Sensitivity labels
Sensitivity labels are part of Microsoft Information Protection solution. Sensitivity labels classify and protect your organization’s data, by applying appropriate permissions and restrictions on the classified content. As opposed to retention labels, which are published to locations such as all Exchange mailboxes, sensitivity labels are published to users or groups. That means that everywhere where the labels are supported, your users will be able to use them. Apps that support sensitivity labels will display them to the users and groups they were published to. The sensitivity labels will show as already applied labels, if they are being applied automatically; or as labels that can be applied, if the Compliance Administrator decided that they can be applied by users.
Prerequisites
Install Exchange Online module and Connect to Security & Compliance Center PowerShell.
Install-Module -Name ExchangeOnlineManagement -RequiredVersion 2.0.5
Connect-IPPSSession -UserPrincipalName User@contoso.com
Verify existing labels
Use Get-Label cmdlet to see the available labels in your environment, their scopes and priorities.
Get-Label
Get All Details on a Label
Get-Label -Identity keyword-label | fl
Get All Label Actions
If you use -IncludeDetailedLabelActions parameter, you will see the particular actions assigned to each label.
Which Label Causes Trouble
If you are unsure which label is applying specific policy, you can check which labels perform which actions.
Get-Label -IncludeDetailedLabelActions $true | select Applywatermarkingtext, displayname
Get-Label -IncludeDetailedLabelActions $true | select EncryptionEnabled, displayname
Find auto-labeling labels
Each label has a property called “capabilities”. Using it, you can discover which labels are automatically applied to the content.
Get-Label | select Capabilities, DisplayName
Audit Matrix for Label Actions
Audit matrix allows you to see the entire overview of labels, their actions, capabilities and settings at a given point of time. It is a simple Excel file, but may be useful if your organization needs to store the settings for compliance reasons.
See Also
M365 Information protection: Understanding Sensitivity labels vs sensitive information types