Sensitivity labels in Teams

A new feature for Sensitivity labels in Azure AD will soon be available to Teams, and can really ensure guests are not invited accidentally into a team with internal or sensitive information.

The feature behind this is currently in preview and can be found described on this page. After the preview has been enabled, a new option appears when labels are created (I have not discovered a way to update existing labels, but I'm hoping this will be a possibility once the feature goes into GA).

By not selecting the highlighted option, it suddenly becomes "impossible" to invite guests to the Team, the site or the group in question.

Please note the current defaults on the image was to not to allow any guests, and the section on managed devices was to block all non-compliant. Be careful not to set policies that could possibly block users from doing their job.

Once the label has been created, it can must be published before group creators have the labels available to them. Existing groups and teams can also have this label added once it is available.

This addition, described as road-map item 57275, is a most welcomed one for my customers who are concerned about the accidental addition of guests into groups or teams where they have sensitive information stored.

The feature requires Azure AD P1 licenses. It is already rolling out, and should be completed by the end of this year according to a message in the O365 admin portal last week.