Skip to content

The trial run of data classification has begun with ICT services. During the trial run, your file may be classified if you share your file with a person in ICT Services in M365.

Author: Anna-Liisa | Published: 7.1.2026
Keywords: , ,

During 2026, a new, national data classification model will be introduced at the University of Oulu and Oulu University of Applied Sciences. Since 15 December 2025, ICT Services staff have been running a pilot of a data classification tool in the M365 environment that follows the new data classification model.

If you share your file in M365 with a member of ICT Services and grant them editing rights, and they open and save the file, a default classification of Confidential (3Y) will be applied to your file, or another data classification specifically defined by the ICT Services staff member.

The default classification is Confidential (3Y), which is appropriate for most work‑in‑progress documents. If your file should have a different classification (see the data classification), please contact in advance the person who already has access to the data classification tool and with whom you plan to share the file. They can apply the correct classification on your behalf. This is particularly important for documents that require stricter protection than the default level due to the sensitivity of their content. In some cases, a lower protection level may also be required. For example, files shared in Moodle via an anonymous link must be either unclassified, or, if classified, the classification must be Open (5W) for the anonymous link to work.

M365 data classification automatically prevents information from being shared in ways that are not allowed for the classification applied to the file.

As a result of data classification, some protection requirements are enforced automatically in the M365 environment for staff. For example:

  • M365 data classification allows anonymous sharing links only for files classified as Open (5W) or Private. If your file is classified as Internal (4G), Confidential (3Y), Restricted Confidential (2A), or Secret (1R), it cannot be shared using an anonymous link.
  • M365 data classification blocks the use of the M365 Copilot AI for files classified as Private, Restricted Confidential (2A), or Secret (1R).
    • However, it is not technically possible to prevent the user from copying and pasting information into the M365 Copilot chat: Here, the user must follow the instructions of the data classification model, i.e. M365 Copilot must not be used with Restricted Confidential (2A) or Secret (1R) information.
  • M365 data classification automatically encrypts Restricted Confidential (2A) or Secret (1R) emails and attachments.
  • M365 data classification prevents Secret (1R) emails from being forwarded from Outlook, and Secret (1R) emails or files can’t be printed or copied within the M365 environment.
  • M365 data classification automatically encrypts files in the  Secret (1R), Restricted Access subcategory in OneDrive.

« Back

This article was published in categories English version available, All instructions, Oamk , for Oamk staff, for the University of Oulu staff, Saavutettava ohjeartikkeli, UniOulu and tags , , . Add the permalink to your favourites.