10.3 Sensitivity Labels and Label Policies
Key Takeaways
- Sensitivity labels are Microsoft Purview controls for information protection and governance scenarios.
- Sensitivity label policies are part of publishing or applying label behavior to users and locations in a tenant.
- Labels are different from retention labels, although both use label terminology.
- SC-900 often tests whether you can choose labels when a scenario asks to mark, classify, or protect content.
Sensitivity Labels in Data Governance
Sensitivity labels are part of the Microsoft Purview information protection and governance story in SC-900. They are the answer to many scenarios that use words such as label, classify, mark, protect, confidential, or sensitive. The label represents a decision about the information. The policy side determines how labels are made available or applied in the organization.
Do not let the word label become too broad. SC-900 also includes retention labels and retention label policies. Sensitivity labels and retention labels are both Microsoft Purview topics, but they solve different problems. Sensitivity labels focus on information protection and sensitivity classification. Retention labels focus on how long information should be kept or managed as part of lifecycle and records needs.
| Label topic | Primary purpose | Exam clue |
|---|---|---|
| Sensitivity label | Classify or protect information by sensitivity | Confidential, highly sensitive, protect content |
| Sensitivity label policy | Make label behavior available or governed for users or locations | Publish or apply labels |
| Retention label | Manage lifecycle or record needs for information | Keep, retain, dispose, records |
| Retention label policy | Apply retention label behavior across content locations | Publish retention labels |
A typical sensitivity label question might say a company wants users to mark documents based on confidentiality. Another may ask how to apply a protection or governance label to email and documents. The best answer is sensitivity labels or sensitivity label policies, depending on whether the prompt focuses on the label itself or the policy that makes label behavior available.
Labels are not the same as DLP. A sensitivity label can indicate how content should be treated, while DLP focuses on preventing inappropriate sharing or exposure. They can appear near each other in real governance workflows, but the exam answer should follow the action. Mark or classify points to labels. Block or prevent risky sharing points to DLP. Keep information over time points to retention.
Use this pattern when reading label questions:
- If the question says mark, classify, or protect information by sensitivity, choose sensitivity labels.
- If the question asks how labels are published or applied through policy, choose sensitivity label policies.
- If the question says keep or manage records over time, choose retention labels or retention policies.
- If the question says stop sensitive data from leaving, choose DLP.
- If the question says search or investigate, choose eDiscovery or audit.
The exam does not require deep label configuration. It expects you to understand that Microsoft Purview contains the labeling capabilities and that sensitivity labels belong to protection and classification scenarios. When two answer choices both mention labels, read the surrounding words carefully and decide whether the goal is sensitivity classification or retention governance.
A company wants users to mark documents based on confidentiality. Which Microsoft Purview feature best fits?
Which clue points to sensitivity labels rather than retention labels?
What is the best SC-900 reason to distinguish sensitivity labels from DLP?