Hi experts,

I’ve been playing with sensitivity labels recently and I’m in testing phase currently having few ppl testing it for me before I officially deploy to all. However, it looks like there are few things that do not work as expected and I’m not sure why. Hope I can find some help here.

Here is what I have configured and what is the experience during our testing

Email should inherit sensitivity label form attachmentI have label for documents set as required , and email is set to no default label and selected “inherit” label from attachmentI have “ConfidentialView Only” label that has allowed only “View rights / Reply / Reply all” allowed permission.Testing experience: When I attach a document with this label assigned, there is no restriction at all and I can forward, download, etc… looks like inheritance of label from attachments to email is not working at all. When I download the attachment, I see that the document has restricted permissions (can’t print, save, etc) so it looks it is working on the document level.“ConfidentialInternal” label should be blockedI can share with external users via SharePoint …and can even open it as external user with no issues at all.. Label access control nor DLP prevents this!!! Is there something I miss here? Not sure if important – I have “MS Entra for Sharepoint enabled”DLP is configured to check Sharepoint, Emails, OneDrive for “ConfidentialInternal” for “content shared outside the organization” and  “sensitivity label ConfidentialInternal” and BLOCK itDLP works fine for emails with attachments labelled with this label, and it is blocked as expectedConfidentialInternal is blocked in the outlook when trying to send emailwhen I am sending an attachment with ConfidentialInternal document in Outlook (New Outlook), I see a note about external users that needs to be removed. When trying to send anyway, it is blocked and I get a message below. Which is great

however, another two testers do not get this experience and their email is blocked with DLP (mentioned above) only – which is nice, but the experience I get is much better as users can correct recipients instantly (FYI – I am using NEW Outlook – need to check later this week with the testers if they are on Old or NEW one)

​Hi experts, I’ve been playing with sensitivity labels recently and I’m in testing phase currently having few ppl testing it for me before I officially deploy to all. However, it looks like there are few things that do not work as expected and I’m not sure why. Hope I can find some help here. Here is what I have configured and what is the experience during our testingEmail should inherit sensitivity label form attachmentI have label for documents set as required , and email is set to no default label and selected “inherit” label from attachmentI have “ConfidentialView Only” label that has allowed only “View rights / Reply / Reply all” allowed permission.Testing experience: When I attach a document with this label assigned, there is no restriction at all and I can forward, download, etc… looks like inheritance of label from attachments to email is not working at all. When I download the attachment, I see that the document has restricted permissions (can’t print, save, etc) so it looks it is working on the document level.”ConfidentialInternal” label should be blockedI can share with external users via SharePoint …and can even open it as external user with no issues at all.. Label access control nor DLP prevents this!!! Is there something I miss here? Not sure if important – I have “MS Entra for Sharepoint enabled”DLP is configured to check Sharepoint, Emails, OneDrive for “ConfidentialInternal” for “content shared outside the organization” and  “sensitivity label ConfidentialInternal” and BLOCK itDLP works fine for emails with attachments labelled with this label, and it is blocked as expectedConfidentialInternal is blocked in the outlook when trying to send emailwhen I am sending an attachment with ConfidentialInternal document in Outlook (New Outlook), I see a note about external users that needs to be removed. When trying to send anyway, it is blocked and I get a message below. Which is great however, another two testers do not get this experience and their email is blocked with DLP (mentioned above) only – which is nice, but the experience I get is much better as users can correct recipients instantly (FYI – I am using NEW Outlook – need to check later this week with the testers if they are on Old or NEW one) Its a bit of text, and I apologize… Wanted to describe is as best as I can 🙂 … and hopefully help anyone else facing the same… Would be grateful for your help…. As the testing is super time consuming due to the fact that any change I make to sensitivity label and policy, I prefer to wait recommended 24 hrs to see if it had any effect….  Update:forgot to ask, why I see some “default” labels when creating emails? When I go to “More Options”, in new email, I can see the below:When I go through New Email > Options > Sensitivity – I can see the labels I configured  Read More

​