Sensitivity labels are a Microsoft Purview Information protection allowing a classification and protection over your organization data. It has been available first for documents, emails and apps and the option is now associable to containers (teams, groups and SharePoint sites).
Team privacy and guest access are configurable directly in Powell Teams templates.
Applying sensitivity labels on your teams allows you to control the access of the content stored in the team. The following governance configurations are taken in account: privacy settings, external user access and external sharing, and access from unmanaged devices. To be able to enable sensitivity labels on containers, please follow the instruction of the next paragraph.
Powell Teams has no technical possibility to be able to get the sensitivity labels feature of Microsoft to reuse them in Powell Teams templates.
Enable sensitivity labels on Azure AD
A Microsoft documentation is available here for more details.
1. Open a Windows PowerShell window on your computer. You can open it without elevated privileges.
2. Run the following commands to prepare to run the cmdlets.
In the Sign in to your account page, enter your admin account and password to connect you to your service, and select Sign in.
3. Fetch the current group settings for the Azure AD organization and display the current group settings.
$grpUnifiedSetting = (Get-AzureADDirectorySetting | where -Property DisplayName -Value "Group.Unified" -EQ)
$Setting = $grpUnifiedSetting
4. Enable the feature:
$Setting["EnableMIPLabels"] = "True"
Synchronize your sensitivity labels to Azure AD and activate it for containers
1. To synchronize your sensitivity labels to Azure AD, you need first, to connect to Security & Compliance PowerShell.
For example, in a PowerShell session that you run as administrator, sign in with a global administrator account.
2. Then run the following command to ensure your sensitivity labels can be used with Microsoft 365 groups:
3. You are now able to enable sensitivity labels on groups and sites here while creating or editing a label in Microsoft Purview Information.
Create a sensitivity label
Now that all the prerequisites have all been checked, you are able to create a new sensitivity label in Microsoft Purview Information.
Provide a name and description to your label:
Define the scope of your label to let it applied on groups and sites:
Configure your protection settings:
First with external user access settings:
And then with external sharing and device access
The last step is now to publish this new label:
Here you can select the default label you want to apply while creating a new team.:
And finaly name your policy:
Apply sensitivity labels
What about teams classification?
Team's classification labels are text strings you associate with a Microsoft 365 group, but they do not have any associated controls or policies.
The team's classification labels are simply metadata; for security, you will need to use Sensitivity labels and policies. The classification labels need adding using PowerShell, and you cannot combine them with Sensitivity labels.