How do you know how many labels to use when implementing Microsoft Information Protection (MIP)?


Microsoft Information Protection (MIP) helps your organization discover, classify, and protect your sensitive information. You can use MIP to tag sensitive content and apply information protection policies (e.g. encryption, digital rights management, etc.) to secure content wherever it resides.

One of the many considerations when implementing MIP is determining which sensitivity labels you will use to classify your content. A sensitivity label is a tag (or identifier) that denotes how sensitive the content in the email or document is (e.g. whether it contains public information, company confidential information, personal information, etc.). Sensitivity labels can be applied manually by your employees or via automated policies. You can set up protections for sensitivity types (e.g. auto-encryption of all content containing personal information).

While your organization has a wide array of vital information, Microsoft recommends limiting the number of sensitivity labels you use in your MIP implementation. But how do you decide which sensitivity labels to use? And should you select one of those labels as a default that is auto-set for all content?

Episode 39 of the Microsoft 365 Voice podcast covers this topic in detail. Antonio, Mike, and I all advocate for limiting yourself to 3 or 4 sensitivity labels if possible (5 labels at the most). Here’s a few of the reasons we advocate for such a short list:

  • Fewer labels are easier to remember and use. Your MIP implementation will only be successful if your employees understand when & how to apply a label. Your employees aren’t all information tagging experts, so don’t make them have to know the Dewey Decimal System to tag a document or an email. Keep it simple.
  • Fewer labels makes it easier to determine which label to use when. Keeping to a smaller set of sensitivity labels makes it easier for your users to differentiate between data types. You want users to know when to use a confidential label and when to use a personal information label.
  • Fewer labels make for fewer errors. To maximize the effectiveness of your MIP implementation, you need to ensure a high percentage of your content is labeled correctly. Research shows that end-user sensitivity tagging has a misclassification rate of 30%. (This means that 30% of your content is not tagged with the appropriate label.) Having a small number of well-defined sensitivity labels will help you reduce this misclassification percentage.

You will also need to determine if you want a default sensitivity label (e.g. a label that is automatically applied to all new documents and emails). A default sensitivity label ensures all your content is tagged, but you’ll still need to educate users so they know why and when to use a label other than the default.

Additional tip:
User adoption and education are a vital part of your MIP strategy. To help you get started, Microsoft recently released a user adoption pack for MIP. The pack includes example email communications, PowerPoint training slides, etc. Check it out!

Have a Microsoft 365 question? Submit it online! Your question may be featured in a future podcast episode.

One comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s