{"id":13935,"date":"2024-04-03T16:02:52","date_gmt":"2024-04-03T23:02:52","guid":{"rendered":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/?p=13935"},"modified":"2025-12-10T11:14:15","modified_gmt":"2025-12-10T19:14:15","slug":"empowering-employee-self-service-with-guardrails-how-were-using-sensitivity-labels-to-make-microsoft-more-secure","status":"publish","type":"post","link":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/empowering-employee-self-service-with-guardrails-how-were-using-sensitivity-labels-to-make-microsoft-more-secure\/","title":{"rendered":"Empowering employee self-service with guardrails: How we\u2019re using sensitivity labels to make Microsoft more secure"},"content":{"rendered":"<p>At Microsoft, empowering our employees to do their best work means trusting them with self-determination. But to do that safely, we need clear data loss prevention systems in place.<\/p>\n<p>We describe it as self-service with guardrails.<\/p>\n<p>Giving employees that level of freedom relies on a robust governance strategy across our data estate that features employee-facing sensitivity labels for Microsoft 365 groups, SharePoint sites, Microsoft Teams, Viva Engage communities, and any other workspace or file employees create and use. The result of good governance is that employees can confidently take action in a self-service environment without the risk of revealing sensitive information.<\/p>\n<p>If you\u2019re considering updating your organization\u2019s governance strategy, our work in this space can be a roadmap for your journey.<\/p>\n<p><em>[<\/em><a href=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/sensitivity-labeling-a-new-layer-of-security-for-microsoft-teams-premium-meetings\/?OCID=InsideTrack_Search\"><em>Learn how we\u2019re using sensitivity labeling to secure our meetings in Microsoft Teams Premium<\/em><\/a><em>. <\/em><a href=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/microsoft-creates-self-service-sensitivity-labels-in-microsoft-365\/?OCID=InsideTrack_Search\"><em>Find out how we use self-service sensitivity labels in Microsoft 365<\/em><\/a><em>. <\/em><a href=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/getting-the-most-out-of-generative-ai-at-microsoft-with-good-governance\/?OCID=InsideTrack_Search\"><em>Check out how we\u2019re getting the most out of generative AI at Microsoft with good Governance<\/em><\/a><em>.] <\/em><\/p>\n<blockquote class=\"quote-body\"><p>We had to really step back and think about data delineation in a way that\u2019s meaningful to the business and our employees. Labeling provides a way for us to impose policies onto objects and containers to prevent or contain any oversharing of sensitive content.<\/p>\n<p class=\"source\">\u2014 David Johnson, principal PM architect, Microsoft Digital<\/p>\n<\/blockquote>\n<h2><strong>What\u2019s at stake: The importance of getting self-service right<\/strong><\/h2>\n<p>To operate according to zero trust principles, we need a coherent system that lets us see, label, and protect data. Otherwise, the burden of data loss prevention falls solely on employees, who would have to exercise individual discretion whenever they\u2019re deciding how to house and share potentially sensitive content.<\/p>\n<p>That\u2019s a heavy burden to put on people every time they deal with working files.<\/p>\n<p>\u201cWe had to really step back and think about data delineation in a way that\u2019s meaningful to the business and our employees,\u201d says David Johnson, principal PM architect for Microsoft Digital (MSD), the company\u2019s IT organization. \u201cLabeling provides a way for us to impose policies onto objects and containers to prevent or contain any oversharing of sensitive content.\u201d<\/p>\n<p>Aside from protecting internal content, customer data, and proprietary information, the principal risk is introducing vulnerability into our data estate by leaving access credentials out in the open. For example, internal documentation might include intellectual property, like source code.<\/p>\n<p>\u201cWe have a lot of security investments in protecting our data centers and sources because they\u2019re where our most sensitive information lives, and credentials are a big part of accessing them,\u201d says Maithili Dandige, partner group product manager with Microsoft Security and Compliance.<\/p>\n<p>If malicious actors can access those credentials or other sensitive information, they can do a lot of damage. Properly classifying, labeling, and protecting files and containers is the best way to ensure sensitive information and credentials don\u2019t get compromised.<\/p>\n<h2>User-centric sensitivity labels<\/h2>\n<p>Our IT professionals within MSD\u2014the organization that supports, protects, and empowers the company through technology\u2014collaborated with a cross-disciplinary team to get our governance structures right.<\/p>\n<p>\u201cWe spent a massive amount of time with the oversight committee,\u201d says Faye Harold, principal program manager for information protection services within Microsoft Security and Risk. \u201cThat involved our legal team, HR, security, and MSD to define what each label meant.\u201d<\/p>\n<p>It\u2019s important to strike a balance between the depth necessary for supporting an array of data governance controls and the simplicity to ensure labeling isn\u2019t burdensome for users.<\/p>\n<p>At Microsoft, we use four labels for container and file classification:<\/p>\n<ul class=\"c-list\">\n<li><strong>Highly confidential<\/strong>: We only share Microsoft\u2019s most critical data with named recipients.<\/li>\n<li><strong>Confidential<\/strong>: Any items crucial to achieving Microsoft\u2019s goals feature limited distribution on a need-to-know basis.<\/li>\n<li><strong>General<\/strong>: Daily work like personal settings and postal codes can be shared internally throughout Microsoft.<\/li>\n<li><strong>Public<\/strong>: We share unrestricted data meant for public consumption freely. That includes information like publicly released source code and openly announced financials.<\/li>\n<\/ul>\n<blockquote class=\"quote-body\"><p>The way to approach sensitivity labeling is to ask what problem it solves. Labeling dictates the automated controls you apply to certain items, like encryption, watermarking, or whether employees can share an item with someone outside our organization.<\/p>\n<p class=\"source\">\u2014 Maithili Dandige, partner group product manager, Microsoft Security and Compliance<\/p>\n<\/blockquote>\n<p>The administrators responsible for workspaces like SharePoint sites set default labels. That serves as a foundation for appropriate access and circulation for objects within those containers. It takes the burden of labeling off employees.<\/p>\n<p>\u201cThe way to approach sensitivity labeling is to ask what problem it solves,\u201d Dandige says. \u201cLabeling dictates the automated controls you apply to certain items, like encryption, watermarking, or whether employees can share an item with someone outside our organization.\u201d<\/p>\n<p>The sensitivity labels users and admins apply map to several different categories of policies that anticipate and mitigate data loss and risk. They communicate four key areas:<\/p>\n<ul class=\"c-list\">\n<li><strong>Privacy level<\/strong>. Labels determine whether the workspace is broadly available internally or is a private site.<\/li>\n<li><strong>External permissions<\/strong>. Guest allowance is administered via the group\u2019s classification, allowing specified partners to access teams when appropriate.<\/li>\n<li><strong>Sharing guidelines<\/strong>. We tie important governance policies to the container\u2019s label. For example, can an employee share this workspace outside of Microsoft? Is this group limited to a specific division or team? Is it restricted to specific people? The label establishes these rules.<\/li>\n<li><strong>Conditional access<\/strong>. While not implemented at Microsoft, tying identity and device verification to container labels introduces additional governance controls.<\/li>\n<\/ul>\n<p>Within MSD, we\u2019ve put a lot of thought into how each of our labels aligns with relevant policies. For example, when a container receives the default label of \u201cConfidential,\u201d guest membership and sharing are disabled. That provides rights protection for the file, even if it leaves the SharePoint site where the employee created it. You can see more of the logic behind our sensitivity labels and their policies below.<\/p>\n<figure id=\"attachment_13962\" aria-describedby=\"caption-attachment-13962\" style=\"width: 1395px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-13962 size-full\" src=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2024\/04\/10591-How-our-transformed-approach-to-Microsoft-365-Graphic-v2.jpg\" alt=\"A graphic revealing Microsoft\u2019s sensitivity labels and how they relate to various information protection protocols.\" width=\"1395\" height=\"1227\" srcset=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2024\/04\/10591-How-our-transformed-approach-to-Microsoft-365-Graphic-v2.jpg 1395w, https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2024\/04\/10591-How-our-transformed-approach-to-Microsoft-365-Graphic-v2-300x264.jpg 300w, https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2024\/04\/10591-How-our-transformed-approach-to-Microsoft-365-Graphic-v2-1024x901.jpg 1024w, https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2024\/04\/10591-How-our-transformed-approach-to-Microsoft-365-Graphic-v2-768x676.jpg 768w, https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2024\/04\/10591-How-our-transformed-approach-to-Microsoft-365-Graphic-v2-1228x1080.jpg 1228w\" sizes=\"auto, (max-width: 1395px) 100vw, 1395px\" \/><figcaption id=\"caption-attachment-13962\" class=\"wp-caption-text\">This chart shares the logic behind the different policies at work, all prompted by our different sensitivity labels within Microsoft 365.<\/figcaption><\/figure>\n<p>If a container owner needs different policies for a set of files to provide greater external access, they can self-service new groups without accidentally violating our governance practices.<\/p>\n<p><a href=\"https:\/\/azure.microsoft.com\/en-us\/products\/purview\" target=\"_blank\" rel=\"noopener\">Microsoft Purview<\/a>, our suite of data estate management tools, is central to these governance efforts. It accomplishes three sets of tasks: mapping our labeling structure onto the relevant policies, verifying them against our standards, and backstopping self-service data loss prevention practices through automation.<\/p>\n<p>Automation is particularly useful. We\u2019ve configured <a href=\"https:\/\/cm-edgetun.pages.dev\/en-us\/security\/business\/solutions\/information-protection\" target=\"_blank\" rel=\"noopener\">Microsoft Purview Information Protection<\/a> to scan automatically for wayward credentials, malicious user behaviors, and other sensitive information in items without the proper protections. When Purview detects a violation, our governance team receives alerts that prompt them to contain the risk by upgrading an item\u2019s sensitivity label or requiring employees to remedy the issue.<\/p>\n<p>The result is a system that allows flexibility for employees to self-manage their digital workspaces while providing guardrails that help our governance experts take appropriate actions without overtaxing their time and resources.<\/p>\n<h2>A blueprint for effective data governance<\/h2>\n<p>So how can you start your own governance journey? Many of the lessons we\u2019ve learned will be adaptable across different business settings.<\/p>\n<p>Your labeling, policies, and overall governance strategy won\u2019t be identical to ours. But by putting thought into your organization\u2019s unique needs and the problems you\u2019re trying to solve, the labeling features of Microsoft 365 and the data governance capabilities provided by Microsoft Purview will have most of the tools you need without having to build solutions from scratch.<\/p>\n<blockquote class=\"quote-body\"><p>Break things down into where your data is as an overall estate, how it\u2019s currently protected, and the most precious data that\u2019s unprotected. Then you can form a plan.<\/p>\n<p class=\"source\">\u2014 Faye Harold, principal program manager for information protection services, Microsoft Security and Risk<\/p>\n<\/blockquote>\n<p>Start by getting a firm grasp on the condition of your data estate.<\/p>\n<p>\u201cBreak things down into where your data is as an overall estate, how it\u2019s currently protected, and the most precious data that\u2019s unprotected,\u201d Harold says. \u201cThen you can form a plan.\u201d<\/p>\n<p>After you have a solid overview of your data estate, you can apply a concerted strategy to labeling and governance. Here\u2019s a ten-step blueprint to consider for structuring your efforts.<\/p>\n<h3>Ten steps for getting tenant data governance right<\/h3>\n<p>We think you might find it easier to label your containers before you start thinking about how to label emails and files or think about auto-labeling.<\/p>\n<table style=\"max-width: 100%; padding: 10px; top-margin: 20px; vertical-align: top;\">\n<tbody>\n<tr>\n<td style=\"margin-top: 10;\"><img loading=\"lazy\" decoding=\"async\" width=\"50\" height=\"50\" class=\"size-full wp-image-13384 alignleft\" style=\"margin-top: 0px; margin-right: 0px; max-width: 50px;\" src=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2024\/02\/1-icon-50x50-1.png\" alt=\"1.\" \/><\/td>\n<td style=\"padding: 10px;\">Give employees the ability to create new workspaces across your Microsoft 365 applications. By maintaining all data on a unified Microsoft 365 tenant, you ensure that your governance strategy applies to any new workspaces.<\/td>\n<td style=\"top; margin-top: 10;\"><img loading=\"lazy\" decoding=\"async\" width=\"50\" height=\"50\" class=\"size-full wp-image-13403 alignleft\" style=\"margin-top: 0px; margin-right: 0px; max-width: 50px;\" src=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2024\/02\/2-icon-50x50-1.png\" alt=\"2\" \/><\/td>\n<td style=\"padding: 10px;\">Limit your taxonomy to a maximum of five parent labels and five sub-labels. That way, employees won\u2019t feel overwhelmed by the volume of different options.<\/td>\n<\/tr>\n<tr>\n<td style=\"margin-top: 10;\"><img loading=\"lazy\" decoding=\"async\" width=\"50\" height=\"50\" class=\"size-full wp-image-13405 alignleft\" style=\"margin-top: 0px; margin-right: 0px; max-width: 50px;\" src=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2024\/02\/3-icon-50x50-1.png\" alt=\"3\" \/><\/td>\n<td style=\"padding: 10px;\">Make your labels simple and legible. For example, a \u201cBusiness-critical\u201d label might imply confidentiality, but every employee\u2019s work feels critical to them. On the other hand, there\u2019s very little doubt about what \u201cHighly confidential\u201d or \u201cPublic\u201d mean.<\/td>\n<td style=\"margin-top: 10;\"><img loading=\"lazy\" decoding=\"async\" width=\"50\" height=\"50\" class=\"size-full wp-image-13406 alignleft\" style=\"margin-top: 0px; margin-right: 0px; max-width: 50px;\" src=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2024\/02\/4-icon-50x50-1.png\" alt=\"4\" \/><\/td>\n<td style=\"padding: 10px;\">Label your data containers for segmentation to ensure your data isn\u2019t overexposed by default. Consider setting your container label defaults to the \u201cPrivate: no guests\u201d setting.<\/td>\n<\/tr>\n<tr>\n<td style=\"margin-top: 10;\"><img loading=\"lazy\" decoding=\"async\" width=\"50\" height=\"50\" class=\"size-full wp-image-13407 alignleft\" style=\"margin-top: 0px; margin-right: 0px; max-width: 50px;\" src=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2024\/02\/5-icon-50x50-1.png\" alt=\"5\" \/><\/td>\n<td style=\"padding: 10px;\">Derive file labels from their parent container labels. That consistency boosts security at multiple levels and ensures that deviations from the default are exceptions, not the norm.<\/td>\n<td style=\"margin-top: 10;\"><img loading=\"lazy\" decoding=\"async\" width=\"50\" height=\"50\" class=\"wp-image-13447 size-full alignleft\" style=\"margin-top: 0px; margin-right: 0px; max-width: 50px;\" src=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2024\/02\/6-icon-50x50-1.png\" alt=\"6\" \/><\/td>\n<td style=\"padding: 10px;\">Train your employees to handle and label sensitive data to increase accuracy and ensure they recognize labeling cues across your productivity suite.<\/td>\n<\/tr>\n<tr>\n<td style=\"margin-top: 10;\"><img loading=\"lazy\" decoding=\"async\" width=\"50\" height=\"50\" class=\"size-full wp-image-13448 alignleft\" style=\"margin-top: 0px; margin-right: 0px; max-width: 50px;\" src=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2024\/02\/7-icon-50x50-1.png\" alt=\"7\" \/><\/td>\n<td style=\"padding: 10px;\">Trust your employees to apply sensitivity labels, but also verify them. Check against data loss prevention standards and use auto-labeling and quarantining through Microsoft Purview automation.<\/td>\n<td style=\"margin-top: 10;\"><img loading=\"lazy\" decoding=\"async\" width=\"50\" height=\"50\" class=\"size-full wp-image-13950 alignleft\" style=\"margin-top: 0px; margin-right: 0px; max-width: 50px;\" src=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2024\/04\/8-icon-50x50-1.png\" alt=\"8\" \/><\/td>\n<td style=\"padding: 10px;\">Use strong lifecycle management policies that require employees to attest containers, creating a chain of accountability.<\/td>\n<\/tr>\n<tr>\n<td style=\"margin-top: 10;\"><img loading=\"lazy\" decoding=\"async\" width=\"50\" height=\"50\" class=\"size-full wp-image-13951 alignleft\" style=\"margin-top: 0px; margin-right: 0px; max-width: 50px;\" src=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2024\/04\/9-icon-50x50-1.png\" alt=\"9\" \/><\/td>\n<td style=\"padding: 10px;\">Limit oversharing at the source by enabling company-shareable links rather than forcing employees to add large groups for access. For highly confidential items, limit sharing to employees on a \u201cneed-to-know\u201d basis.<\/td>\n<td style=\"margin-top: 10;\"><img loading=\"lazy\" decoding=\"async\" width=\"50\" height=\"50\" class=\"size-full wp-image-13978 alignleft\" style=\"margin-top: 0px; margin-right: 0px; max-width: 50px;\" src=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2024\/04\/10-icon-50x50-1.png\" alt=\"\" \/><\/td>\n<td style=\"padding: 10px;\">Use <a href=\"https:\/\/learn.microsoft.com\/en-us\/graph\/data-connect-concept-overview\" target=\"_blank\" rel=\"noopener\">Microsoft Graph Data Connect<\/a> extraction in conjunction with Microsoft Purview to catch and report oversharing after the fact. When you find irregularities, contain the vulnerability or require the responsible party to repair it themselves.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Overall, it\u2019s important to be thoughtful about your governance strategy at each stage of this process. For a deeper dive into how we tackled these challenges and inspiration for your own initiatives, review our <a href=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/microsoft-creates-self-service-sensitivity-labels-in-microsoft-365\/\">technical overview<\/a> of Microsoft\u2019s self-service sensitivity labeling efforts.<\/p>\n<figure id=\"attachment_13957\" aria-describedby=\"caption-attachment-13957\" style=\"width: 591px\" class=\"wp-caption alignright\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-13957 size-full\" src=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2024\/04\/10591-How-our-transformed-approach-to-Microsoft-365-blog-SME.png\" alt=\"Johnson, Harold, and Dandige pose for pictures that have been assembled into a collage.\" width=\"591\" height=\"259\" srcset=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2024\/04\/10591-How-our-transformed-approach-to-Microsoft-365-blog-SME.png 591w, https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2024\/04\/10591-How-our-transformed-approach-to-Microsoft-365-blog-SME-300x131.png 300w\" sizes=\"auto, (max-width: 591px) 100vw, 591px\" \/><figcaption id=\"caption-attachment-13957\" class=\"wp-caption-text\">David Johnson, Faye Harold, and Maithili Dandige helped us establish and implement our sensitivity labeling strategy internally here at Microsoft.<\/figcaption><\/figure>\n<h2>Extending governance throughout our productivity suite<\/h2>\n<p>Since we implemented our governance strategy and sensitivity labeling taxonomy, we\u2019ve extended it internally throughout our Microsoft 365 productivity suite to solidify data protection across several different scenarios. Each one showcases a way that a unified data estate with consistent governance empowers employees and unlocks new technologies as it keeps our company\u2019s data safe.<\/p>\n<ul class=\"c-list\">\n<li>Proper governance and labeling ensure that <a href=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/deploying-copilot-for-microsoft-365-internally-at-microsoft\/\">Copilot for Microsoft 365<\/a> stays within bounds when sourcing information in support of employee productivity.<\/li>\n<li>Since the widespread emergence of <a href=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/getting-the-most-out-of-generative-ai-at-microsoft-with-good-governance\/\">generative AI<\/a> and the application of these technologies across Microsoft, good governance is helping us get the benefits of this technology without risking overexposure through an information free-for-all.<\/li>\n<li>We\u2019ve added a new layer of security to <a href=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/sensitivity-labeling-a-new-layer-of-security-for-microsoft-teams-premium-meetings\/\">Microsoft Teams Premium meetings<\/a> that activates specific configurations based on a meeting\u2019s level of sensitivity.<\/li>\n<li><a href=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/empowering-employees-after-the-call-enabling-and-securing-microsoft-teams-meeting-data-retention-at-microsoft\/\">Our Microsoft Teams meeting data<\/a> is now subject to robust retention rules determined by the labels we apply, with implications for recordings, transcriptions, and intelligent recaps via Copilot.<\/li>\n<\/ul>\n<p>These are just a few examples of how sensitivity labels paired with effective data governance are unlocking new capabilities across the Microsoft 365 suite, and our journey continues. By taking steps to apply good governance to your own data estate and building an effective labeling strategy, you can enable self-service for your employees and empower self-determination while maintaining security and minimizing risk.<\/p>\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"74\" class=\"wp-image-7448\" style=\"width: 300px;\" src=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2021\/10\/key-takeaways.png\" alt=\"Key Takeaways\" srcset=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2021\/10\/key-takeaways.png 500w, https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2021\/10\/key-takeaways-300x74.png 300w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/figure>\n<p>Here are some tips for getting started with labeling at your company:<\/p>\n<ul class=\"c-list\">\n<li>Assemble an oversight committee: Bring in professionals from all relevant disciplines, including HR, legal, security, IT, and anyone else who can share relevant expertise.<\/li>\n<li>Make a plan: Be intentional about addressing your unique needs around control and governance.<\/li>\n<li>Self-service requires accountability: Set up systems like attestation, site permissions reports, and guest access reviews that trace back to employees.<\/li>\n<li>People tend to take the easiest path: Make the IT-preferred path the best and easiest so that it doesn\u2019t erect roadblocks.<\/li>\n<li>Educate employees: Support your labeling implementation by making sure users know how and when to share files.<\/li>\n<li>Encourage focused sites: Site owners don\u2019t always have adequate knowledge of what they host.<\/li>\n<li>Make it simple: Ensure the system you develop makes sense to employees in the easiest possible terms.<\/li>\n<\/ul>\n<figure class=\"wp-block-image size-medium is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"360\" height=\"82\" class=\"wp-image-11919\" style=\"width: 360px;\" src=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2023\/07\/OKR_Try_it_out-300x68.png\" alt=\"Try it out\" srcset=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2023\/07\/OKR_Try_it_out-300x68.png 300w, https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2023\/07\/OKR_Try_it_out-1024x234.png 1024w, https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2023\/07\/OKR_Try_it_out-768x175.png 768w, https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2023\/07\/OKR_Try_it_out.png 1319w\" sizes=\"auto, (max-width: 360px) 100vw, 360px\" \/><\/figure>\n<p><a href=\"https:\/\/learn.microsoft.com\/en-us\/purview\/concept-best-practices-sensitivity-labels?OCID=InsideTrack_Product_10591\" target=\"_blank\" rel=\"noopener\">Get started with labeling at your company.<\/a><\/p>\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"81\" class=\"wp-image-7482\" style=\"width: 300px;\" src=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2021\/10\/related_links.png\" alt=\"Related links\" srcset=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2021\/10\/related_links.png 500w, https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2021\/10\/related_links-300x81.png 300w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/figure>\n<ul class=\"c-list\">\n<li><a href=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/sensitivity-labeling-a-new-layer-of-security-for-microsoft-teams-premium-meetings\/?OCID=InsideTrack_Search\">Learn how we\u2019re using sensitivity labeling to secure our meetings in Microsoft Teams Premium<\/a>.<\/li>\n<li><a href=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/microsoft-creates-self-service-sensitivity-labels-in-microsoft-365\/?OCID=InsideTrack_Search\">Find out how we use self-service sensitivity labels in Microsoft 365<\/a>.<\/li>\n<li><a href=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/getting-the-most-out-of-generative-ai-at-microsoft-with-good-governance\/?OCID=InsideTrack_Search\">Check out how we\u2019re getting the most out of generative AI at Microsoft with good Governance<\/a>.<\/li>\n<\/ul>\n<figure class=\"wp-block-image size-large is-resized\"><img decoding=\"async\" style=\"width: 580px;\" src=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2023\/05\/Customer-Survey-580x85-1.png\" alt=\"We'd like to hear from you!\" \/><\/figure>\n<p><a href=\"mailto:msitstaff@microsoft.com\">Want more information? Email us and include a link to this story and we\u2019ll get back to you.<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>At Microsoft, empowering our employees to do their best work means trusting them with self-determination. But to do that safely, we need clear data loss prevention systems in place. We describe it as self-service with guardrails. Giving employees that level of freedom relies on a robust governance strategy across our data estate that features employee-facing [&hellip;]<\/p>\n","protected":false},"author":21,"featured_media":13938,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_hide_featured_on_single":false,"_show_featured_caption_on_single":true,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[71],"tags":[89,263,848,419],"coauthors":[138],"class_list":["post-13935","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-featured","tag-digital-transformation","tag-microsoft-365","tag-security-and-risk-management","tag-zero-trust","program-microsoft-digital-technical-stories","m-blog-post"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Empowering employee self-service with guardrails: How we\u2019re using sensitivity labels to make Microsoft more secure - Inside Track Blog<\/title>\n<meta name=\"description\" content=\"Check out how we\u2019re using sensitivity labels across our Microsoft 365 productivity suite to enable self-service for our employees and to protect our data.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/empowering-employee-self-service-with-guardrails-how-were-using-sensitivity-labels-to-make-microsoft-more-secure\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Empowering employee self-service with guardrails: How we\u2019re using sensitivity labels to make Microsoft more secure - Inside Track Blog\" \/>\n<meta property=\"og:description\" content=\"Check out how we\u2019re using sensitivity labels across our Microsoft 365 productivity suite to enable self-service for our employees and to protect our data.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/empowering-employee-self-service-with-guardrails-how-were-using-sensitivity-labels-to-make-microsoft-more-secure\/\" \/>\n<meta property=\"og:site_name\" content=\"Inside Track Blog\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-03T23:02:52+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-10T19:14:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2024\/04\/10591-Inside-Track-How-our-transformed-approach-to-Microsoft-365-blog-hero.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Lukas Velush\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/luvelush\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Lukas Velush\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"13 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/insidetrack\\\/blog\\\/empowering-employee-self-service-with-guardrails-how-were-using-sensitivity-labels-to-make-microsoft-more-secure\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/insidetrack\\\/blog\\\/empowering-employee-self-service-with-guardrails-how-were-using-sensitivity-labels-to-make-microsoft-more-secure\\\/\"},\"author\":{\"name\":\"Lukas Velush\",\"@id\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/insidetrack\\\/blog\\\/#\\\/schema\\\/person\\\/9a0f1c52bf68827638ed385b108d2e35\"},\"headline\":\"Empowering employee self-service with guardrails: How we\u2019re using sensitivity labels to make Microsoft more secure\",\"datePublished\":\"2024-04-03T23:02:52+00:00\",\"dateModified\":\"2025-12-10T19:14:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/insidetrack\\\/blog\\\/empowering-employee-self-service-with-guardrails-how-were-using-sensitivity-labels-to-make-microsoft-more-secure\\\/\"},\"wordCount\":2210,\"image\":{\"@id\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/insidetrack\\\/blog\\\/empowering-employee-self-service-with-guardrails-how-were-using-sensitivity-labels-to-make-microsoft-more-secure\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/insidetrack\\\/blog\\\/uploads\\\/prod\\\/2024\\\/04\\\/10591-Inside-Track-How-our-transformed-approach-to-Microsoft-365-blog-hero.png\",\"keywords\":[\"digital transformation\",\"Microsoft 365\",\"Security and risk management\",\"Zero Trust\"],\"articleSection\":[\"Featured\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/insidetrack\\\/blog\\\/empowering-employee-self-service-with-guardrails-how-were-using-sensitivity-labels-to-make-microsoft-more-secure\\\/\",\"url\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/insidetrack\\\/blog\\\/empowering-employee-self-service-with-guardrails-how-were-using-sensitivity-labels-to-make-microsoft-more-secure\\\/\",\"name\":\"Empowering employee self-service with guardrails: How we\u2019re using sensitivity labels to make Microsoft more secure - Inside Track Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/insidetrack\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/insidetrack\\\/blog\\\/empowering-employee-self-service-with-guardrails-how-were-using-sensitivity-labels-to-make-microsoft-more-secure\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/insidetrack\\\/blog\\\/empowering-employee-self-service-with-guardrails-how-were-using-sensitivity-labels-to-make-microsoft-more-secure\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/insidetrack\\\/blog\\\/uploads\\\/prod\\\/2024\\\/04\\\/10591-Inside-Track-How-our-transformed-approach-to-Microsoft-365-blog-hero.png\",\"datePublished\":\"2024-04-03T23:02:52+00:00\",\"dateModified\":\"2025-12-10T19:14:15+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/insidetrack\\\/blog\\\/#\\\/schema\\\/person\\\/9a0f1c52bf68827638ed385b108d2e35\"},\"description\":\"Check out how we\u2019re using sensitivity labels across our Microsoft 365 productivity suite to enable self-service for our employees and to protect our data.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/insidetrack\\\/blog\\\/empowering-employee-self-service-with-guardrails-how-were-using-sensitivity-labels-to-make-microsoft-more-secure\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/cm-edgetun.pages.dev\\\/insidetrack\\\/blog\\\/empowering-employee-self-service-with-guardrails-how-were-using-sensitivity-labels-to-make-microsoft-more-secure\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/insidetrack\\\/blog\\\/empowering-employee-self-service-with-guardrails-how-were-using-sensitivity-labels-to-make-microsoft-more-secure\\\/#primaryimage\",\"url\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/insidetrack\\\/blog\\\/uploads\\\/prod\\\/2024\\\/04\\\/10591-Inside-Track-How-our-transformed-approach-to-Microsoft-365-blog-hero.png\",\"contentUrl\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/insidetrack\\\/blog\\\/uploads\\\/prod\\\/2024\\\/04\\\/10591-Inside-Track-How-our-transformed-approach-to-Microsoft-365-blog-hero.png\",\"width\":1600,\"height\":1024,\"caption\":\"By creating a rigorous system of sensitivity labels that align with different levels of protection across our data estate, we\u2019re minimizing data loss and enabling autonomy for our employees.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/insidetrack\\\/blog\\\/empowering-employee-self-service-with-guardrails-how-were-using-sensitivity-labels-to-make-microsoft-more-secure\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/insidetrack\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Empowering employee self-service with guardrails: How we\u2019re using sensitivity labels to make Microsoft more secure\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/insidetrack\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/insidetrack\\\/blog\\\/\",\"name\":\"Inside Track Blog\",\"description\":\"How Microsoft does IT\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/insidetrack\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/insidetrack\\\/blog\\\/#\\\/schema\\\/person\\\/9a0f1c52bf68827638ed385b108d2e35\",\"name\":\"Lukas Velush\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/084d8da5c208fc0fff3f36c46e508e9a706b1d8a928ad139b5a720a54cd5b263?s=96&d=mm&r=g3598919c570ecead29b9b22837aad0ca\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/084d8da5c208fc0fff3f36c46e508e9a706b1d8a928ad139b5a720a54cd5b263?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/084d8da5c208fc0fff3f36c46e508e9a706b1d8a928ad139b5a720a54cd5b263?s=96&d=mm&r=g\",\"caption\":\"Lukas Velush\"},\"description\":\"Lukas Velush tells the story of how Microsoft uses its own technology on this blog and on the Microsoft Digital Inside Track website (link near the top left of your screen). He's a recovering journalist who needs to not take himself too seriously.\",\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/in\\\/lukas-velush-5573762\\\/\",\"https:\\\/\\\/x.com\\\/https:\\\/\\\/twitter.com\\\/luvelush\"],\"url\":\"https:\\\/\\\/cm-edgetun.pages.dev\\\/insidetrack\\\/blog\\\/author\\\/lukas-velush\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Empowering employee self-service with guardrails: How we\u2019re using sensitivity labels to make Microsoft more secure - Inside Track Blog","description":"Check out how we\u2019re using sensitivity labels across our Microsoft 365 productivity suite to enable self-service for our employees and to protect our data.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/empowering-employee-self-service-with-guardrails-how-were-using-sensitivity-labels-to-make-microsoft-more-secure\/","og_locale":"en_US","og_type":"article","og_title":"Empowering employee self-service with guardrails: How we\u2019re using sensitivity labels to make Microsoft more secure - Inside Track Blog","og_description":"Check out how we\u2019re using sensitivity labels across our Microsoft 365 productivity suite to enable self-service for our employees and to protect our data.","og_url":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/empowering-employee-self-service-with-guardrails-how-were-using-sensitivity-labels-to-make-microsoft-more-secure\/","og_site_name":"Inside Track Blog","article_published_time":"2024-04-03T23:02:52+00:00","article_modified_time":"2025-12-10T19:14:15+00:00","og_image":[{"width":1600,"height":1024,"url":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2024\/04\/10591-Inside-Track-How-our-transformed-approach-to-Microsoft-365-blog-hero.png","type":"image\/png"}],"author":"Lukas Velush","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/luvelush","twitter_misc":{"Written by":"Lukas Velush","Est. reading time":"13 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/empowering-employee-self-service-with-guardrails-how-were-using-sensitivity-labels-to-make-microsoft-more-secure\/#article","isPartOf":{"@id":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/empowering-employee-self-service-with-guardrails-how-were-using-sensitivity-labels-to-make-microsoft-more-secure\/"},"author":{"name":"Lukas Velush","@id":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/#\/schema\/person\/9a0f1c52bf68827638ed385b108d2e35"},"headline":"Empowering employee self-service with guardrails: How we\u2019re using sensitivity labels to make Microsoft more secure","datePublished":"2024-04-03T23:02:52+00:00","dateModified":"2025-12-10T19:14:15+00:00","mainEntityOfPage":{"@id":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/empowering-employee-self-service-with-guardrails-how-were-using-sensitivity-labels-to-make-microsoft-more-secure\/"},"wordCount":2210,"image":{"@id":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/empowering-employee-self-service-with-guardrails-how-were-using-sensitivity-labels-to-make-microsoft-more-secure\/#primaryimage"},"thumbnailUrl":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2024\/04\/10591-Inside-Track-How-our-transformed-approach-to-Microsoft-365-blog-hero.png","keywords":["digital transformation","Microsoft 365","Security and risk management","Zero Trust"],"articleSection":["Featured"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/empowering-employee-self-service-with-guardrails-how-were-using-sensitivity-labels-to-make-microsoft-more-secure\/","url":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/empowering-employee-self-service-with-guardrails-how-were-using-sensitivity-labels-to-make-microsoft-more-secure\/","name":"Empowering employee self-service with guardrails: How we\u2019re using sensitivity labels to make Microsoft more secure - Inside Track Blog","isPartOf":{"@id":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/empowering-employee-self-service-with-guardrails-how-were-using-sensitivity-labels-to-make-microsoft-more-secure\/#primaryimage"},"image":{"@id":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/empowering-employee-self-service-with-guardrails-how-were-using-sensitivity-labels-to-make-microsoft-more-secure\/#primaryimage"},"thumbnailUrl":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2024\/04\/10591-Inside-Track-How-our-transformed-approach-to-Microsoft-365-blog-hero.png","datePublished":"2024-04-03T23:02:52+00:00","dateModified":"2025-12-10T19:14:15+00:00","author":{"@id":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/#\/schema\/person\/9a0f1c52bf68827638ed385b108d2e35"},"description":"Check out how we\u2019re using sensitivity labels across our Microsoft 365 productivity suite to enable self-service for our employees and to protect our data.","breadcrumb":{"@id":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/empowering-employee-self-service-with-guardrails-how-were-using-sensitivity-labels-to-make-microsoft-more-secure\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/empowering-employee-self-service-with-guardrails-how-were-using-sensitivity-labels-to-make-microsoft-more-secure\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/empowering-employee-self-service-with-guardrails-how-were-using-sensitivity-labels-to-make-microsoft-more-secure\/#primaryimage","url":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2024\/04\/10591-Inside-Track-How-our-transformed-approach-to-Microsoft-365-blog-hero.png","contentUrl":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2024\/04\/10591-Inside-Track-How-our-transformed-approach-to-Microsoft-365-blog-hero.png","width":1600,"height":1024,"caption":"By creating a rigorous system of sensitivity labels that align with different levels of protection across our data estate, we\u2019re minimizing data loss and enabling autonomy for our employees."},{"@type":"BreadcrumbList","@id":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/empowering-employee-self-service-with-guardrails-how-were-using-sensitivity-labels-to-make-microsoft-more-secure\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/"},{"@type":"ListItem","position":2,"name":"Empowering employee self-service with guardrails: How we\u2019re using sensitivity labels to make Microsoft more secure"}]},{"@type":"WebSite","@id":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/#website","url":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/","name":"Inside Track Blog","description":"How Microsoft does IT","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/#\/schema\/person\/9a0f1c52bf68827638ed385b108d2e35","name":"Lukas Velush","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/084d8da5c208fc0fff3f36c46e508e9a706b1d8a928ad139b5a720a54cd5b263?s=96&d=mm&r=g3598919c570ecead29b9b22837aad0ca","url":"https:\/\/secure.gravatar.com\/avatar\/084d8da5c208fc0fff3f36c46e508e9a706b1d8a928ad139b5a720a54cd5b263?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/084d8da5c208fc0fff3f36c46e508e9a706b1d8a928ad139b5a720a54cd5b263?s=96&d=mm&r=g","caption":"Lukas Velush"},"description":"Lukas Velush tells the story of how Microsoft uses its own technology on this blog and on the Microsoft Digital Inside Track website (link near the top left of your screen). He's a recovering journalist who needs to not take himself too seriously.","sameAs":["https:\/\/www.linkedin.com\/in\/lukas-velush-5573762\/","https:\/\/x.com\/https:\/\/twitter.com\/luvelush"],"url":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/author\/lukas-velush\/"}]}},"jetpack_featured_media_url":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/uploads\/prod\/2024\/04\/10591-Inside-Track-How-our-transformed-approach-to-Microsoft-365-blog-hero.png","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9hcZA-3CL","_links":{"self":[{"href":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/wp-json\/wp\/v2\/posts\/13935","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/wp-json\/wp\/v2\/comments?post=13935"}],"version-history":[{"count":43,"href":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/wp-json\/wp\/v2\/posts\/13935\/revisions"}],"predecessor-version":[{"id":21435,"href":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/wp-json\/wp\/v2\/posts\/13935\/revisions\/21435"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/wp-json\/wp\/v2\/media\/13938"}],"wp:attachment":[{"href":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/wp-json\/wp\/v2\/media?parent=13935"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/wp-json\/wp\/v2\/categories?post=13935"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/wp-json\/wp\/v2\/tags?post=13935"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/cm-edgetun.pages.dev\/insidetrack\/blog\/wp-json\/wp\/v2\/coauthors?post=13935"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}