Forum Discussion
Issues with default encrypted label, external emails, and label persistence in Outlook
Hello everyone,
I’m currently running a pilot for Microsoft Purview Sensitivity Labels and would appreciate guidance or best-practice recommendations.
Current setup
I have created four sensitivity labels:
Internal (default label – encrypted)
Public (not encrypted, allowed for external sharing)
Confidential
Client PII
For the pilot:
Internal is configured as the default label
The Internal label is encrypted
External emails should be sent only using the Public label
Issue 1 – No prompt when sending externally
When a user composes an email, it defaults to Internal (encrypted).
If they add an external recipient, Outlook does not prompt the user to review or change the label.
As a result:
Users can unintentionally send encrypted emails externally
Users must manually remember to switch from Internal → Public
Question:
Is there a way in Purview / Outlook to prompt or warn users (popup, banner, or dialog) when sending emails externally, asking them to confirm or change the sensitivity label before sending?
Issue 2 – Label not consistently retained in the same email thread
Even when users manually select the Public label for an external email:
On replies within the same email thread, users often have to manually reselect the Public label again
However, this behavior is inconsistent
In some cases, the same label is retained for the entire thread
In other cases, it reverts back to the default Internal label
This inconsistency makes it difficult to explain expected behavior to users and increases the risk of mistakes.
Questions:
What is the expected behavior for label inheritance in Outlook email threads?
What factors affect whether a label is retained or reset (e.g., Outlook version, new compose vs reply, internal vs external recipient detection)?
Is there any supported way to force label persistence across the same email conversation?
My objective is to:
Keep Internal as the default label
Ensure users are clearly guided when sending emails externally
Reduce manual relabeling for the same external email threads
Avoid user confusion during day-to-day email usage
Any insights, configuration guidance, or Microsoft-recommended patterns would be greatly appreciated.
1 Reply
Issue 1
Outlook applies the default sensitivity label at compose time and does not re-evaluate the label when recipients change. Adding an external recipient does not trigger a prompt, banner, or dialog to review or change the label. There is currently no native Purview or Outlook feature that forces users to confirm or change a sensitivity label when sending externally.
The supported approach is to use Exchange DLP policies with policy tips or blocking actions to warn or prevent users from sending encrypted or sensitive emails to external recipients.
https://learn.microsoft.com/en-us/purview/sensitivity-labels#default-labels
https://learn.microsoft.com/en-us/purview/dlp-policy-reference#policy-tips
Issue 2
Sensitivity labels are applied at the individual message level, not at the conversation level. Each reply or forward is treated as a new message, so label inheritance is not guaranteed.
Whether the label is retained or reset depends on factors such as the Outlook client (desktop vs OWA), reply vs forward vs new compose, client version/state, and whether the label was auto-applied or manually selected. There is no supported way to force label persistence across an entire email conversation.
https://learn.microsoft.com/en-us/purview/sensitivity-labels#how-sensitivity-labels-work-in-outlook
https://learn.microsoft.com/en-us/purview/sensitivity-labels#limitations-of-sensitivity-labels
Recommendation
Most organizations either avoid using an encrypted default label when external communication is common, or rely on DLP policies to guide or block external sends. Label selection should be treated as per-message behavior, not per-thread.
Hope this helps! 🙂
