9 October 2025

Starting 16 October, the next step will be taken in securing files on Teams/SharePoint and OneDrive. From then on, the sensitivity label 'internal' will automatically be applied to Microsoft 365 files. In addition, documents containing sensitive information — such as address details, bank information, passwords, and IP addresses — will be automatically encrypted.

What does this mean for you?

Starting 16 October, any document you create and/or save in OneDrive or Teams/SharePoint will automatically receive the 'internal' label if it does not contain sensitive information. For now, this has no impact on sharing or collaborating on the file. You can manually change the label to another one (for example, 'public') if you wish.

If your file contains sensitive data, it will automatically be labeled 'confidential.' The document will also be encrypted. An encrypted file can only be shared with others by giving them read or edit permissions. The detection of sensitive data happens automatically and is based on recognisable number or letter patterns, similar to how autocorrect works.

The label 'secret' is not applied automatically; you will need to assign it manually. When you do, the file will automatically be encrypted, and you can apply specific restrictions on the document, for example, by setting an expiry date or defining who is allowed to print or copy the file.

What are sensitivity labels?

Sensitivity labels are an aid used to help protect data within the university. They are applied in the Microsoft 365 environment (SharePoint/Teams/OneDrive, and Outlook) and help safeguard sensitive information such as address details, bank information, passwords, and IP addresses.

A sensitivity label indicates how the data in a file or message should minimally be secured and how the information should be handled. The four types of labels are: 'public,' 'internal,' 'confidential,' and 'secret.'