set-SPOSite -identity <url> -RemoveLabel Admin 2. APIs to search content by label ID 3. Sensitivity labels as condition in DLP
Conditional Access policy per site -beta Apply “terms of use” policy or “multi factor authentication” using AAD conditional access policy – per site • Coming soon with labels Admin
Roadmap for Sensitivity Labels in SharePoint & OneDrive Coming soon… Top of mind for rest of the year instructions in appendix
Big thank you for joining For any questions : https://www.linkedin.com/in/Sanjoyan/
Managed by the MIP and Compliance CXE Team ✓ Tech Community Resources – https://aka.ms/MIPC/CommunityResources ✓ Webinars – https://aka.ms/MIPC/Webinars ✓ Previews – https://aka.ms/MIPC/Previews ✓ Blog – https://aka.ms/MIPblog & https://aka.ms/CompBlog ✓ Yammer – https://aka.ms/MIPC/AskMIPTeam ✓ https://twitter.com/MIPnews using the tag #MicrosoftIP
External Sharing Via Labels 1) Open PowerShell 2) $UserCredential = Get-Credential 3) $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection 4) Import-PSSession $Session -DisableNameChecking 5) Get-Label | Format-Table -Property DisplayName, Name, Guid → This shows you all the labels from the tenant. 6) Set-Label - Identity ‘<your label name>' -AdvancedSettings @{sharingcapability="ExternalUserAndGuestSharing"} → to enable the sharing Set-Label -Identity ‘<your label name>’ -AdvancedSettings @{sharingcapability="Disabled"} → to disable the sharing 7) Remove-PSSession $Session Now your labels are ready to be used to control external sharing. Various sharing options as below: Disabled - don't allow sharing outside your organization. ExistingExternalUserSharingOnly - Allow sharing only with the external users that already exist in your organization's directory. ExternalUserSharingOnly - allow external users who accept sharing invitations and sign in as authenticated users. ExternalUserAndGuestSharing - allow sharing with all external users, and by using anonymous access links.
Click to view instructions to setup granular per site CA
Recommend
More recommend
