Sensitivity Label for Office 365 Group and Microsoft Teams

Featured image

Sensitivity Label for Office 365 Group and Microsoft Teams

Microsoft recently added a new feature in sensitivity Label, using this feature we can classify the Office 365 Group, SharePoint Online site, and Microsoft Teams. Previously, we used Classification Label to classify the group or site with text but this sensitivity Label feature not only supports classification by text and it is also supporting privacy, guest access, and unmanaged device access for Office365 Groups, Teams and SharePoint Site.

How to create the sensitivity Label for Office365 Groups, Microsoft Teams and SharePoint Site.

We can create the Sensitivity labels from Office 365 Security and Compliance center. Go to Office 365 security and compliance ( → Classification → Sensitivity labels → Create label → Enable the Site and Group Settings.

Site and Groups Settings

Using this feature, we can control Site, Groups, and Teams with the following option

Note: This sensitivity label only controls the above features. It will not impact the store items in the Teams and SharePoint Site.

Enable and sync the Label in Office 365 Groups

Before going to apply the sensitivity label, we need to enable EnableMIPLabels in Set-AzureADDirectorySetting using AzureADPreview PowerShell module, refer the below PowerShell commands to enable sensitivity label in the tenant.

Import-Module AzureADPreview
$Setting = Get-AzureADDirectorySetting -Id (Get-AzureADDirectorySetting where -Property
DisplayName -Value “Group.Unified” -EQ).id
$Setting[“EnableMIPLabels”] = “True”
Set-AzureADDirectorySetting -Id $Setting.Id -DirectorySetting $Setting

After enable, the EnableMIPLabels in AzureAD module, we need to sync sensitivity label to office 365 Group using Execute-

AzureAdLabelSync commands, refer the below PowerShell commands.

$UserCredential . Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri ( -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session -DisableNameChecking

How to apply the Sensitivity label to Office 365 Group, Sites, and Teams

We can apply the sensitivity label when creating the Office 365 Groups, Sharepoint Sites, Microsoft Teams.

Office 365 Groups

Microsoft Teams

Sharepoint Site

How to change the sensitivity label in Office 365 Groups

Currently, there is no end-user setting to change the sensitivity label from Office365 Group settings, Microsoft Teams settings and Sharepoint site settings, but we can change sensitivity label from Azure AD portal → Groups → Select required Groups → Properties → change the label.

User Experience

For example, we created sensitivity label with following settings,


When we apply that sensitivity label during Team creation, it will automatically select privacy as private.

External user access

In this example, we disabled external access in the sensitivity label, so we got “We couldn’t find any matches”

Unmanaged devices

When we access that sensitivity label applied Teams or site from an unmanaged device, we will get the following error message.