OWA Supports Automatic Labeling for Office 365 Sensitivity Labels

Office Depends on Unified Labeling Client

Office 365 Message Center Notification MC193997 (24 October) brings the news that OWA will soon be able to automatically apply Office 365 sensitivity labels to outbound email (Office 365 roadmap item 56649). Automatic application is based on the detection of sensitive data types in content. This feature requires accounts to have Office 365 E5 licenses and is being deployed to Targeted Release tenants with roll-out due to complete by the end of 2019.

Outlook and the other Office desktop applications can apply sensitivity labels automatically if the Azure Information Protection client is installed on a PC. Microsoft is now upgrading Office applications to support the same functionality and OWA is the first application to receive the capability. Microsoft announced the preview for support for sensitivity labels in the Office Online apps and SharePoint Online at the Microsoft Ignite 2019 conference.

Auto-Labeling on Send

OWA applies automatic labeling when messages are sent and uses the content of the message body to decide if the test for the sensitive data is satisfied. The other Office applications perform automatic labeling when files are saved.

The sensitive data types used to detect content for auto-labeling are the same as used elsewhere in Office 365 (for instance, by data loss prevention policies) and the same concepts of defining the number of occurrences of the data type that must exist in a file or message together with the confidence level that the data type is what it seems to be are used to define when a match exists.

Defining Labels for Automatic Protection

Figure 1 shows the properties of a sensitivity label with auto-labeling enabled. In this case, the label will be applied to any document or file where a client detects the existence of a single credit card number. Typically, you combine this feature with content marking to apply a header or footer to warn users that sensitive data is present and encryption (if desired) to protect the information. The message displayed to the user is free-form text to communicate to users when their items are automatically labelled. In this case a suitable message might be “Automatic protection applied because this message contains a credit card number.”

Properties of an Office 365 Sensitivity Label configured for automatic labeling
Figure 1: Properties of an Office 365 Sensitivity Label configured for automatic labeling

Priority Dictates Which Label to Apply

It is possible that several sensitivity labels invoke automatic labeling and match against content in an item. When this happens, Office 365 applies the label with the highest priority as ordered in the sensitivity label policy published to the user. The first label in a policy has the lowest priority while the last has the highest priority (most sensitive).

Need to know more about Office 365 Sensitivity Labels? Look no further than Chapter 24 of the Office 365 for IT Pros eBook. It’s packed full of information on this topic.


One Reply to “OWA Supports Automatic Labeling for Office 365 Sensitivity Labels”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.