Purview label to expire download for external guest user

prasantc 936 Reputation points
2024-07-18T05:27:26.5766667+00:00

Is it good to modify an existing public label or create sublabel under for public to enforce expiration for public sharing of file in email.

  1. User access to content expires in a particular data
  2. Allow offline access__ Only for a number of days_ 5_
  3. Under users or groups - Add specific domain of vendor or contractor

Is it a good way to approach sharing of file to external email domain address. Would it carry the policy of recipient on that domain forwards to another domain.

Microsoft Purview
Microsoft Purview
A Microsoft data governance service that helps manage and govern on-premises, multicloud, and software-as-a-service data. Previously known as Azure Purview.
1,217 questions
0 comments No comments
{count} votes

Accepted answer
  1. PRADEEPCHEEKATLA-MSFT 90,146 Reputation points Microsoft Employee
    2024-07-18T10:16:59.5633333+00:00

    @prasantc - Thanks for the question and using MS Q&A paltform.

    Based on the official documentation: Restrict access to content by using sensitivity labels to apply encryption, it is recommended to use sensitivity labels to restrict and encrypt access to documents when sharing them with external users via email. You can also enforce protection settings such as encryption, watermarks, and access restrictions. For example, users can apply a Confidential label to a document or email, which can encrypt the content and add a Confidential watermark.

    Recommendations for the expiry and offline access settings:

    User's image

    Regarding the expiration of public sharing of files in email, it is recommended to set the user access to content to never expire unless the content has a specific time-bound requirement. The offline access setting depends on the sensitivity of the content. For sensitive business data that could cause damage to the business if shared with unauthorized people, it is recommended to allow offline access for only a limited number of days, such as 7. For very sensitive business data that would cause damage to the business if shared with unauthorized people, it is recommended to never allow offline access. For less sensitive content, it is recommended to always allow offline access for up to 30 days or the configured use license validity period for the tenant.

    As for modifying an existing public label or creating a sublabel under it for public sharing of files in email, it is not clear from the provided document whether this is a good approach or not. It is recommended to use sensitivity labels to classify and protect data based on business requirements. You can apply sensitivity labels to containers like SharePoint sites and help manage external users' access. However, it is important to note that sensitivity labels on containers can restrict access to the container, but content in the container doesn't inherit the label.

    Hope this helps. Do let us know if you any further queries.


    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.