Hey everyone! I'm diving into data governance for our food manufacturing company and I'm looking for advice on what labels to start with for data classification. The documentation I've reviewed suggests beginning with a basic set of labels, specifically: Public, Internal, Confidential, and Highly Confidential. I've also noticed mentions about needing to scope labels differently for files or emails versus sites like SharePoint or 365. From your past experiences, is this a sound approach? I'm aiming for labels that are easy for everyone to understand since not all team members are very technical. Appreciate any insights you can share!
6 Answers
I think it’s wise to separate labels based on their scope. This can really help with managing your policies more effectively!
You might want to reconsider having both ‘Confidential’ and ‘Highly Confidential’. It could just complicate things—why not just stick to one? If there's truly a need for another label later, you can always add it. Just make it clear if something is confidential or not right from the start!
You can check out Microsoft's guidelines for this here: https://learn.microsoft.com/en-us/purview/deploymentmodels/depmod-securebydefault-phase1#start-with-default-labels-and-protection-at-file-and-site-level
It's best to keep things simple when starting out. The more complex the labels, the harder they'll be to adopt. Unless there's a strong reason to complicate it, sticking to basic labels really helps with ongoing usage!
I totally agree! Just trying to gather suggestions based on what others have done.
Absolutely! We're currently rolling out our labels, and simplicity has been key for us too.
I've seen labels like Public, Private, Confidential, and Restricted work well too.
Just a heads-up, labeling files isn't the whole battle—unstructured text can be tricky. Someone might label a document as 'Confidential', but if they copy and paste the text elsewhere, it could end up publicly available. Training users and possibly enforcing rules on the client side might be key for that last step!
Some people at our company use labels like P1 to P4. It helps categorize based on priority or sensitivity.

Gotcha! Do you have any specific examples of how you've implemented that?