This document explains eShare’s direct integration with Microsoft Purview Sensitivity Labels, allowing organizations to apply active controls to content based on the sensitivity applied by users or automation. This integration provides organizations more granularity with data protections while enabling their user base to share content with appropriate guard rails in place.
PREREQUISITE:
To proceed with using the integration with PIP Sensitivity Labels, you must complete the following steps to sync the organizations Labels accordingly.
Configuring and Using Sensitivity Labels
Organizations that leverage Purview Information Protection Sensitivity Labels have the option syncing the Labels to eShare for additional functionality with Sharing Policies. When enabled, eShare queries Microsoft for the existence and order of Sensitivity Labels within the organization and imports all Labels within the eShare portal automatically. Once imported, the Labels appears within ‘Admin Console‘ > ‘Labels & Tags‘.
Use Case: Applying Sensitivity Labels to Sharing Policies: eShare Organization Administrators can assign Sensitivity Labels to both Sharing Policies and Sharing Modules. These labels define the sharing permissions that will automatically apply to any Trusted Share created under the corresponding policy.
Example: If a Microsoft file is labeled “Confidential” and the same label is applied to a sharing policy, whenever a user attempts to create a trusted share of that file, the corresponding sharing policy will automatically be enforced. The user will not be able to modify the policy settings, ensuring consistent enforcement of security and sharing rules. Similarly, if a Sensitivity Label is applied to a SharePoint site, any file from that site will automatically inherit the associated sharing policy when a trusted share is created. This approach helps organizations maintain compliance and control over sensitive content while simplifying policy management.
When Sensitivity Labels are imported to eShare, their priority as defined in Microsoft is reflected within the Portal. eShare will honor the Microsoft priority order when users attempt to access content that is labelled accordingly.
Assigning Sensitivity Labels to Sharing Policies
Once Labels have been imported and synced to your eShare organization, Organization administrators can assign them to Sharing policies. eShare Administrators can navigate to the ‘Sharing Policies’ section within the Admin console menu and assign a sensitivity label to a Sharing Policy or create a new Sharing Policy dedicated to a Sensitivity Label. You can also assign sub labels to a sharing policy.
After the Sensitivity Label is assigned to the Sharing Policy, administrators can select the ‘Edit’ option to assign the Sharing Policy to a Sharing module. Assigning a Sharing modules to a Sharing policy makes that policy available when generating Trusted Shares via the relevant module. As an example, in the above screenshot – the ‘Confidential Sharing Policy’ will be available for Trusted Shares generated from SharePoint sites, the Secure Mail Gateway and personal cloud storage.
NOTE:
When selecting labels or tags, if an option appears grayed out, it means a sharing policy with the same combination of sharing modules and labels already exists. You can not have a sensitivity label assigned to multiple sharing policies with the same sharing modules, however you can assign a label to different Policies if they are using different Modules (ex. Sharing Policy A is assigned ‘Sharepoint Sharing’ module and Sharing Policy B is assinged ‘Secure Mail Gateway’ module, both policies can have a Confidential Label assigned).
Sharing Content with Sensitivity Labels
When Trusted Shares are created from SharePoint/Teams sites or email, eShare evaluates the Sensitivity Label of the Site/Email (container) and File being shared while respecting the native Microsoft Label Priority order set by your organizations administrator. If someone tries to share content the Labels of the file and container are inspected, and the Sharing Policy tied to the label in highest in priority order will be applied. (ex. SharePoint Site is labeled ‘Confidential’ and the file is labeled ‘General Business’, in this case the Confidential Policy will be applied since the Confidential Label is higher in Priority).
After a Trusted Share is created with a certain Label specific Sharing Policy, eShare will continue to evaluate the sensitivity of documents on access. If a recipient accesses a document that is higher in sensitivity than what the Trusted Share was created with, eShare will step up the applied sharing policy to match the sensitivity of the document and apply the active controls for that Label sharing policy. (ex. A Trusted Share is created with General Business Sharing policy, but the recipient accesses a document labeled as ‘Confidential’, eShare will step up the policy and require the user to accept a Terms of Use before seeing the document).