Protect your Teams Work across Office 365

Reading Time: < 1 minute

Sharegate recently invited me to do a webinar about an important topic many of us are focused on these days… protecting our teams’ work in Office 365. It covers a breadth of features and controls available to do this. Whether your organization’s teams are working in Microsoft Teams, standalone SharePoint sites, or in any Office 365 Group-backed site, the work should be protected and secured to varying degrees. The webinar discusses some ways this can be done.

Sharegate summarized the webinar in a post. Here’s a link to the recording and the summarized post for you to enjoy…

Thanks to Sharegate for their partnership on the webinar!



  1. Hi Joanne, thanks so much for this overview – the examples make it so clear.

    I just wanted to clarify something – in the ShareGate article it says “And you can now also apply it at a higher container label—at the level of an entire Microsoft Team or SharePoint site. The beauty of that is that everything in that container inherits the same sensitivity setting by default.” It looks like the Microsoft guidance is saying something different “Only the site and group settings take effect when you apply a label to a team, group, or site. Other settings, such as encryption and content marking, aren’t applied to all content within the team, group, or site.” (

    I’m just trying to understand what’s best practice for a situation where the site/group/Team has a classification and you want to apply a different classification to items within the site. E.g. the site has a confidential classification and only some items within the site need a “need to know” watermark and encryption.

    1. Hi Kate – my language isn’t clear. Current state, the sensitivity of the site “container” isn’t automatically propagated to ALL documents within the site. I imagine that will come in the future, but right now, it sets the sensitivity at the container level and sets the privacy, whether or not external users are allowed, and access for unmanaged devices.

      I don’t think there’s a “best practice”… yet, however I believe you should set the sensitivity based on the most restrictive content on the site. This will automatically set the controls I’ve identified above. You *could* automate some other controls via PowerShell based on the sensitivity as well (until that comes natively with the label). It will be a visual cue for information workers on your site because they see the site’s sensitivity thru the UI. After that, you can rely on auto-apply to set the correct sensitivity label or manual intervention on those documents that require the “need to know” watermark and encryption.
      Hope that helps.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.