Sensitivity labeling: A new layer of security for Microsoft Teams Premium meetings

Nov 16, 2023   |  

Sensitivity Labels for Microsoft Teams Premium meetings ensure employees stay protected and organizational data stays secure.

Microsoft Digital storiesMicrosoft Teams is where collaboration and connection happen. The wide array of digital artifacts that come from our employees’ day-to-day meetings—things like recordings, transcripts, and shared documents—need the same level of enterprise protection as the rest of our organization’s proprietary material.

Self-service sensitivity labels give Microsoft Digital (MSD), the organization that supports, protects, and empowers our company, the power to enforce policies proactively and keep shared workspaces safe. With the recent launch of Microsoft Teams Premium, we’re extending that power to meetings.

We have a lot of data that gets generated within the Microsoft environment. There are different levels of security in terms of how much you can share across the organization or even externally with partners and guests, and we need a rationale for how that data can be shared.

—Sanjay Ramaswamy, principal program manager, Microsoft Teams product protections

[Discover transforming Microsoft with Microsoft Teams: Collaborating seamlessly, teaming up fearlessly. Explore advancing your meetings with the Microsoft Teams Meeting Guide. Unpack crafting a new hybrid meeting room experience at Microsoft with Microsoft Teams.]

Self-service labels, proactive protection

Empowering self-service sensitivity labels helps every employee create the resources they need without engaging IT. To support this level of freedom, we rely on a strong governance strategy that identifies and protects valuable content. As a result, our employees can create the containers and content they need to stay productive while keeping our organization’s data safe.

Without labeling, you’re forced into a one-size-fits-all model for your tenant. With that arrangement, your default is going to be either very restrictive or too open, either of which is a problem.

—David Johnson, tenant governance and compliance architect, MSD

“We have a lot of data that gets generated within the Microsoft environment,” says Sanjay Ramaswamy, principal program manager for Microsoft Teams product protections. “There are different levels of security in terms of how much you can share across the organization or even externally with partners and guests, and we need a rationale for how that data can be shared.”

 

From left to right, Ramaswamy, Johnson, and Jensen pose for pictures assembled into a collage.
Sanjay Ramaswamy, David Johnson, and Chanda Jensen are part of the team implementing Microsoft Teams Premium sensitivity labels at Microsoft.

A proper labeling schema enables actionable policies around the access level and shareability of enterprise data. And now that we’re increasingly infusing AI into our work, clear labeling and policies are even more important for ensuring digital assistants stay compliant.

“Without labeling, you’re forced into a one-size-fits-all model for your tenant,” says David Johnson, tenant governance and compliance architect for MSD. “With that arrangement, your default is going to be either very restrictive or too open, either of which is a problem.”

Microsoft Digital Security and Resilience (DSR) and MSD developed our internal system of sensitivity labels for classifying objects and containers. The labels provide clearly delineated governance, and they’re simple for users to understand:

  • Highly confidential: The most critical data for Microsoft: We only share it with specifically designated recipients.
  • Confidential: Sensitive business data crucial to achieving our goals. Distribution of this data is limited—it must not be shared broadly within the company.
  • General: Business data that is not meant for public consumption. Data that can be shared internally throughout our organization.
  • Public: Unrestricted data meant for open consumption, like publicly released source code and announced financials: We share these freely inside and outside Microsoft.

Self-service labels in Microsoft Teams Premium

Microsoft Teams meetings add a whole new dimension to the labeling conversation.

“A lot of things happen in meetings today: Documents, recordings, and transcripts get shared, and there’s a meeting chat that continues to go on after the call is over,” Ramaswamy says. “So you can imagine that there’s a pretty vast surface area where data can be leaked out of control.”

When labels extend to meetings, different considerations come into play beyond just access and shareability. There are implications for the meeting experience itself. Who should wait in the lobby? What do the different classifications mean for calendar invites? Who can copy and paste text from the chat?

The user is front and center in this whole journey. We want to give people and organizations choice, but we also want to make it intuitive for them to navigate so we don’t introduce a new burden.

—Sanjay Ramaswamy, principal program manager, Microsoft Teams product protections

Microsoft Teams Premium brings sensitivity labels and policies together with configurable meeting features. Depending on how an organization configures its labels, Teams Premium applies a templatized set of designated meeting options designed to enhance security and compliance.

Those options include:

  • Who needs to wait in the meeting lobby
  • Who needs to ask to join the meeting
  • Calendar labels, for example, “Do not forward”
  • Enforcing automatic recording
  • Restricted copying and pasting from the meeting chat
  • Advanced encryption control for audio-video streams
  • Watermarking on live content and video
A Microsoft Teams Premium meeting information display, including end-to-end encryption.
Organizations can configure policies that align with their sensitivity labels and activate features like watermarking and end-to-end encryption.

“The user is front and center in this whole journey,” Ramaswamy says. “We want to give people and organizations choice, but we also want to make it intuitive for them to navigate so we don’t introduce a new burden.”

The product itself guides the users. You can select from a dropdown of parent and child labels, hover over a label to get more information about what they mean, click on ‘learn more’ to access support documentation, and go into the meeting options pane for a full view of a label’s effects.

—Chanda Jensen, senior product manager, MSD

It’s helpful that these decisions happen within employees’ existing workflows. Applying self-service sensitivity labels takes place wherever users create their meetings, whether that’s the Microsoft Teams Premium or Outlook clients or the web apps for either tool.

It’s also important that the labels are informative, without loading the users with too much information—or most people would simply opt out. The label selection process helps inform users about the implications of their labels through a streamlined UX flow.

“The product itself guides the users,” says Chanda Jensen, senior product manager with MSD. “You can select from a dropdown of parent and child labels, hover over a label to get more information about what they mean, click on ‘learn more’ to access support documentation, and go into the meeting options pane for a full view of a label’s effects.”

We also realize that most organizations have entire teams of security and technical professionals who manage their data protection policies. To accommodate institutional oversight, Microsoft Teams Premium allows default settings for an organization’s entire tenant or individual lines of business. They can also lock those defaults so individual employees don’t violate confidentiality policies.

That’s especially useful when different groups have different meeting privacy requirements. For example, customer-success professionals or salespeople who frequently deal with external meeting attendees might default to a more open label. Meanwhile, finance, legal, or R&D employees would probably establish a highly confidential baseline.

The central value is that organizations can configure the tool as they see fit.

We’re still experimenting with where features within certain labels fit for our tenant. We’re starting out with what feels comfortable at first, and then we’ll slowly evolve to a V2 of our sensitivity label rollout.

—Chanda Jensen, senior product manager, MSD

“You get to decide your label hierarchy, but the core principle is that you want commonality and consistency,” Johnson says. “You don’t want meeting labels to have a completely different term set.”

Customer Zero for Microsoft Teams Premium

Internally implementing Microsoft Teams Premium and self-serve sensitivity labels for meetings has provided us with plenty of lessons for driving adoption. Our internal communications team has been taking advantage of Microsoft Viva Engage, community comms blasts, and various employee forums across the organization. Our internal technical documentation site also contains plenty of material to support employees as they adopt the new workflow.

To lay the groundwork, we’ve been training our employees on our overall labeling hierarchy as part of our business fundamentals. Together, these adoption efforts mean our Microsoft Teams Premium implementation contains a mix of training, engagement, accountability, and testing.

“We’re still experimenting with where features within certain labels fit for our tenant,” Jensen says. “We’re starting out with what feels comfortable at first, and then we’ll slowly evolve to a V2 of our sensitivity label rollout.”

Between the growing awareness of sensitivity labels, well-established adoption practices, and a slow-and-steady approach to experimentation and implementation, our internal adoption of Microsoft Teams Premium is providing a firm foundation for our customers. Every lesson we learn gets incorporated into our public-facing guidance.

“Part of being customer zero is giving effective product feedback on what works and what doesn’t on a product that’s brand new for teams,” Johnson says. “Is this useful? Is it going to break things? Is it suitable for the right teams?”

By answering those questions internally, we ensure sensitivity labels in Microsoft Teams Premium can help secure our customers’ day-to-day meetings and enable greater collaboration.

Key Takeaways
Here are some tips for getting started with labeling in Microsoft Teams Premium:

  • See if Microsoft Teams Premium is a fit for your organization with a free trial.
  • Think about what makes sense to your employees and what your organization needs, then build your labeling schema around that.
  • Think about how your existing container and object labels will adapt to how meetings work because meetings differ from other types of objects.
  • Experiment with sensitivity labeling through a small group of early champions, then roll these features out alongside an adoption and education initiative.
  • Keep labels minimal to avoid overtaxing your employees’ understanding.

Try it out

Try Microsoft Teams Premium and see how its extra protection for your meetings and organizational data works for you.

Related links

We'd like to hear from you!
Want more information? Email us and include a link to this story and we’ll get back to you.

Please share your feedback with us—take our survey and let us know what kind of content is most useful to you.

Tags: , ,