Bit by Bit, Office 365 Sensitivity Labels Reaching Applications
On September 24, I published an article about the support of Office 365 Sensitivity Labels in the Office ProPlus for Windows desktop apps. At the time, I noted that Microsoft still had work to do to add support for sensitivity labels to the Office online apps, including OWA. Microsoft had published Office 365 notification MC191074 to say that Office 365 tenants now with worldwide roll-out complete by the end of October. Well, OWA “manual” support for Office 365 Sensitivity Labels has turned up in my tenant to satisfy roadmap item 44921.
Manual support for Office 365 Sensitivity Labels means that OWA users must decide what messages to label and the labels to assign to messages. Automatic labeling is what happens today with Office 365 retention labels when conditions in a policy control what items labels are applied to by a background process. Similar facilities are likely for sensitivity labels in the future.
Apply Sensitivity Labels in the OWA New Message Window
Because OWA runs in online mode, it always uses the current set of sensitivity labels published for a user. This doesn’t mean that a new or updated label is available to OWA immediately a change is made. The Security and Compliance Center must publish the change to all Office 365 workloads and clients. It can therefore take some time before a change is available to OWA.
The Sensitivity button is available as an option in the OWA new message window. After a label is applied to a message, its name is shown in the banner above the message recipients. In Figure 1 we can see that the selected label invokes encryption because of the padlock icon beside the label name. A label that only applies marking or does nothing but act as a visual indicator uses a plain label icon.
OWA also displays these icons for labelled items in the read message window. Like Outlook, the protection applied to a message also applies to any of its attachments
Sensitivity labels can also be applied to replies to messages that aren’t previously labelled. In this case, the Sensitivity option to apply a label is in the […] menu of the reply message window (Figure 2).
When you assign a sensitivity label to a reply, it does not apply to the previous messages in the thread. However, Exchange automatically assigns the same label to future messages in the thread.
Encrypt-Only and Do Not Forward
The default Office 365 Message Encryption Encrypt-Only and Do Not Forward templates can also be used to protect messages with OWA. Click the […] menu and you’ll find Encrypt in the list of menu choices. Using these templates for protection does not assign a sensitivity label to the protected messages.
Still Work to Do
Now that OWA supports Office 365 Sensitivity Labels, it’s reasonable to expect that the other Office online apps will offer support soon. After that, eyes will turn to the SharePoint Online and OneDrive for Business browser interfaces to see how Microsoft will introduce sensitivity label support there.
For more information about Office 365 Sensitivity Labels and the underlying Azure Information Protection technology, read Chapter 24 of the Office 365 for IT Pros eBook.