Sensitivity Label

Bob Han、 21 Reputation points
2023-03-21T10:00:37.21+00:00

Hi Team,

I hope to confirm the following information:

  1. I see in this wiki and see statement "Track and revoke features are supported for Office file types only." and would like to double check if it works for PDF file as I can see we can also manage pdf file with sensitivity label as long as it coverts from office file.

https://learn.microsoft.com/en-us/azure/information-protection/rms-client/revoke-access-user#:~:text=If%20you%20do%20not%20see%20the%20option%20to,have%20turned%20off%20tracking%20features%20in%20your%20organization.

  1. If a sensitivity label is apply to an email, the attachment within automatically inherits the label, I wonder if we can modify the permission for the attachment by now it seems it by default set as the user who receive the email
Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
3,835 questions
Azure Information Protection
Azure Information Protection
An Azure service that is used to control and help secure email, documents, and sensitive data that are shared outside the company.
518 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Givary-MSFT 28,321 Reputation points Microsoft Employee
    2023-03-27T09:09:28.2066667+00:00

    @Bob Han、 Apologies for the delay in answering this post, as I was discussing the same with our team internally on this. Please find the below information related to your query:

    You currently need the AIP add-in, which only supports Office applications. Office native will soon support this feature without the add-in.

    In theory Adobe could write their MIP functionality to support Track and Revoke (T&R) as well.

    Please note, attachments do NOT inherit labels. If you apply a non-protection label to an email the attachments do not get that. If you apply protection to a message, either by label or just manually setting Do Not Forward (DNF) or Encrypt Only (EO) , the attachment will get the protection.

    For Outlook attachments, if Outlook knows how to protect it, it will. No preventing that. The permissions on the message are the same that will be applied to the attachments. If you choose DNF/EO the protection applies to only those principals on the To/Cc/Bcc lines. If you apply a label on a message that grants permissions to specific principals that is what is set on the attachments.

    If Outlook sets the permissions on the attachments they get exactly what applied to the message. That is just how it works.

    Let me know if you have any further questions, feel free to post back.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.