Technology problems in data classification are, overwhelmingly, change-management problems in disguise. Microsoft Purview will classify, label, encrypt and protect content at enterprise scale. It will not make your staff care.
Every failed labels program we've been called in to rescue has at least three of these four symptoms: too many labels, no default, no training, and no manager sponsorship. Here's how we design programs that don't end up there.
Rule 1 — Fewer labels than you think
Four top-level labels, at most. If your team is advocating for ten, they're designing for the edge case and ignoring the 90% case. Put sub-labels under the four — that gives you flexibility without forcing a ten-way decision on every document save.
Rule 2 — A default that fits the 80% case
Set 'Internal' as the default label, applied automatically to every new document and email in the tenant. Most work product is internal. Forcing a label choice on every save trains users to click whatever makes the dialog go away — usually the wrong one.
The labels users actively choose become Public, Confidential or Highly Confidential. Three conscious choices are tractable. Ten aren't.
Rule 3 — Auto-label the stuff you can't trust humans with
TFNs, credit card numbers, driver's licences, passport numbers, internal contract IDs. Humans will forget to label these. Purview won't. Set auto-label rules on the tenant-wide sensitive info types for anything the ACCC, OAIC or APRA cares about.
Keep auto-labels conservative — match confidence high, false-positive tolerance low. One wrongly encrypted board paper erodes more trust than a month of correct behaviour earned.
Rule 4 — Manager training first
Staff copy their managers. If the GM of Finance labels everything 'Confidential' because it feels safer, so will her team. If the head of Marketing leaves everything on the default because she doesn't understand the taxonomy, her team does too.
Run a 30-minute manager-only session before any staff-wide communications. Walk through the four labels. Use real examples from their team's work. Give them a one-pager to refer back to. Every adoption program we've seen work has had this step. Every one that skipped it has struggled.
Rule 5 — Measure override, not application
The misleading metric is 'what percentage of documents are labelled?' The honest metric is 'when Purview auto-applied a label, how often did the user override it?'
A healthy program has <5% override rate after 60 days. A higher number means your auto-label rules don't match how your staff think about their data — go back and tune the rules, don't blame the users.