News

Microsoft Goes Live with Information Protection Automatic Classifications

• By Kurt Mackie
• 05/29/2020

The ability to automatically classify documents using the Microsoft Information Protection service's sensitivity labels feature is now at the "general availability" commercially-release stage, Microsoft announced this week.

The automatic classification scheme works across Exchange, OneDrive and SharePoint solutions. Microsoft had described sensitivity labels as being at the general availability stage earlier this month, but that announcement concerned manually applying sensitivity labels to documents. Now, IT pros can set up policies that will automatically label documents without users having to take action.

There's a licensing difference between the two capabilities. Using sensitivity labels with automatic classifications requires having Microsoft 365 E5 or equivalent licensing. Just having the ability to apply labeling manually by end users, though, can be done with E3 licensing.

These sensitivity label product rollouts are part of the Microsoft Information Protection service, which has the ability to classify Office documents (Excel, Outlook, PowerPoint and Word) across Android, iOS, Mac and Windows platforms. Microsoft also has a similar Azure Information Protection service, but it's getting deprecated on March 31, 2021, apparently because it's not a cross-platform solution.

Microsoft wants organizations using Azure Information Protection to migrate their labels to its so-called "unified labeling platform" and eventually move to using Microsoft Information Protection instead. The migration details are described in this document.

Organizations might use Microsoft Information Protection's sensitivity labels to apply classifications to documents, showing those labels in headers and footers. The labels can flag documents when they contain sensitive information such as Social Security numbers, credit card numbers and bank account numbers, for instance.

The Microsoft Information Protection service has a Policy Simulator feature lets IT pros try out a classification policy first and see its effects before going live with it. Here's how this Microsoft document described the Policy Simulator feature:

The simulated deployment runs like the WhatIf parameter for PowerShell. You see results reported as if the auto-labeling policy had applied your selected label, using the rules that you defined. You can then refine your rules for accuracy if needed, and rerun the simulation.

Sensitivity labels aren't automatically turned on. Organizations wanting to use them have to first turn them on using the Microsoft 365 Compliance Center.