1. Home
  2. Training Library
  3. Microsoft 365
  4. Microsoft 365 Courses
  5. Configuring and Using Activity Explorer in Microsoft 365

Activity Explorer Labeling Activities

Start course
Overview
Difficulty
Intermediate
Duration
11m
Students
47
Ratings
5/5
starstarstarstarstar
Description

This course introduces the Activity Explorer feature that’s found in the Microsoft 365 Compliance Center. We’ll start with an introductory look at what Activity Explorer is and then take a look at the labeling actions that get reported in Activity Explorer.

Learning Objectives

  • Understand what Activity Explorer is
  • Learn how to access the service
  • Use Activity Explorer to view labeling activity in Microsoft 365

Intended Audience

This course is intended for those who wish to learn about the Activity Explorer feature that’s found in the Microsoft 365 Compliance Center. 

Prerequisites

To get the most out of this course, you should already have a basic understanding of Microsoft 365.

Transcript

Welcome to Activity Explorer Labeling Activities. In this lesson, we’ll take a look at some of the different labeling activities that show up in Activity Explorer.

As I mentioned earlier, what Activity Explorer does is collect activity information on activities related to content containing sensitive information or content that has labels applied. You can use it to see what labels have been changed, review files that have been modified. 

What I want to do here in this lecture is just review some of the common labeling actions that are reported in Activity Explorer.

Let’s start with “Sensitivity label applied”.

The “Sensitivity label applied” event gets generated any time an unlabeled document gets labeled, OR when an email is sent with a sensitivity label. This information is captured during the “Save” action in Office native applications and web applications, and at the time of occurrence in Azure Information protection add-ins.

The “Sensitivity label applied” event is reported in Activity Explorer for:

  • Word, Excel, and PowerPoint
  • Outlook
  • SharePoint Online & OneDrive
  • Exchange
  • Azure Information Protection unified client
  • Azure Information Protection unified scanner
  • Microsoft Information Protection SDK

The “Sensitivity label changed” event gets generated whenever a sensitivity label is updated on a document or email. This information is captured during the “Save” action in Office native applications and web applications. 

The “Sensitivity label applied” event is reported in Activity Explorer for:

  • Word, Excel, and PowerPoint
  • Outlook
  • SharePoint Online & OneDrive
  • Exchange
  • Azure Information Protection unified client
  • Azure Information Protection unified scanner
  • Microsoft Information Protection SDK

The “Sensitivity label removed” event gets generated any time an unlabeled document gets labeled, OR when an email is sent with a sensitivity label. This information is captured during the “Save” action in Office native applications and web applications, and at the time of occurrence in Azure Information protection add-ins.

The “Sensitivity label removed” event is reported in Activity Explorer for:

  • Word, Excel, and PowerPoint
  • Outlook
  • SharePoint Online & OneDrive
  • Exchange
  • Azure Information Protection unified client
  • Azure Information Protection unified scanner
  • Microsoft Information Protection SDK

Now, the “Sensitivity label file read” event is a little different than the first three I just mentioned. This event gets generated whenever document that is sensitivity labeled or protected gets opened.

The “Sensitivity label file read” event is reported in Activity Explorer for:

  • Word, Excel, and PowerPoint
  • Azure Information Protection unified client
  • Azure Information Protection unified scanner
  • Microsoft Information Protection SDK
  • RMS service

Other labeling activities that show up in Activity Explorer include:

  • Files discovered
  • Sensitivity label file renamed
  • File removed
  • Protection applied
  • Protection changed
  • Protection removed
  • DLP policy matched
  • Retention label applied
  • Retention label changed
  • Retention label removed

I wouldn’t get too caught up in all the different details of each of these. I just wanted to provide the list for completeness’ sake. The key takeaway here is that there are lots of different labeling activities available in Activity Explorer.

If you DO want to learn more about the labeling activities in this list, visit the URL that you see on your screen:

https://docs.microsoft.com/microsoft-365/compliance/data-classification-activity-explorer-available-events

About the Author
Avatar
Thomas Mitchell
Instructor
Students
61855
Courses
73
Learning Paths
32

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.