Sensitivity Labels are considered an advanced IT consideration. If your organisation is not using Sensitivity Labels in Microsoft 365 then you will not be able to use this feature in Atlas.
Sensitivity Labels are not part of Atlas, but form part of a broader security framework in your organisation, implemented (normally in AzureAD/MS365) by your IT/Security colleagues. To confirm, Sensitivity Labels definitions are not managed or updated in Atlas; they are only used.
A new feature in Atlas 4.1 extends the security offering of the application, consistent with Security Features available in MS365 and the Sensitivity Label policies your organisation might already be using.
This article assumes your organisation is already thinking of, or better still has already implemented a Container-level Sensitivity Label framework. This article covers how some new, straight-forward features in Atlas 4.1 works with that Sensitivity Label framework.
Do refer to this article for more information on Container-level Sensitivity Labels from Microsoft: Use sensitivity labels with Microsoft Teams, Microsoft 365 Groups, and SharePoint sites - Microsoft Purview (compliance) | Microsoft Learn
Whilst the changes in Atlas are quite simple, their impact is huge providing:
- The flexibility to use Container-Level Sensitivity labels across all workspaces based on the template used
- Achieve consistency in security across all workspaces
- Avoiding human errors that may over-restrict or under-restrict access to content in workspaces.
- Simplify the knowledge needed by workspace creators regarding security or company policies.
- Reduce the training needed by new workspace creators.
Some organisations are already using Sensitivity Labels for content. For example, You might already be prompted to apply a Sensitivity Label when sending an email or saving a file? Content-level sensitivity labels are a growing option for clients at the moment.
In addition, an organisation can also apply Sensitivity Labels at the container level. In this definition a container might be any Teams, M365 groups or SharePoint sites.
The new Sensitivity Label features in Atlas 4.1 described here are applicable to container level Sensitivity Label definitions ONLY.
Connex Studio Template Creators
The new Sensitivity Labels feature introduced in Atlas 4.1 is available for Connex Template Creators and allows for existing MS365 Sensitivity Labels to be used as part of a new or existing Template.
Here we can see the Connex Studio panel Template Creators will now see; Note the new "Workspace Sensitivity Label" field towards the bottom of the panel.
When Connex Template Creators are defining or editing a template, a drop down appears containing the Container-Level Sensitivity Labels defined already, and made available in AzureAD/MS365 by your IT/Security department:
If required the Connex Template Creators can select an appropriate Sensitivity Label from the drop down that matches the purpose the Template is being created for. For example, a Template designed for users to create Legal Workspaces might include a Sensitivity Label that disallows visitors from accessing the site from unauthorised devices, whilst still allowing them to access other sites (from an unauthorised device) that don't have a Sensitivity Label restriction.
If not required, the field is not mandatory and can be left blank.
N.B. The options that appear in the dropdown honor Application Permissions. Simply, options only appear if Connex Template Creators have permission to see them. This is a consequence of the flexibility of Sensitivity Labels, where their definition can be very granular, why they are considered an advanced IT function and beyond the scope of this article!
As you would expect, once the template is saved, the response in the "Workspace Sensitivity Label" becomes part of the template. The response can be changed by editing the template in Connex Studio.
Connex Workspace Creators
Once templates are defined, they are available to Connex Workspace Creators to use to create Workspaces. The beauty of the Sensitivity Label being set as part of the Connex Template means Connex Workspace Creators are protected from making the wrong decision about which Sensitivity Label to apply to the new Workspace.
In this screenshot note how the "Workspace Sensitivity Label" is Read-Only and cannot be changed by the Connex Workspace Creator creating this example:
Please sign in to leave a comment.