Microsoft Purview || Part-2

aditya goel

9 min readApr 5, 2025

If you are landing here directly, its advisable that you first refer to this blog.

Part 1. Sensitivity Labels

Discussion → What are the Sensitivity Labels ?

Discussion → What job does the Sensitivity Labels performs ?

Discussion → What are the properties of a Sensitivity Label ?

Discussion → What all things that a Sensitivity Label can do ?

Discussion → Show some examples for Sensitivity Labels ?

Answer → Here is the Sensitivity Label on the Excel File :-

Below is yet another Sensitivity Label on the Email in the Exchange :-

Here is yet another mechanism, through which we can apply the Sensitivity Label on the Excel File :-

Here are how the sensitivity-labels looks like at Purview Dashboard :-

Discussion → What is a Sub-Label ?

Answer → As shown in below screenshot, the Label “Confidential” in-turn have multiple sub-labels :-

Anyone.
All Employees.
Trusted People.

Here is how the Sub-Labels looks like on the Purview-Dashboard. For example for the “Highly Confidential” Label, we have following sub-labels :-

Specified People.
All Employees.

Discussion → Show the process of creating a new Label, through Purview Dashboard ?

Step #1.) First we define the Name, Label and Description for the Sensitivity-Label :-

Step #2.) Now we define the Scope for this Label i.e. where this Label can be applied :-

Step #3.) Now we define the Protection Settings for the types of items that we would select :-

In this step, we also define the Access-Control for this Label. Under the section : “Assign Permissions now or let users decide ?”, there are two choices available :-

Assign permission Now.
Let Users assign permissions when they apply the label → We shall choose this option for now.

Once we choose option #2, as shown from above screenshot, we shall need to provide restrictions :-

Next, we have to choose the time when shall the user-access to content would expire ?

In this step, we can also define, whether we wanted to add watermark, header or footer to the content that has this Label :-

In this step, lastly we can also add the option of adding the Auto-Labelling for Files and Emails. Example → Say when the Users compose or try to forward emails from outlook, then if that email contains matching condition, then this label shall be applied automatically.

Step #4.) Next, we define the protection settings for groups and sites.

Step #5.) Next, we get an option to perform the Auto-Labelling for Schematized-Data-Assets :-

Step #6.) Finally, we are here at the last step of Finish :-

Once we hit the “Create Label” button, we can see that, our label gets created :-

Step #7.) Now, we can Publish the Label :-

And finally, here we can see, our newly created label in our list of Sensitivity-Labels :-

Part 2. Sensitivity Policies

Discussion → How does the Sensitivity-Label-Policies looks like ?

Discussion → Showcase by editing the afore-shown Sensitivity-Label-Policy, that what all things can be configured in this Label-Policy ?

Step #1.) Below shown are the Sensitivity-Labels to publish :-

Step #2.) Next, we have to assign the Admin-Units :-

Step #3.) Next, we have to define here that, whether this particular label shall be available to Users or Groups ?

Step #4.) Next, we can configure the settings for the Labels, that are included in this Policy :-

Here, we have the option to apply the default settings for the documents :-

Similarly, we have the option to apply the default settings for the Emails :-

Similarly, we have the option to apply the default settings for the Meetings & Calendar Events :-

Similarly, we have the option to apply the default settings for the Fabric & Power-BI-Content :-

Step #5.) Now, we can configure here the Name of the Policy :-

Step #6.) Finally, we can click on the Finish button & submit.

And here is we have the latest version of the “Sensitivity-Label-Policy” :-

Part 3. Auto Labelling Policies

Discussion → What does the Auto-Labelling-Policies means ?

Answer → We can create auto-labelling-policies which apply sensitivity-labels automatically to the Email Messages OR OneDrive OR SharePoint Files that contains sensitive info.

Discussion → Showcase, how the Auto-Labelling-Policies can be created ?

Step #1.) First we select the Category & Regulation for which thi Auto-Labelling-Policy is to be created :-

Step #2.) Next, we define the Name & Description of this Policy :-

Step #3.) Next, we assign the Admin-Units, which have the capability to restrict the policy to specific set of users or groups :-

Step #4.) Next, we choose the Locations where we want to apply this Label :-

Step #5.) Next, we setup the Policy Rules :-

Here is how, we can create the New Rules :-

Step #6.) Next, we choose a Label, to which we want to get auto-applied :-

Here, we choose the “Confidential/All Employees” sensitivity-label, which shall be auto-applied :-

We also select the additional settings for the Email, here :-

Step #7.) Now, we choose the Policy-Mode. There are 2 options for the same here :-

Run Policy in Simulation Mode.
Leave Policy Turned-Off.

Step #8.) Last but not the least, we hit the Finish button, which shall create the Policy :-

Part 4. Message Encryption

Discussion → What is the need of Purview Message Encryption ?

Discussion → Explain some more details about the Purview Message Encryption ?

Here is how the Purview Message Encryption is being helpful :-

Discussion → Talk about the Advanced Message Encryption ?

Discussion → Explain step by step, the process of performing the Message Encryption through Purview ?

Step #1.) First, we need to create a new role. Here we shall choose : “Apply Office 365 Message Encryption and rights protection to messages” :-