Book a demo

Apply the right protection without asking users to guess.

nBold binds your Microsoft Purview sensitivity label to each workspace template — so every Teams and SharePoint workspace is classified correctly at creation, automatically.

ISO 27001 certified · SOC 2 Type II certified · Acts on your Microsoft 365 tenant via the Microsoft Graph API

What changes when labelling is no longer a manual step.

Security and compliance leaders cannot enforce labelling one workspace at a time. When classification depends on each user making the right choice, the gaps pile up fast — and the riskiest workspaces are the ones most likely to be missed. nBold moves the decision upstream, into the template, where it is made once and applied everywhere.

No reliance on user discipline

The label is set on the template, so the right classification is applied at creation without anyone choosing it — or forgetting to.

Protection from the first minute

Privacy settings, guest rules and encryption travel with the label — applied before any sensitive content is added to the workspace.

Auditable consistency

Every workspace from a template carries the same classification, so you can demonstrate controlled data management to any auditor or regulator.

Built on the labels you already publish.

nBold does not redefine your classification scheme. It uses the Microsoft Purview sensitivity labels your security team has already published and applies them where they are easiest to get wrong — at the moment a workspace is created, before any content is added.

GeneralConfidentialHighly ConfidentialPublicPrivateGuest access rulesEncryption policy

Classification

The Microsoft Purview sensitivity label the workspace should carry — General, Confidential, Highly Confidential, or whatever your security team has published — applied at the moment of creation.

Privacy

Whether the workspace is public or private, set per template so the visibility of a client deal room or regulated project never depends on what a user remembered to click.

Membership rules

Owner and member defaults provisioned alongside the label, so access and classification arrive together — not in separate manual steps that create gaps.

Inherited by Teams and SharePoint alike

A workspace is rarely just a Team — it is a Team plus a SharePoint site full of documents. When the sensitivity label is set on the template, it is applied to both, so the classification on the workspace and the protection on its files stay in step instead of drifting apart.

From published label to protected workspace.

Four steps, set up once — then applied automatically on every workspace your teams create.

01

Map workspace types to the right labels

Your security team defines and publishes sensitivity labels in Microsoft Purview. Match each workspace type — deal room, project space, onboarding workspace — to the label it should carry.

02

Attach labels to templates

In nBold, set the classification and privacy setting on each workspace template. The label becomes part of the template definition — not a post-creation step.

03

Apply automatically at provisioning

When a team creates a workspace from the catalog, the label and privacy setting come with it — applied to the Team and its SharePoint site the moment it is created, before any content is added.

04

Use reporting and remediation to detect exceptions

Every workspace from that template carries the same classification. Update the template and new workspaces inherit the change; use bulk operations to re-classify an existing estate.

One template, the right classification every time.

Different scenarios carry different sensitivity. Bind each workspace type to the right label and the matching classification and privacy setting come with the workspace — no user decision needed.

TemplateDefault labelPrivacy
Client deal roomConfidentialPrivate
M&A / legal workspaceHighly ConfidentialPrivate
Internal project spaceGeneralPrivate
Company-wide communityGeneralPublic

nBold is Microsoft 365 native. Labels are applied via the Microsoft Graph API under a service account you control. ISO 27001 certified and SOC 2 Type II certified.

Frequently asked questions

Can labels vary by template?

Yes. A public project space and a confidential deal room can use different labels. Each template has its own classification — a client deal room defaults to Confidential and private, while an open community space defaults to General and public. Users pick the workspace they need; the label comes with it automatically.

Does nBold replace Microsoft Purview?

No. nBold applies the sensitivity labels you already publish in Microsoft Purview. It binds the right label to each workspace template so every workspace provisioned from it carries the correct classification from the moment it is created. Purview remains the source of truth for label definitions and the protection policies behind them.

Why apply labels at creation?

Because security should be part of the workspace setup, not a cleanup task after sensitive content has already been shared. When labelling is manual, it gets skipped — and confidential deal rooms end up public, unclassified, and exposed. nBold removes that risk.

Can we change the label on a template later?

Yes. Update the classification on the template and every workspace provisioned from it afterward inherits the new default. To re-classify existing workspaces in bulk, nBold bulk operations can attach an updated governance template across an existing estate.

Does any of this data leave our tenant?

nBold applies labels through the Microsoft Graph API under a service account you control, and is ISO 27001 certified and SOC 2 Type II certified. See our Security & compliance page for the full detail on how nBold handles data.

Make the right protection the default state.

See how nBold applies your Microsoft Purview labels and privacy settings to every workspace your teams create — automatically, at creation, before any content is added.