Microsoft Purview Sensitivity Labels: Sensitivity label grouping modernization coming this fall (?)

There is a change coming to Microsoft Purview Information Protection that simplifies sensitivity label architecture. The goal is to make label management easier, more scalable, and less rigid for organizations. The new model will only include standalone labels and sublabels. Parent labels will be replaced by label groups, which act as organizational containers. These groups cannot be applied to content and have no actions or scope, but they retain color and priority for visual organization. Hopefully, this change will make it much easier to move labels around and make other changes in production: for example, converting a standalone label into a sublabel or moving sublabels between groups without breaking dependencies.  From my experience, this update solves one of the biggest challenges in large environments: rigid label hierarchies. The new dynamic model gives admins the agility they need to adapt quickly as compliance and business needs evolve. For admins, migration will be quic...

External Sharing in SharePoint and OneDrive is changing: What You Need to Know

In an ongoing effort to create a more secure environment by default, Microsoft is introducing an important security update that will affect how external users access content shared through SharePoint and OneDrive. Starting July 1, 2025, any links shared with external users before your organization enabled Microsoft Entra B2B integration will no longer work.

This change applies to all organizations that have already enabled or will enable SharePoint and OneDrive integration with Microsoft Entra B2B (Most organizations I have looked into so far). External users trying to use old links will see an error message saying the organization has updated its guest access settings. To regain access, the content must be reshared.

Highlights of how the change affects organizations who have enabled B2B:

  • All external sharing will require guest registration. External users must be added as guests in your Microsoft Entra directory.
  • Access will be managed through Microsoft Entra B2B Invitation Manager. This provides better tracking, lifecycle management, and control over guest access.
  • Multi-factor authentication (MFA) may be required. If your organization enforces MFA for guests, they will need to complete MFA before accessing shared content.
  • New sharing links will only work for registered guests. Anonymous access will no longer be supported in this model.

This means that external collaboration becomes more secure and auditable, but also requires a bit more setup and communication with your external partners. This change may have an impact on how you govern guest lifecycle management, from invitation to deactivation. Also verify your conditional access requirements for guests.

This update is a smart move by Microsoft to bring more control and visibility to external collaboration. While it may cause some short-term inconvenience, it’s a good opportunity to review and improve your sharing practices.