Enable Sensitivity Labels

This article explains how to enable the usage of sensitivity labels within SysKit Point.

In order to use sensitivity labels when creating provisioning templates, the following requirements need to be met:
Sensitivity labels are created and published in Microsoft compliance center​
​Click here to learn how to create and configure sensitivity labels and their policies.​
Sensitivity labels are enabled for containers - Microsoft Teams sites, Microsoft 365 groups, and SharePoint sites
​Use this article to help you enable sensitivity labels for containers​
a service account is connected to SysKit Point
The connected service account enables SysKit Point to:
collect existing sensitivity labels
apply sensitivity labels when creating new workspaces with provisioning workflows
Please note!
The sensitivity label changes can take up to 24 hours to replicate to all apps and services.
Service Account Requirements
When preparing a service account for SysKit Point, consider the following requirements:
multifactor authentication can be enabled for the service account, but it isn't mandatory
service account password is set never to expire to avoid repetitious password re-entries in SysKit Point; learn how to set user's password never to expire here​
sensitivity labels should be published to the service account; find more information on how to publish sensitivity labels here​
service account should not have the Global Administrator role assigned
the Global Administrator has to give consent on behalf of the organization for a certain user to be assigned to the service account
service account must have a SysKit Point admin role to provide custom templates for creating new workspaces
no licenses are required for the service account
Please note!
To successfully provision sensitivity labels onto newly created workspaces when using the Microsoft Authentication Flow method, only the service account can create all provisioning templates.
Learn more about how to set up multifactor authentication for Microsoft 365 by taking a look at this Microsoft article​
Next Steps
To connect a service account in SysKit Point, please follow the instructions provided in this article.
Once the service account is connected to SysKit Point, you can specify a sensitivity label when creating provisioning templates.
To learn more about templates and available options while setting them up, open the following article.

Restrict Microsoft 365 Groups Creation

Last modified 2mo ago