Forum Discussion

mdohm1355's avatar
mdohm1355
Copper Contributor
Apr 27, 2026

Label usage rights not working correctly in office web-view

Hello everyone,

I’ve created three simple Purview sensitivity labels (PUBLIC, RESTRICTED, CONFIDENTIAL). RESTRICTED and CONFIDENTIAL use usage-rights, so every internal employee and group is the owner of the document. External users are not permitted to open the document.

Unfortunately, I can’t export or print my labeled documents in the Office Web View. In Office Desktop, however, the labels work correctly.
This issue occurs for various internal users. Tested with Word, Excel, and PowerPoint.

Co-authoring is enabled. User access never expires. Offline access is permitted.

Do you have any ideas?

Label usage rights

Web-view

Office Desktop

 

sensitivity label
Usage Rights
Web-View

2 Replies

  • Marcel_Graewer's avatar
    Marcel_Graewer
    Brass Contributor
    Apr 27, 2026

    Hi,

    What you're seeing in Office for the web is actually documented platform behavior, not a label misconfiguration.

    From Microsoft's docs: "For encrypted documents, printing, downloading, exporting, and creating a copy aren't supported in Office for the web."
    Source: https://learn.microsoft.com/en-us/purview/sensitivity-labels-sharepoint-onedrive-files

    This applies regardless of the usage rights you grant in the label. Even if every internal user is Co-Owner with Full Control, Office for the web will not expose Print/Export/Download for encrypted files. The desktop apps evaluate the granular rights from the label and behave accordingly, which is why the experience differs.

    Two things worth double-checking on your tenant since they affect how the web apps behave with encrypted files:

    1. "Sensitivity labels for Office files in SharePoint and OneDrive" must be enabled.
    2. "Co-authoring for files encrypted with sensitivity labels" should also be enabled (Purview portal > Settings).

    Without these, encrypted files in the web apps may even be limited to read-only.

    If the requirement is that internal users must be able to print/export these documents, the supported path today is to have them open the file in the desktop app. There is no admin setting that enables Print/Export for encrypted files in Office for the web.

    Hope this clarifies it.

    • DerekMorgan2's avatar
      DerekMorgan2
      Brass Contributor
      Apr 27, 2026

      Marcel_Graewer​  is spot-on — this is expected platform behavior, not a misconfigured label.

      The important nuance is that Office for the web does not evaluate sensitivity label usage rights the same way the desktop apps do. Once a file is encrypted, the web apps intentionally suppress actions like Print, Export, Download, and Save As, even if the label grants full control. Desktop apps, on the other hand, fully honor the usage rights defined in the label, which is why the experience differs.

      I’ve seen this consistently across multiple tenants and support cases. At the moment, there’s no supported admin setting that enables Print/Export for encrypted Office files in the web apps. If those actions are required, opening the file in the desktop client is the only supported path.

      From a design perspective, this usually comes down to a choice:

      • Encryption-first → accept desktop app usage for Print/Export
      • Web-first → avoid encryption and rely on permissions, Conditional Access, and DLP instead

       

      mdohm1355​, a couple of clarifying questions that typically drive the right decision:

      • Is Print/Export required specifically from the browser?
      • Are these files internal-only or shared externally?
      • Is encryption a compliance requirement, or primarily a security preference?