Hi @Daniel Herrera - ExperTech,
Thank you for reaching out to Microsoft Q&A forum!
Certainly! Let’s address your scenarios regarding Azure Information Protection (AIP) and folder labeling in SharePoint Online and OneDrive:
Folder Labeling and New Documents:
- When you label a folder using AIP, the label is typically applied to the folder itself, not individual files within it. As a result, new documents added to the folder won’t automatically inherit the label.
- To ensure that new documents inherit the label from the folder, you can follow these steps:
- **Option 1**: Apply the label directly to the files within the folder instead of the folder itself. This way, any new documents added to the folder will automatically receive the same label. - **Option 2**: Use sensitivity labels in Office apps (such as Word, Excel, or PowerPoint) to apply labels to individual files. [These labels can be synchronized with SharePoint and OneDrive, ensuring consistent labeling across your documents](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/can-aip-be-used-for-onedrive-for-business-and-sharepoint-online/td-p/276672)[1](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/can-aip-be-used-for-onedrive-for-business-and-sharepoint-online/td-p/276672). - Keep in mind that directly protecting files with AIP may limit certain functionalities, such as co-authoring and search features. [Consider the trade-offs based on your organization’s needs](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/can-aip-be-used-for-onedrive-for-business-and-sharepoint-online/td-p/276672)[1](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/can-aip-be-used-for-onedrive-for-business-and-sharepoint-online/td-p/276672). **Permissions and Folder Labeling**: - When you label a folder with “highly confidential” encryption, the permissions are determined by the label settings and the user who applied the label. - By default, the person who labeled the folder becomes the “owner” or “leader” of the labeled content. They have full control over permissions. - However, if the folder had broader access (e.g., shared with multiple people) before labeling, you might need to review and adjust permissions manually. - To address this: - **Option 1**: Regularly review permissions on labeled folders to ensure they align with your intended access controls. - **Option 2**: Consider using sensitivity labels in Office apps to manage permissions more dynamically. [For example, you can set up automatic permissions based on label criteria (e.g., “highly confidential”)](https://learn.microsoft.com/en-us/purview/sensitivity-labels-office-apps)[2](https://learn.microsoft.com/en-us/purview/sensitivity-labels-office-apps). - Remember that AIP encryption doesn’t affect permissions directly; it’s the label settings that determine access rights.
- To ensure that new documents inherit the label from the folder, you can follow these steps:
In summary, consider whether folder or file-level labeling best suits your needs, and periodically review permissions to maintain security and access control. If you have specific organizational requirements, consult with your IT or security team to tailor the solution accordingly.