Enable Sensitivity Labels

Sensitivity labels classify and protect workspaces when users create them through provisioning workflows. To use sensitivity labels in Syskit Point, complete the setup steps in both Microsoft and Syskit Point.

In Microsoft — complete these steps first:

• Sensitivity labels are created and published in the Microsoft Purview compliance portal
  • Learn how to create and configure sensitivity labels and their policies
• Sensitivity labels are enabled for containers — Microsoft Teams sites, Microsoft 365 groups, and SharePoint sites
  • Learn how to enable sensitivity labels for containers

warning

Please note!
Sensitivity label changes can take up to 24 hours to replicate across all apps and services.

In Syskit Point:

• A service account is connected to Syskit Point

The connected service account enables Syskit Point to:

• Collect existing sensitivity labels
• Apply sensitivity labels when creating new workspaces with provisioning workflows

Service Account Requirements

When preparing a service account for Syskit Point, consider the following requirements:

• Multifactor authentication can be enabled for the service account, but it isn't mandatory
• Service account password is set never to expire to avoid repetitious password re-entries in Syskit Point; learn how to set user's password never to expire here
• Sensitivity labels should be published to the service account; find more information on how to publish sensitivity labels here
• Service account should not have the Global Administrator role assigned
• The Global Administrator has to give consent on behalf of the organization for a certain user to be assigned to the service account
• Service account must have a Syskit Point admin role to provide custom templates for creating new workspaces
• No licenses are required for the service account

warning

Please note!
To successfully provision sensitivity labels onto newly created workspaces when using the Microsoft Authentication Flow method, only the service account can create all provisioning templates.

Learn more about how to set up multifactor authentication for Microsoft 365 by taking a look at this Microsoft article

Sensitive Files

warning

Please note!
For sensitive files to be detected and shown in Syskit Point reports, you need to configure this in the Settings of Syskit Point.

To enable sensitive files being shown in reports, go to Settings.

• Under General, navigate to the Sensitive Content section (1)
• Click the arrow (2) to open the selection box where you can check the box for the sensitivity labels you want included in sensitive files reports
  • Selecting sensitivity labels lets you appropriately tag content you consider sensitive
  • Content marked with this label is shown in reports that display sensitive content
• Click Save (3) to finalize your selection

Next Steps

To connect a service account in Syskit Point, please follow the instructions provided in this article.

Once the service account is connected to Syskit Point, you can specify a sensitivity label when creating provisioning templates.

To learn more about templates and available options while setting them up, open the following article.