unified labeling

Unified Labeling Goes Live and Scares the Heck Out of Me

We’ve all know that Microsoft’s implementation of Unified Labeling was coming.  This was going to enable us to use much of the functionality of Azure Information Protection in O365 which has been long anticipated.  This turned on in my demo tenant right before I delivered a presentation to a group on the topic and it was quite a shock to see the labeling interface change.  Ahh the fun of the Cloud.

So, what did we get in the new roll out.

First off, and this is what scared me, we get a new Tab for labels in the interface.  Alas it wasn’t easily apparent, and in my surprise at the change I never saw the tab in the UI.  I actually thought that all of the old style retention labels were just gone.  Lucky for me, they are not…just on a second tab in the interface.

unified labeling

The New Advanced Data Governance Tab Interface

The new default tab is the Sensitivity Labels, and these are essentially Azure Information Protection labels with a couple of caveats.  These labels do allow you to protect an email or a document, add headers, footers, and watermarks, and have hooks into the DLP services in Intune to allow for detailed mobile app security.  It looks like we get these labels regardless of the EM-S license.  My Demo tenant only has O365 E3 licenses and no EM-S licenses and I still get the ability to create and manage these labels.

Sensitivity Labels that you create in Security and Compliance are visible in the Azure Information Protection dashboard in Azure, so, the guidance that I have heard from Microsoft is to create your labels in the Security and Compliance Center and then you can edit them further in the Azure Information Protection dashboard in Azure.

unified labeling

New ADG Label in AIP

A couple of things that I noticed:

  • If you have EM-S, then you still get the old AIP labels, but they are not visible in the Security in Compliance Center
  • ADG Sensitivity Labels appear in AIP in a group called Protection Templates and do not have the ability to be groups or color coded like AIP labels normally can be.
  • Labels in the Security and Compliance Center cannot be edited in the AIP console if you don’t have an EM-S license, just viewed.
  • You still need to publish the label to make it visible to end users

More to come as I discover it.

Leave a Reply

x

We use cookies to ensure the best possible experience on our website. Detailed information on the use of cookies on this site is provided in our Privacy and Cookie Policy. Further instruction on how to disable our cookies can be found there.