Microsoft Purview · Information Protection
Sensitivity Label Administrator
Create and manage sensitivity labels and their policies for document classification and protection.
Scope: Organization-wide sensitivity label creation and management
Permissions
- Create and configure sensitivity labels
- Manage label policies and scoping
- Configure label encryption and marking settings
- Set up auto-labeling conditions
- Publish labels to users and groups
- Monitor label adoption and usage
Common use cases
- Implementing data classification framework
- Deploying labels for regulatory compliance (ITAR, CUI, PII)
- Enabling user-driven document protection
- Supporting information governance programs
Best practices
- Start with simple label taxonomy before adding complexity
- Use descriptive labels and tooltips for user guidance
- Test label policies with pilot groups first
- Enable default labeling to improve adoption
- Configure visual markings (headers/footers) for classified documents
- Monitor label usage and adjust policies based on adoption
- Coordinate labels with DLP policies for consistent protection
Security considerations
- Label misconfiguration can result in over or under-protection
- Encryption settings can prevent legitimate access if misconfigured
- Label changes affect existing classified documents
- Test thoroughly before broad deployment