Welcome to Activity Explorer Labeling Activities. In this lesson, we’ll take a look at some of the different labeling activities that show up in Activity Explorer.

As I mentioned earlier, what Activity Explorer does is collect activity information on activities related to content containing sensitive information or content that has labels applied. You can use it to see what labels have been changed, review files that have been modified. 

What I want to do here in this lecture is just review some of the common labeling actions that are reported in Activity Explorer.

Let’s start with “Sensitivity label applied”.

The “Sensitivity label applied” event gets generated any time an unlabeled document gets labeled, OR when an email is sent with a sensitivity label. This information is captured during the “Save” action in Office native applications and web applications, and at the time of occurrence in Azure Information protection add-ins.

The “Sensitivity label applied” event is reported in Activity Explorer for:

• Word, Excel, and PowerPoint
• Outlook
• SharePoint Online & OneDrive
• Exchange
• Azure Information Protection unified client
• Azure Information Protection unified scanner
• Microsoft Information Protection SDK

The “Sensitivity label changed” event gets generated whenever a sensitivity label is updated on a document or email. This information is captured during the “Save” action in Office native applications and web applications. 

The “Sensitivity label applied” event is reported in Activity Explorer for:

• Word, Excel, and PowerPoint
• Outlook
• SharePoint Online & OneDrive
• Exchange
• Azure Information Protection unified client
• Azure Information Protection unified scanner
• Microsoft Information Protection SDK

The “Sensitivity label removed” event gets generated any time an unlabeled document gets labeled, OR when an email is sent with a sensitivity label. This information is captured during the “Save” action in Office native applications and web applications, and at the time of occurrence in Azure Information protection add-ins.

The “Sensitivity label removed” event is reported in Activity Explorer for:

• Word, Excel, and PowerPoint
• Outlook
• SharePoint Online & OneDrive
• Exchange
• Azure Information Protection unified client
• Azure Information Protection unified scanner
• Microsoft Information Protection SDK

Now, the “Sensitivity label file read” event is a little different than the first three I just mentioned. This event gets generated whenever document that is sensitivity labeled or protected gets opened.

The “Sensitivity label file read” event is reported in Activity Explorer for:

• Word, Excel, and PowerPoint
• Azure Information Protection unified client
• Azure Information Protection unified scanner
• Microsoft Information Protection SDK
• RMS service

Other labeling activities that show up in Activity Explorer include:

• Files discovered
• Sensitivity label file renamed
• File removed
• Protection applied
• Protection changed
• Protection removed
• DLP policy matched
• Retention label applied
• Retention label changed
• Retention label removed

I wouldn’t get too caught up in all the different details of each of these. I just wanted to provide the list for completeness’ sake. The key takeaway here is that there are lots of different labeling activities available in Activity Explorer.

If you DO want to learn more about the labeling activities in this list, visit the URL that you see on your screen:

https://docs.microsoft.com/microsoft-365/compliance/data-classification-activity-explorer-available-events