Tag:Sensitivity labels

Sensitivity labels in Microsoft 365, powered by Microsoft Purview, enable organisations to classify, protect and govern sensitive data across files, emails and collaboration workspaces. They can apply encryption, content markings and access controls, and extend to Microsoft Teams, SharePoint and Microsoft 365 Groups to reduce oversharing and support compliance.

How To Apply Container Sensitivity Labels at Scale in Microsoft 365

Posted on 16 May 2026by Nikki Chapple

Introduction: Oversharing Does Not Start With Files

How to apply sensitivity labels at scale to existing Microsoft 365 Groups, Microsoft Teams and SharePoint sites is one of the most common follow-up questions I receive when discussing container sensitivity labels.

If your environment only contains a small number of workspaces, applying labels manually is manageable.

However, most organisations operate at scale. Hundreds or even thousands of Microsoft 365 Groups, Microsoft Teams and SharePoint sites already exist.

This is where governance becomes inconsistent and risky.

In this post, I show how to:

✅ Analyse your existing environment
✅ Identify oversharing risk
✅ Apply container sensitivity labels at scale using PowerShell

The goal is not just automation.

It is to apply consistent, risk-based governance and reduce oversharing in Microsoft 365 and Copilot environments.

This approach ensures you can apply container sensitivity labels at scale across existing Microsoft 365 environments in a consistent and controlled way.

Container Sensitivity Labels: The Purview “Hack” That Fixes Copilot Oversharing Fast

Posted on 16 May 2026Updated on 16 May 2026by Nikki Chapple

Introduction: Oversharing Starts Before a Single File Exists

Copilot oversharing is one of the most misunderstood risks in Microsoft 365. In reality, it often starts before a single file is uploaded.

It begins when Microsoft Teams, SharePoint sites, and Microsoft 365 Groups are created using generic tenant-wide defaults.

In an AI-enabled world, those overly permissive defaults become significantly more dangerous because Microsoft 365 Copilot operates within existing permissions.

Copilot does not create access.

It reveals it.

How to Configure Container Sensitivity Labels in Microsoft Purview (Step-by-Step)

Posted on 15 May 2026Updated on 16 May 2026by Nikki Chapple

Microsoft Purview container sensitivity labels allow organisations to apply consistent, risk-based collaboration and access controls across Microsoft Teams, Microsoft 365 Groups, and SharePoint sites without relying on manual decisions at the point of creation.

Instead of users or administrators deciding security settings each time a workspace is created, container sensitivity labels enforce governance automatically based on collaboration risk.

This is one of the most effective ways to reduce Microsoft 365 Copilot oversharing risk because Copilot surfaces only what users already have access to.

If access controls are overly broad, AI exposure becomes overly broad.

This guide focuses specifically on implementation:

✅ How to configure Microsoft Purview container sensitivity labels
✅ How to apply risk-based collaboration controls
✅ How to govern guest access and sharing consistently
✅ How to integrate with Microsoft Entra Conditional Access
✅ How to operationalise secure-by-default collaboration governance

How to use sensitivity labels with your PDF files

Posted on 18 December 2022Updated on 22 December 2022by Nikki Chapple

Did you know you can now label your PDF files with the same sensitivity labels you use with your Word, PowerPoint and Excel files?

Using Microsoft Purview sensitivity labels, you can add a visible classification label, protect your PDF files with encryption and add visible marking such as headers, footers and watermarks. Your PDF file now respects any Data loss Prevention policies, such as blocking external sharing of confidential data.