As an additional configuration to the settings you see in the Microsoft Purview portal or the Microsoft Purview compliance portal for sensitivity labels, you can use these labels to configure settings for the default sharing link type for a SharePoint site or OneDrive account, and for individual documents. These settings are automatically selected, but not highly visible to users when they select the Share button in their Office apps. As an example:
The default sharing link type sets the scope (who) and permissions (view or edit) that are automatically selected when users share files and folders. Although users can always override these default settings before sending the sharing link, the settings you choose provide a safe baseline. Typically, users don't change the settings before sharing.
At the site level (SharePoint site or OneDrive account), sensitivity labels provide a convenient alternative for setting the default sharing link type that can be configured for a site in the SharePoint admin center. For more information, see Change the default link type for a site from the SharePoint documentation.
This site-level configuration works well for SharePoint sites that have documents all with the same level of sensitivity. But if sites contain some documents that have a higher level of sensitivity that require more restrictive settings, you can configure a sensitivity label with different settings for the default sharing link type, and then apply this label to documents.
In this scenario where the site has default sharing link type settings, and a document in that site has different default link type settings, the more restrictive scope settings will be applied at the time the user selects the sharing option for the document. For example:
The default sharing link type for the site is scoped to anybody in your organization. A document in that site is labeled with the default sharing link type set to specific people. When a user shares that document, the default sharing link type selected will be scoped to specific people.
The default sharing link type for the site is scoped to specific people, with edit permissions. A document in that site is labeled with the default sharing link type set to anybody in the organization, with view permissions. When a user shares that document, the default sharing link type selected will be scoped to specific people with edit permissions.
Configuring the default link type for documents might also be appropriate without the site-level setting. For example, although SharePoint sites are typically organized to host the same type of documents, that isn't the case for OneDrive accounts. Users typically save a wide range of files to OneDrive, often including a mix of personal and business documents. Setting a default link type for all documents for a user's OneDrive account is probably not practical, but individual documents can still benefit from these settings. For example:
Documents labeled Highly Confidential have a default sharing link type that restricts sharing to specific people rather than anybody in the organization.
Documents labeled General have a default sharing link type that restricts sharing to people in your organization.
Documents labeled Personal have a default sharing link type that allows sharing to anyone with the link.
Nasvet
If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview trials hub. Learn details about signing up and trial terms.
SpecificPeople: Sets the default sharing link to specific people (only the people the user specifies)
Organization: Sets the default sharing link for only people in your organization
Anyone: Sets the default sharing link to anyone with the link, which is equivalent to anonymous access
DefaultShareLinkPermission: The available values are:
View: Sets the default link permission to view permissions
Edit: Sets the default link permission to edit permissions
These two settings and values are the equivalent of the parameters DefaultSharingScope and DefaultShareLinkPermission from the Set-SPOSite cmdlet.
Another configuration for the default sharing link type is to use the DefaultShareLinkToExistingAccess advanced setting, which is the equivalent of the parameter DefaultLinkToExistingAccess from the Set-SPOSite cmdlet. When you set this value to True, it overrides the other two advanced settings and their values.
PowerShell examples, where the sensitivity label GUID is 8faca7b8-8d20-48a3-8ea2-0f96310a848e:
To set the default sharing link type to SpecificPeople:
To configure the settings for the default sharing link type for a site, the scope of the sensitivity label must include Groups & sites when you create the sensitivity label in the Microsoft Purview portal or the Microsoft Purview compliance portal. After it's created, you see this displayed as Site, UnifiedGroup in the Scope column on the Labels page, and the PowerShell ContentType setting also displays this same value. For documents, the scope must include Files & other data assets, which displays as File, Email. Then:
When the scope includes Groups & sites, you can apply the label to a site, which sets the default sharing link type for that site. For information how to apply a sensitivity label to a site, see How to apply sensitivity labels to containers.
When the scope of the sensitivity label includes Files & other data assets, you can apply the label to documents, which sets the default sharing link type for that document. The label can be applied manually or automatically.
Nasvet
You can also specify that the label is the default sensitivity label to be applied for new sites or new documents, as a label policy setting.
This module examines the process for implementing sensitivity labels, including applying proper administrative permissions, determining a deployment strategy, creating, configuring, and publishing labels, and removing and deleting labels.
Configure a SharePoint document library with a sensitivity label to extend existing permissions to documents that are downloaded, and protect files from being copied or moved.
When you create a sensitivity label, you can automatically assign a label to data stored in Microsoft 365, or you can prompt users to select the label that you recommend.
A requirement for all Microsoft Purview Information Protection solutions: Create, configure, and publish sensitivity labels to classify and protect your organization's data.
