Microsoft Technical Bulletins

The latest updates for all the Microsoft Products you use every day.

SharePoint Curtain Reveal Tech Bulletin Header

Written by Richard Quatier

My goal is to help your business by integrating processes that automate mundane tasks and simplify complex ones without breaking budgets.

September 6, 2022

Blog Home

Information Protection: Apply granular conditional access policies to SharePoint Online sites via sensitivity labels

Microsoft 365 Suite, Microsoft 365 Experts

From Microsoft Corporation
Technical Bulletin MC424416 · Published Sep 1, 2022

Message Summary

With this update, administrators will be able to use Conditional Access policies and associated sensitivity labels to require additional user authentication for accessing sensitive SharePoint sites when the user’s context does not meet the requirements of the site.

This message is associated with Microsoft 365 Roadmap IDs 82115, 82163, and 85979.

When this will happen:

Rollout will begin in late September and is expected to be complete by end of November. 

How this will affect your organization:

You might want additional authentication for accessing certain sensitive sites. For example, when a user visits a highly sensitive site labeled Confidential, you might want to enforce a step-up authentication with granular policies such as multi-factor authentication (MFA) when the user’s context does not meet the access requirement of the site.

With this release, you will be able to create Conditional Access authentication contexts in Azure Active Directory (Azure AD) tailored to your organization’s security posture.

You can then associate these authentication contexts with sensitivity labels in Microsoft Purview compliance portal > Information Protection. For example:

  • Low authentication context requires single factor authentication; this can be associated with a ‘General’ sensitivity label. 
  • High authentication context requires MFA such as one time passcode verification and/or IP network location policy. This authentication context can be associated with a Confidential sensitivity label. 

Once an admin configures the sensitivity label with authentication context, when a user applies a sensitivity label, the associated granular contextual and conditional policies are automatically enforced. 

What you need to do to prepare:

This release has no impact on existing Conditional Access policies in Azure AD. Nor is there a change in how SharePoint Online sites use existing Conditional Access policies.

To benefit from this new feature:

  1. Create Authentication Context in the Azure AD portal
  2. Tag the Authentication Context name with a Conditional Access policy in the Azure AD portal 
  3. Choose the right Authentication Context name for a new sensitivity label in the compliance portal. Note: If you do not use labels that are applied to SharePoint sites, then you can directly apply the above authentication context to a given SharePoint Online site via PowerShell (download the latest SharePoint Online management shell). 

After you have completed these steps, you will see the option within your Information Protection sensitivity label configuration flow: 

image placeholder

Access the Information Protection solution in the Microsoft Purview compliance portal:

Learn more: Manage site access based on sensitivity label – SharePoint in Microsoft 365 | Microsoft Docs 

Additional information

Apply granular conditional access policies to SharePoint OnlineApply granular conditional access policies to SharePoint Online


QuixTec provides this and other technical bulletins unaltered from Microsoft. As an authorized Microsoft Partner, we ensure that all our solutions we deliver to you include the latest Microsoft updates.

ABOUT US: QuixTec, LLC is a U.S. certified Veteran Owned, modern DevOps organization with experience in a plethora of IT Software Languages.  As a Microsoft Partner, we specialize in Discounted Microsoft Software Licensing, Microsoft SharePoint, Microsoft365 and HTML5 technologies for small to enterprise-sized organizations. Our dedication to IT excellence is evidenced through our PECB ISO Certification training center. The only PECB ISO authorized center in Washington State. QuixTec, implements and provides training for upcoming open-source digital marketing services that are taking the industry by storm. This solution, used by over 100,000 businesses, provides enterprise level marketing capabilities at startup rates. The founder, Richard, has 30 years of experience working with several notable companies that include World Vision, Expedia, Microsoft, Levi Strauss, NASA, Boeing Aerospace, Los Alamos National Laboratory, and the U.S. Air Force, to name a few.  QuixTec is in the Seattle area. Phone today for a free consultation and project estimate.

(425) 367-9025


SharePoint Development ServicesSharePoint Development - Custom Solution Development - Microsoft 365 Experts - Microsoft 365 - IT Staffing Services - WordPress Development Services - Form Email Validation - Microsoft Licensing - Mautic Open Source MarketingBest IT Staffing AgenciesIT Staffing Company  - PECB ISO Training and Certification

You May Also Like…

Relevance recommendation for Message center posts

Relevance recommendation for Message center posts

Microsoft 365 Suite, Microsoft 365 Experts From Microsoft CorporationTechnical Bulletin MC466202 · Published Nov 12, 2022 Message Summary The new relevance recommendation in Message Center will help you determine how relevant a change is...

Microsoft Purview compliance portal | Retirement of Reports page

Microsoft Purview compliance portal | Retirement of Reports page

Microsoft 365 Suite, Microsoft 365 Experts From Microsoft CorporationTechnical Bulletin MC455898 · Published Nov 4, 2022 Message Summary We will be retiring the Reports landing page from the Microsoft Purview compliance portal by the end...