Sensitivity labels allow Teams admins to regulate access to sensitive organizational content created during collaboration within teams. You can define sensitivity labels and their associated policies in the Security & Compliance Center. These labels and policies are automatically applied to teams in your organization.
What’s the difference between sensitivity labels and Teams classification labels?
Sensitivity labels are different from classification labels that require you to create them using PowerShell. Classification labels are text strings that can be associated with a group but don’t have any actual policies associated with them. You use classification labels as metadata to manually enforce policies through internal tools and scripts.
On the other hand, sensitivity labels and their policies are automatically enforced end-to-end through a combination of the Groups platform, Security & Compliance Center, and Teams services. Sensitivity labels provide powerful infrastructure support for securing your organization’s sensitive data.
Create and publish sensitivity labels for Teams
For how to enable, create, and publish sensitivity labels for Teams, see Use sensitivity labels with Microsoft Teams, Office 365 groups, and SharePoint sites.
Using sensitivity labels with Teams
Here are some example scenarios of how you can use sensitivity labels with Teams in your organization.
Privacy setting of teams
You can create a sensitivity label that, when applied during team creation, allows users to create teams with a specific privacy (public or private) setting.
For example, you create a label named “Confidential” in the Security & Compliance Center and you configure Teams so that any team that’s created with this label must be a private team. When a user creates a new team and selects the Confidential label, the only privacy option that’s available to the user is Private. Other privacy options such as Public and Org-wide are disabled for the user.
Similarly, if the user selects General when they create a new team, they can only create public or org-wide teams.
When the team is created, the sensitivity label is visible in the upper-right corner of channels in the team.
A team owner can change the sensitivity label and the privacy setting of the team at any time by going to the team, and then clicking Edit team.
Guest access to teams
You can specify whether a team created with a specific label allows guest access. Teams created with a label that doesn’t allow guest access are only available to users in your organization. People outside your organization can’t be added to the team.
Support for sensitivity labels in the Microsoft Teams admin center
Currently, sensitivity labels are not supported in the Microsoft Teams admin center. If you use sensitivity labels, you won’t be able to set sensitivity labels when you create or edit a team. Sensitivity labels are also not visible in team properties and won’t be visible in the Classification column in the Microsoft Teams admin center.
Support for sensitivity labels in Teams Graph APIs, Powershell cmdlets and templates
Currently, users won’t be able to apply sensitivity labels on teams that are created directly through Graph APIs, Powershell cmdlets, and templates.