Mandatory Unified Sensitivity Labels ( Except for Outlook )

Jason Sewell 1 Reputation point
2020-12-02T13:57:17.903+00:00

We are in the process of migrating from legacy AIP Labels to the new Unified Labels for data classification in Office365. In the past, users were required to label all new documents by AIP policy setting. However, we did not require users to label every email by taking advantage of the "DisableMandatoryInOutlook" advanced label policy.

As we migrate to Unified Labels and set the policy to enforce mandatory labels, we see that users are required to label every email, which is undesirable in our organization. It's not a surprise that Unified Labels are ignoring the DisableMandatoryInOutlook advanced AIP label policy, but we would like to know if there is an equivalent means in Unified Labels to not require users to label every email but still require them to label documents.

Azure Information Protection
Azure Information Protection
An Azure service that is used to control and help secure email, documents, and sensitive data that are shared outside the company.
519 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,360 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. JamesTran-MSFT 36,376 Reputation points Microsoft Employee
    2020-12-03T22:34:04.467+00:00

    @Jason Sewell
    Thank you for your post!

    When it comes to "DisableMandatoryInOutlook", I found the available advanced client settings for classic AIP, and the equivalent for the unified labels. You should be able to Exempt Outlook messages from mandatory labeling by running: 

    Set-LabelPolicy -Identity Global -AdvancedSettings @{DisableMandatoryInOutlook="True"}

    I've also added the 'office-exchange-server-mailflow' tag to this thread to see if our Outlook and Exchange mailflow community can look into this as well.

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

  2. Philipp Ebner 1 Reputation point
    2021-01-05T09:02:37.727+00:00

    @Jason Sewell we have (had) the same problem.
    what we did was, we set a default label (preferably a low priority one) and educated the users on changing the default, in case the file or email contains sensitive information.
    why use a default label? well, if users create new content in sharepoint online or onedrive, they are not forced to set a label (yet). By setting a default label, we ensure, that at least every new file has a label (even if the user forgets to set one).