Sensitivity Labels
Please use one of these sensitivity labels to classify and protect University data published in files that are shared using SharePoint, OneDrive, Teams, Outlook email or on-premise file shares. WPI’s Data Classification Policy (Actions) contains a comprehensive guide on which data should be classified with which label.
Label | Definition | Security Provided |
---|---|---|
Restricted Use | Data should be classified as Restricted Use when the unauthorized disclosure, alteration or destruction of that data could cause a significant level of risk to the University or its affiliates. Includes but not limited to Social Security, Driver’s License numbers, health care information protected under HIPAA, biometric data, export controlled materials. | Content is encrypted and can only be viewed by the document owner(s) or the intended recipient. For content shared within WPI this process is transparent. For content shared outside of WPI, the recipient is required to authenticate with a one-time code. |
Confidential | Data should be classified as Confidential when the data is protected by state or federal law, contractual agreements. This includes but is not limited to proprietary information, student records (DOB, place of birth, grades, demographic information), background checks (CORI reports), or research data involving human subjects. | Content is encrypted and can only be viewed by the document owner(s) or the intended recipient. For content shared within WPI this process is transparent. For content shared outside of WPI, the recipient is required to authenticate with a one-time code. |
Unrestricted | Content that can be freely shared and disseminated including publishing online | None |
Supported Filetypes
Sensitivity labels can be applied to the following filetypes: Microsoft Office (Word, Excel, PowerPoint, Visio), Adobe Acrobat PDF, images and plain text files. This includes the following file extensions:
Microsoft Office: .doc, .docm, .docx, .dot, .dotm, .dotx, .potm, .potx, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .vsdm, .vsdx, .vssm, .vssx, .vstm, .vstx, .xls, .xlsb, .xlt, .xlsm, .xlsx, .xltm, .xltx, .xps
Adobe Acrobat: .pdf
Image and Text: .bmp, .gif, .jfif, .jpe, .jpeg, .jpg, .jt, .png, .tif, .tiff, .txt, .xla, .xlam, .xml
-
How to Apply the Labels
Apply labels using Microsoft Office or Outlook (Windows or macOS)
1. Open Microsoft Office (outlook, Word, Powerpoint, Excel, Visio) or navigate to the Office online web application.
2. Click on the Sensitivity button in the menu ribbon of Word, Excel, PowerPoint or Outlook; in Outlook it appears when composing an email.
Windows - sensitivity button and menu MacOS - sensitivity button and menu 3. Choose the correct label applicable to your document.
- The label controls who can access the document, but by default will allow recipients to edit.
- If read-only access is required, you must apply this when sharing the document.
4. After the label is applied, a policy tip appears when viewing the document which shows the label applied.
Windows - policy tip Office Online - policy tip MacOS - policy tip Applying labels using the Azure Information Protection client (Windows only)
This is used to apply labels to:
- more than one file at a time
- non-Microsoft Office files such as PDF, image, or text
The Azure Information Protection client is installed on all WPI-managed Windows workstations. If you do not have it, please reach out to the IT Service Desk.
1. Right click on the file(s) you want to apply a label to, then choose Classify and protect. Note: you can select multiple files before right clicking to label more than one document at a time.
Menu with Classify and protect selected 2. In the Classify and protect - Azure Information Protection window that appears, choose the label that is applicable to your file per WPI’s Data Classification Policy; then click Apply.
Classify and protect window with label options 3. Once applied, you may see a change to the icon or filename.
- Filenames with these suffixes denote files that are protected: .pfile, .ppdf, .ptxt, .pxml, .pjpg, .pjpeg, .ppng, .ptiff, .pgif, .pbmp.
- The icon will also show a padlock.
- Generally, this applies only to files that were not labelled or created within Microsoft Office, such as PDF files, text or image files.
- The icon will also show a padlock.
File icon with padlock in lower right - Files of the type .docx, .pptx, .xlsx will not change filenames or show a padlock.
File icon with no padlock
-
Opening protected PDF documents on Windows or macOS
The Azure Information Protection viewer is installed on all WPI managed Windows and macOS based workstations. If you do not have it, and are unable to open a protected .pdf, please reach out to the IT Service Desk to have the software installed.
- Windows: double click to open a protected .pdf file as you would normally.
- MacOS: Adobe is required to view protected .pdf files. Right click on the protected .pdf and choose open with Adobe Acrobat DC. You may be prompted to install the Adobe AIP plugin.
Protected document requires add-in. You may be prompted to log-in using your WPI credentials. You may then view the protected PDF document.
Protected document requires email Use of protected documents might be tracked - accept or cancel
-
Opening protected plain text or images on Windows or macOS
The Azure Information Protection viewer is installed on all WPI managed Windows and macOS based workstations. If you do not have it, and are unable to open a protected .pdf, please reach out to the IT Service Desk to have the software installed.
- Windows: double click to open a protected .ptxt or .pjpg file as you would normally open any other text or image file.
- MacOS: you may be prompted to agree to the terms and conditions the first time you open a protected document on your machine and will not be prompted again.
Use of protected documents might be tracked - accept or cancel The content of the protected text or image file appears inside the Azure Information Protection document viewer.
Document viewer shows Restricted Use label and permissions