We can publish Sensitivity Labels, which enable you to control who can view and apply them, where they can be used, and what level of protection they provide. For example, you might want your Finance team to apply a “Confidential” label to internal reports, while your Sales team only sees labels relevant to client communication.
In this post, I’ll show you how to publish Sensitivity Labels in Microsoft 365, so you can make them available to the right users and groups across your organization.
Create a Policy to Publish Sensitivity Labels
Before you can publish Sensitivity Labels, you first need to create them in Microsoft 365 Purview. Publishing only makes the labels available to users; it doesn’t create new ones. So, make sure you have already set up your labels.
Follow the steps below to make your Sensitivity Labels available to the correct users and devices:
- Go to Microsoft Purview, then navigate to Solutions -> Information Protection -> Policies -> Label publishing policies. Then, click on Publish Label.
- Once you click on the Publish label, you’ll see the screen to choose which sensitivity labels you want to publish.
- Click Choose sensitivity labels to publish.
- A panel opens on the right showing all the labels that are already created.
- From here, you can select the labels you want to make available to users.
- For example, in my case, I selected Personal, Public, Highly Confidential, and Internal.
- After selecting, click Add.
- The chosen labels will now appear under the “Sensitivity labels to publish” section. Then, click Next.
- In this step, you can choose Admin Units to restrict the policy to a specific set of users or groups. Admin Units are managed in Microsoft Entra ID and allow you to scope policies more precisely.
- If you want the policy to apply only to specific Admin Units, click “Add or remove admin units” and make your selection.
- If you want the policy to apply across your entire organization (including all users and groups), leave it as is.
- In my case, I want to publish labels for the whole organization, so I’ll skip this step and click Next.
- Next, select the users, distribution groups, mail-enabled security groups, or Microsoft 365 Groups that should have access to the sensitivity labels.
- If you want to make the labels available to everyone in your organization, leave the default option as All users & groups.
- If you want to restrict the labels to specific groups (for example, Finance, HR, or Sales), click Edit, and then select the users or groups you want.
- In my case, I want all users to have access to these labels, so I’ll keep the default option and click Next.
- On the next screen, you’ll configure policy settings for the sensitivity labels. These settings determine how users interact with the labels across emails, documents, and other content. The available options are:
- Users must provide a justification to remove a label or lower its classification:
- When enabled, users must give a reason before removing a sensitivity label or replacing it with a lower-level classification.
- Require users to apply a label to their emails and documents:
- This makes labeling mandatory before users can save documents or send emails (unless the item already has a label).
- Require users to apply a label to their Fabric and Power BI content:
- Ensures that any new or edited content in Fabric and Power BI remains labeled.
- Provide users with a link to a custom help page:
- Allows you to add a custom URL where users can learn more about using sensitivity labels in your organization.
- Users must provide a justification to remove a label or lower its classification:
- In my case, I don’t need to enforce these options at this time, so I’ll leave them unchecked and click Next.
- Here, you have the option to apply a default sensitivity label to Word, Excel, and PowerPoint documents when they are created or modified. This helps ensure that documents are protected by default.
- If you want documents to inherit a sensitivity label (e.g., Confidential) automatically, you can select it from the dropdown.
- Users can still change the label later if a different classification better matches the content.
- If you don’t want to enforce a default label, leave the option as None.
- In my case, I’ll keep the setting as None and click Next.
- This option allows you to automatically apply a default sensitivity label to all new emails composed by users.
- If you want every email to start with a predefined label (e.g., Internal Use Only), select it from the dropdown list.
- Users can still change the label before sending the email if a more appropriate classification is available.
- If you don’t want to enforce a default label on emails, leave the option set to None.
- Additionally, we can make the Inherit label from attachments:
- When enabled, if an email contains an attachment that already has a sensitivity label, the email will automatically inherit that label.
- This ensures that sensitive content in attachments is consistently protected, even when shared via email.
- In my case, I’ll keep the default label as None but enable Inherit label from attachments, then click Next.
- After setting the default settings for emails, the wizard provides additional options:
- Default settings for meetings and calendar events
- Default settings for sites and groups
- Default settings for Fabric and Power BI content
- These allow you to automatically apply sensitivity labels to meeting invites, Teams/SharePoint sites, and Power BI content. Since I don’t need to enforce any defaults for these right now, I’ll skip these steps.
- In this step, provide a name and an optional description for your label policy.
- The name should be clear and meaningful so that admins can easily identify the policy later (e.g., Organization-wide Sensitivity Labels).
- The description can be used to add more context about the policy’s purpose or the groups it applies to.
- Once you’ve entered the details, click Next.
- The final screen gives you a summary of all the settings you’ve configured. Review the details carefully:
- Labels included in the policy
- Assigned users and groups
- Policy settings (like justification or mandatory labeling)
- Default settings for documents, emails, and other content types
- If everything looks correct, click Submit to create and publish the sensitivity label policy.
Once the policy is created, you’ll see a message that says: New policy created. It can take up to 24 hours to publish the labels to the selected users’ apps.
This means the sensitivity labels will not appear instantly in Outlook, Word, Excel, PowerPoint, Teams, and other apps. Allow up to 24 hours for the changes to fully propagate across your organization.
Publish Sensitivity Labels in Microsoft 365 enables you to assign the correct labels to users or groups, configure defaults, and enforce labeling rules, ensuring consistent protection of sensitive information across all apps.
Additionally, you may find the following interesting tutorials:
- Import Terms into the Term Store in SharePoint
- Enable Sensitivity Labels On PDF Using PowerShell
- Add Synonyms to SharePoint Term Store Metadata Terms
- Create SPFx Dynamic Accordion Webpart Using PnP Controls React
Hey! I’m Bijay Kumar, founder of SPGuides.com and a Microsoft Business Applications MVP (Power Automate, Power Apps). I launched this site in 2020 because I truly enjoy working with SharePoint, Power Platform, and SharePoint Framework (SPFx), and wanted to share that passion through step-by-step tutorials, guides, and training videos. My mission is to help you learn these technologies so you can utilize SharePoint, enhance productivity, and potentially build business solutions along the way.
