Microsoft 365 Message Center Archive

MC934733 - Microsoft Purview | Insider Risk Management: Downgrade or remove sensitivity label

Message ID

MC934733

View in Message Center

Service

Microsoft Purview

Published

Nov 15, 2024

Tag

New feature
Admin impact

Roadmap ID

466742

View in M365 Roadmap

Platforms

Web

Summary

Microsoft Purview Insider Risk Management will soon update to capture sensitivity label changes on OneDrive, Azure Information Protection, and endpoints, not just SharePoint. Public Preview starts mid-November 2024, with General Availability in late January 2025. No action is required for this automatic update.

More information

Coming soon to Microsoft Purview Insider Risk Management (IRM): We have enhanced these existing Microsoft Office 365 indicators:

  • Downgrading sensitivity labels applied to SharePoint files
  • Removing sensitivity labels from SharePoint files

This message is associated with Microsoft 365 Roadmap ID 466742.

When this will happen:

Public Preview: We will begin rolling out mid-November 2024 and expect to complete by early December 2024.

General Availability (Worldwide): We will begin rolling out late January 2025 and expect to complete by early February 2025.

How this will affect your organization: Before this rollout, IRM only captures sensitivity label changes on the Microsoft SharePoint web app.

After this rollout, IRM will capture sensitivity label changes (downgrade or remove) when performed on Microsoft OneDrive, Microsoft Azure Information Protection, or endpoints (SharePoint files opened in an Office app or any sensitivity label change on the local files on a user's device). Also, we will rename the indicators:

  • Downgrading sensitivity labels applied to SharePoint files will become Downgrading sensitivity labels applied to files
  • Removing sensitivity labels from SharePoint files will become Removing sensitivity labels from files

In Activity explorer, events that occurred before this rollout for these indicators will continue to show Labels of sensitive files on SharePoint downgraded or Label of sensitive files removed on SharePoint. Events that occur after the rollout will be shown as Labels of sensitive files downgraded or Labels of sensitive files removed.

No action is needed to enable these features. This feature will be on by default.

The renamed indicators in the IRM policy wizard:

admin controls

Example of a new event for Downgrading sensitivity labels applied to files as shown in Activity explorer:

admin controls

What you need to do to prepare:

This rollout will happen automatically by the specified date with no admin action required before the rollout. Review your current configuration to determine the impact for your organization. You may want to notify your admins about this change and update any relevant documentation.

Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.