Question about API agent

Daniel Herrera - ExperTech 20 Reputation points
2024-07-04T13:11:53.31+00:00

We are using the AIP agent to tag folders in the desktop version of onedrive or sharepoint, however we have two scenarios that I would like to confirm if there is a solution or if we are doing something wrong.

When the folder is labeled, if someone attaches a new document it will not have the label, is there a way to always add a new document with the label that was placed in the first time?

2.When it is labeled with "highly confidential" encryption, who is left with total permissions of the document is who labeled the folder decides who has permission, however to the folder had access to more people and could have forgotten someone, (when I read documentation of automatic labels that is another topic says that the last one who edits is who remains as leader, in this case who remains as leader is who decides who will have access when labeling) Is there any way to remain as leaders or people who can edit those who have access to the folder?

Microsoft Purview
Microsoft Purview
A Microsoft data governance service that helps manage and govern on-premises, multicloud, and software-as-a-service data. Previously known as Azure Purview.
1,119 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Claudia Dos Santos Haz (CONCENTRIX CORPORATION) 1,090 Reputation points Microsoft Vendor
    2024-07-04T15:13:52.07+00:00

    Hi @Daniel Herrera - ExperTech,

    Thank you for reaching out to Microsoft Q&A forum!

    Certainly! Let’s address your scenarios regarding Azure Information Protection (AIP) and folder labeling in SharePoint Online and OneDrive:

    Folder Labeling and New Documents:

    • When you label a folder using AIP, the label is typically applied to the folder itself, not individual files within it. As a result, new documents added to the folder won’t automatically inherit the label.
      • To ensure that new documents inherit the label from the folder, you can follow these steps: 
        - **Option 1**: Apply the label directly to the files within the folder instead of the folder itself. This way, any new documents added to the folder will automatically receive the same label.

      - **Option 2**: Use sensitivity labels in Office apps (such as Word, Excel, or PowerPoint) to apply labels to individual files. [These labels can be synchronized with SharePoint and OneDrive, ensuring consistent labeling across your documents](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/can-aip-be-used-for-onedrive-for-business-and-sharepoint-online/td-p/276672)[1](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/can-aip-be-used-for-onedrive-for-business-and-sharepoint-online/td-p/276672).

            - Keep in mind that directly protecting files with AIP may limit certain functionalities, such as co-authoring and search features. [Consider the trade-offs based on your organization’s needs](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/can-aip-be-used-for-onedrive-for-business-and-sharepoint-online/td-p/276672)[1](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/can-aip-be-used-for-onedrive-for-business-and-sharepoint-online/td-p/276672).

            **Permissions and Folder Labeling**:

               - When you label a folder with “highly confidential” encryption, the permissions are determined by the label settings and the user who applied the label.

                  - By default, the person who labeled the folder becomes the “owner” or “leader” of the labeled content. They have full control over permissions.

                     - However, if the folder had broader access (e.g., shared with multiple people) before labeling, you might need to review and adjust permissions manually.

                        - To address this:

                              - **Option 1**: Regularly review permissions on labeled folders to ensure they align with your intended access controls.

                                    - **Option 2**: Consider using sensitivity labels in Office apps to manage permissions more dynamically. [For example, you can set up automatic permissions based on label criteria (e.g., “highly confidential”)](https://video2.skills-academy.com/en-us/purview/sensitivity-labels-office-apps)[2](https://video2.skills-academy.com/en-us/purview/sensitivity-labels-office-apps).

                                          - Remember that AIP encryption doesn’t affect permissions directly; it’s the label settings that determine access rights.

    In summary, consider whether folder or file-level labeling best suits your needs, and periodically review permissions to maintain security and access control. If you have specific organizational requirements, consult with your IT or security team to tailor the solution accordingly.

  2. Daniel Herrera - ExperTech 20 Reputation points
    2024-07-04T15:29:01.94+00:00

    Thank you very much for your help, could you explain this to me, I can't understand it.

    ( Option 1: Apply the label directly to the files within the folder instead of the folder itself. This way, any new documents added to the folder will automatically receive the same label).

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.