Apply protections and restrictions to email and files


Users can apply just one label at a time for each document or email. When you label an email message that has attachments, the attachments don't inherit the label with one exception:

  • The attachment is an Office document with a label that doesn't apply encryption, and the label you apply to the email message applies encryption. In this case, the emailed Office document inherits the email's label with its encryption settings.


  • If the attachments have a label, they keep their originally applied label.

  • If the attachments are encrypted without a label, the encryption remains but they aren't labeled.

  • If the attachments don't have a label, they remain unlabeled.

Applying labels to emails manually

You can apply a sensitivity label manually in the Outlook Desktop app (Mac, Windows), on the mobile Outlook app (iOS, Android) or in the WebApp.

Applying by default with auto apply

It´s possible to apply a sensitivity label by default using auto-apply functionality.

Options to auto apply a label to a file and email:

  • Default label for new emails and documents

  • Auto apply by sensitive information types / with or without a hint

  • Auto apply by trainable classifiers

Restrictions with a sensitivity label template using auto-apply

There are sensitivity label templates. These templates have their own restrictions and are typically protection templates like the default ones (encrypt only and don't forward), which can be selected by the user. In this case, there are restrictions coming with the email and one with the file that's part of the email. The email is only the container of the files that may have their own protection configuration.

Applying protections to files

When a file is protected with a sensitivity label, the protection is sensitive at the file level. Even if the file's storage location changes or is shared via email or other sharing tools; the file remains protected.


Encryption of a file and access restrictions are connected. Without encryption it´s not possible to restrict access.