Apply a default label to emails - not working as advertised

Question

Hi,

Our only AIP Policy is configured as follows:

The way we understand this is that an email message should inherit the label as per the attached document - is that correct?

Let me work you through our scenario, which does not appear to be working as advertised.

1. Here is a Word document with sample PCI data, labelled as 'Confidential'
   
2. Next I create a new Outlook email, which automatically gets labelled 'General' as per our AIP Policy. I then attach this 'Confidential' document. No Outlook labels change at this stage...should they?

1. I send the email
2. The recipient opens the email...and the email itself is still labelled as 'General' and the attached document is still labelled as 'Confidential'

Question: We were under the impression that based on the AIP Policy setting the email should inherit the label of the attached document, and also become 'Confidential'

Is our understanding incorrect?

Thank you,
SK

Answer 1

Hi @Shim Kwan ,

Thanks for reaching out.

I understand you want to apply the same label automatically to email which has been applied in the document attached in the email.

As per info mentioned in advertiser, it specifies to automatically apply the label policy you defined earlier based on the sensitive info type condition to avoid manual labelling while sending the email.

This drop-down option "same as document" seems to be little confusing here. This implies to choose the same label which has been selected for documents but that does not specify to apply same label automatically to email as per attachment.

Let say, you have selected confidential label for bank accounts' data for word document, then same confidential label has been applied to mail automatically when you add bank accounts' numbers in email, but it will not pick the label as per attachment.

Refer to apply sensitivity label to files, emails and attachments.

Hope this will help.

Thanks,
Shweta

--------------------------------

Please remember to "Accept Answer" if answer helped you.

Answer 2

@Shweta Mathur - thank you for that explanation and link - the GUI is most certainly very misleading (at least to my team)

Answer 3

@Shweta Mathur according to the link, that is exactly how it should work. The Attachment label should take precedence if you are telling that to the label.

Configure label inheritance from email attachments

Note

Identify the minimum versions of Outlook that support this feature by using the capabilities table for Outlook, and the row Label inheritance from email attachments.

Turn on email inheritance for when users attach labeled documents to an email message that isn't manually labeled. With this configuration, a sensitivity label is dynamically selected for the email message, based on the sensitivity labels that are applied to the attachments and published to the user. The highest priority label is dynamically selected when it's supported by Outlook.

Whether this label inheritance will override an existing label on the email message:

    When an email message has been manually labeled, that label won't be replaced by label inheritance from email attachments.

    Label inheritance from email attachments will replace a lower priority sensitivity label that is automatically applied or applied as a default label, but won't override a higher priority label.

You configure this setting in the sensitivity label policy, on the Default settings for emails page. For the section Inherit label from attachments, select the checkbox Email inherits highest priority label from attachments. The attachment must be a physical file, and can't be a link to a file (for example, a link to a file on Microsoft SharePoint or OneDrive).

When you select this checkbox, you can then further select the following option: Recommend users apply the attachments label instead of automatically applying it. Without this selection, the label is automatically applied but users can still remove the label or select a different label before sending the email.