Sensitivity label policy not working as expected for email

Calvin C 1 Reputation point
2021-09-12T02:09:05.577+00:00

I created a simple "label policy" in M365 compliance with 4 labels, "Internal Use" and "Confidential" and the others. I set the default sensitivity label for new documents as "Internal Use" and default label for a new email is "confidential". However, whenever I create a new Outlook message, the default label is set to "Internal Use" instead of the one should be, "Confidential". The label works fine in Excel and Word. Then I changed around for testing purpose and found out the default label for email is always the same as whatever the setup for document even I specified them differently as the screenshot below.

I also created a new policy and it's the same result.

Please advise if I have overlooked anything here. Thanks.
131312-2021-09-11-20-51-15-information-protection-microso.png

Calvin

Azure Information Protection
Azure Information Protection
An Azure service that is used to control and help secure email, documents, and sensitive data that are shared outside the company.
517 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sarat Chandra 581 Reputation points
    2021-09-15T00:02:18.89+00:00

    Hi @Calvin C ,

    in Microsoft 365 Sensitivity Labels you can have a label policy that requires that all content is labeled. If you enable this and then later decide this is not for you, you can republish your label policy and disable the default label and the required label policies.

    That is, your settings start like this:
    132151-image-51.jpg

    Policy settings before change
    And then you change the settings in the label policy and you end up with these settings, which are published to the end users upon you saving the changes to the policy:
    132161-image-61.jpg

    Policy settings after the change

    As you can see from the before/after screenshots, the label required by default on documents has gone from Confidential to None.

    But I have found sometimes this change does not take full effect! You can only see it through if you look in PowerShell for this policy. The PowerShell module to use is the Exchange Online Management module (Install-Module ExchangeOnlineManagement if you don’t have it already) and then run Connect-IPPSSession to connect to the Microsoft 365 Protection Center.
    Once connected run Get-LabelPolicy and then (Get-LabelPolicy <name_of_your_policy>).Settings to return the settings.

    If I get the settings as above before I remove the mandatory requirement for a label I see:

    [requiredowngradejustification, true]
    [mandatory, true]
    [defaultlabelid, be5e9727-67cc-4056-a87b-1dbbf67b7b9b]

    Where the DefaultLabelID matches the GUID for the default label (Get-Label GUID should return the label that is the default).

    But, once I remove the mandatory label and the default label, the “mandatory” setting should change to false and the “defaultlabelid” should be removed.

    If the defaultlabelid does not get removed and the users do not see the policy change pushed out then it time for PowerShell to the rescue.

    Set-LabelPolicy <Name> -AdvancedSettings @{defaultlabelid=""}

    The above cmdlet changes the named policy label to remove the defaultlabelid value. Once you have run this, (Get-LabelPolicy <name>).Settings should not show the requirement for a default label.

    Thanks & Regards,
    sarat chandra

    Source from:==>https://c7solutions.com/2021/01/removing-a-default-sensitivity-label

    (Please don't forget to accept helpful replies as answers)

    0 comments