![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 94%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
1,650 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 28.000000000000004%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECK%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 65%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECB%3C/text%3E%3C/svg%3E)
Thank you for reaching out and for providing the details.
From your description, the user is able to apply and open sensitivity labels using the Word app (via the Sensitivity tab), and can open non-labeled documents without any issues. However, the user encounters an error when attempting to open a labeled file that was shared with them via SharePoint or email, even though they are included in both the Label policy and Sensitivity label policy.
This issue is most likely related to how protection (encryption) permissions are configured in the label itself.
Key clarification
Being included in a sensitivity label policy allows a user to see and apply the label but does not automatically grant access to open files protected by that label. To open such a file, the user must be granted explicit access permissions (such as View or Edit) defined within the label’s encryption settings.
Recommended checks:
Review Label Encryption Settings - Please verify that the user (or a group they belong to) is included in the encryption configuration for the sensitivity label. You can check this via: Microsoft Purview compliance portal > Information Protection > Labels > [Label Name] > Encryption.
Group Membership Validation - If permissions are granted through an Azure AD group, confirm that the user is a current member of that group and that group memberships are synced correctly.
Policy Propagation Time - If the user was recently added to the label’s permission group, please allow up to 24 hours for the change to propagate. Signing out and back in, or restarting the device, can also help refresh permissions.
Opening Method - Have the user try opening the file using Word Online (via Office.com) to rule out any client-side issues.
Error Message Details - If the issue persists, kindly share the full error message or code shown, as that can provide more insight into the root cause.
For more details, please refer to the following Microsoft documentation for useful insights.
- Learn about sensitivity labels
- Restrict access to content by using sensitivity labels to apply encryption
I hope this information helps. Please do let us know if you have any further queries.
Kindly consider upvoting the comment if the information provided is helpful. This can assist other community members in resolving similar issues.
Thank you.