Should you use a default label with Microsoft Information Protection (MIP)?

We took another deep-dive into MIP on Episode 46 of the Microsoft 365 Voice. This episode focuses on the importance of defining your label strategy, including the use of a default label. Here are a few of the topics Antonio, Mike, and I covered in the episode:

  • Plan your Compliance strategy up-front. Determine who needs to be involved in your Compliance strategy and carefully consider what labels you will use. Changing your sensitivity labels mid-stream can have dire effects on both your users and the veracity of your information protection program. Taking extra time to plan your strategy up-front will serve you best in the long run.
  • If you’re requiring sensitivity labels, you should set a default label. If you don’t, your users will hit a speedbump each time they try to save a file or send an email. Having a default label applied automatically will fulfill the requirement for a label, streamlining the employee technology experience. And as Antonio mentions in the episode, companies that have rolled out required labels without a default label have run into mechanical issues with file syncing, etc.
  • Can you have more than one default label in a single tenant? As Antonio explains, you can set up a default label for each of your sensitivity label policies. Depending on your information protection needs, you may want (or need) several policies. You can set up different policies for different users in your organization (giving users in Group A a different default label than users in Group B, for example). You cannot set up different policies based on type of content (e.g. emails vs. files).
  • Setting up different default labels for different departments can be a slippery slope. Too many exceptions and differences in the rules can fracture your users’ understanding of how MIP works. And as employees change roles or department reorgs occur, you’ll be in a never-ending swirl of moving users between policies and re-educating users on what their default label is.
  • Consider label exceptions carefully. To be effective, your information protection strategy needs to reach all your users. Granting exceptions that exclude some users in your organization from having to apply labels can erode your security posture and effectiveness.

Have a Microsoft 365 question? Submit it online! Your question may be featured in a future podcast episode.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s