question

CalvinC-1957 avatar image
0 Votes"
CalvinC-1957 asked sbairu answered

Sensitivity label policy not working as expected for email

I created a simple "label policy" in M365 compliance with 4 labels, "Internal Use" and "Confidential" and the others. I set the default sensitivity label for new documents as "Internal Use" and default label for a new email is "confidential". However, whenever I create a new Outlook message, the default label is set to "Internal Use" instead of the one should be, "Confidential". The label works fine in Excel and Word. Then I changed around for testing purpose and found out the default label for email is always the same as whatever the setup for document even I specified them differently as the screenshot below.

I also created a new policy and it's the same result.

Please advise if I have overlooked anything here. Thanks.
131312-2021-09-11-20-51-15-information-protection-microso.png

Calvin


azure-information-protection
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

sbairu avatar image
0 Votes"
sbairu answered

Hi @CalvinC-1957,

in Microsoft 365 Sensitivity Labels you can have a label policy that requires that all content is labeled. If you enable this and then later decide this is not for you, you can republish your label policy and disable the default label and the required label policies.

That is, your settings start like this:
132151-image-51.jpg


Policy settings before change
And then you change the settings in the label policy and you end up with these settings, which are published to the end users upon you saving the changes to the policy:
132161-image-61.jpg


Policy settings after the change


As you can see from the before/after screenshots, the label required by default on documents has gone from Confidential to None.

But I have found sometimes this change does not take full effect! You can only see it through if you look in PowerShell for this policy. The PowerShell module to use is the Exchange Online Management module (Install-Module ExchangeOnlineManagement if you don’t have it already) and then run Connect-IPPSSession to connect to the Microsoft 365 Protection Center.
Once connected run Get-LabelPolicy and then (Get-LabelPolicy <name_of_your_policy>).Settings to return the settings.

If I get the settings as above before I remove the mandatory requirement for a label I see:

[requiredowngradejustification, true]
[mandatory, true]
[defaultlabelid, be5e9727-67cc-4056-a87b-1dbbf67b7b9b]

Where the DefaultLabelID matches the GUID for the default label (Get-Label GUID should return the label that is the default).

But, once I remove the mandatory label and the default label, the “mandatory” setting should change to false and the “defaultlabelid” should be removed.

If the defaultlabelid does not get removed and the users do not see the policy change pushed out then it time for PowerShell to the rescue.


Set-LabelPolicy <Name> -AdvancedSettings @{defaultlabelid=""}

The above cmdlet changes the named policy label to remove the defaultlabelid value. Once you have run this, (Get-LabelPolicy <name>).Settings should not show the requirement for a default label.

Thanks & Regards,
sarat chandra

Source from:==>https://c7solutions.com/2021/01/removing-a-default-sensitivity-label

(Please don't forget to accept helpful replies as answers)


image-51.jpg (81.8 KiB)
image-61.jpg (85.2 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.