Data Labeling in Microsoft Tools Guideline

Files created in Microsoft applications can be labeled with Vanderbilt's data classification levels. When you label a file with a label, you help safeguard its contents, maintain its privacy, and comply with legal standards. 

Users should apply Sensitivity labels to documents and emails during creation or modification. Label application is essential when the content contains confidential, proprietary, or personally identifiable information (PII) that requires protection to prevent unauthorized access, comply with regulatory standards, and mitigate potential data breaches.

 ClassificationLevel 1 PublicLevel 2 Institutional Use OnlyLevel 3 RestrictedLevel 4 Critical
EncryptionEncryption Required?NoNoYesYes
Offline Access Available?Always30 DaysNeverNever
Content MarkingContent Marking Required?NoNoHeader OnlyHeader and Content
Privacy and External User AccessPrivacy expectation?NoneNonePrivatePrivate
External User Access Available?YesYesNoNo
External Sharing and Conditional AccessExternal Sharing from SharePoint?AnyoneExisting GuestsExisting GuestsOnly VU

General FAQs

  • Can Sensitivity labels be applied within Microsoft Mobile Apps?

    Yes. The Sensitivity labeling function is available for Outlook, Teams and Microsoft 365 (Office) - including Excel, Word, and PowerPoint files.

  • Where can I find the Sensitivity labeling options within Microsoft Mobile Apps?

    Open the file on your phone with a Microsoft 365 App and select the function button […] in the upper corner of your screen. File sensitivity labels can be applied on the Settings screen.

  • How are Sensitivity labels applied to an Email in Outlook?

    Sensitivity labels can only be applied to Outlook emails when creating a new email or replying to an email. Once an email is sent or received, no Sensitivity labels can be used or changed.

  • Can Sensitivity labels be applied to Outlook Calendar appointments?

    Yes. Security and privacy settings for Outlook emails or calendar appointments will apply to their attachments, but attachments will not inherit the Sensitivity label. This means that if you apply a Sensitivity label to an email that restricts access to its content for people outside of Vanderbilt, the attachments within that email will also be restricted. But, if you download the attachments separately from the email, the security and privacy settings won't apply unless you manually apply a Sensitivity label to the individual attachments. If attachments have been downloaded (separate from the email), the security and privacy settings won't apply to that file unless the user manually applies a Sensitivity label.

  • Can Sensitivity labels be applied to a SharePoint site?

    Yes. Microsoft Teams Sensitivity labels can be set at creation. Vanderbilt preconfigured four types of Teams: Class, Professional Learning Community (PLC), Staff, and Other. But note that Sensitivity labels cannot be applied when starting a “Class” group. For all other Teams types, labels are available to be applied.

  • Can Sensitivity labels be applied to existing teams (group/channel) in Teams?

    Yes. To modify Sensitivity labels for an existing Team, users can go to "Edit team" in the Team settings function. After applying Sensitivity labels, the label will appear on the upper right corner of all Channels under the Team.
    Data labeling in Teams

  • Can users still utilize analytical tools (PowerBI and Tableau) to access Excel files after Sensitivity labels have been applied?

    Yes. However, not for Level 3 or Level 4 files. Vanderbilt Level 3 and Level 4 data Sensitivity labels enable encryption controls, which most data analytical tools don’t allow the platform to connect with encrypted files.