Purview - Default Labelling Issue

Thank you Surya, I have applied all the above and currently is in touch with Microsoft as well.

Web clients started to work after we reset the priority of the policy. i.e. the policy was given the highest priority, changed it to the lowest and changed it back to the highest after 24 hours. My guess is it isn't anything more than a caching issue.

The default label is now applied on all the client apps as well except Word. Microsoft advised the below for the issue but we do not have luck yet. Waiting for Microsoft to get back.

• Close all office apps
• Open "Registry Editor" and Rename the location from the Office registry: Computer\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\word to "word.old"
• Clear the following folders in the local machine, as they are the folders for the OfficeFileCache: C:\Users\%userprofile%\AppData\Local\Microsoft\Office\16.0\OfficeFileCache
• Open a regular PowerShell window and run: Install-Module -Name ComplianceUtility -AllowClobber -Scope CurrentUser
• Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy RemoteSigned -Force
• ComplianceUtility
• R – to reset (make sure that all Office apps are closed)
• Check if the issue persists

Hi B2B​  you're dealing with a common and frustrating issue in Microsoft Purview Sensitivity Labels—especially when refactoring or replacing label structures. The inconsistent default label behavior across different clients (Office apps, OWA, CPC) is usually due to label publishing caching, label policy sync delays, or residual client-side configuration.

Root Causes to Check

1.Label Policy Not Updated for All Users

• Even though you’ve created new labels, have you updated the label policy to include the new default label for all target users?
• Merely creating or assigning a priority doesn't override policy scoping or default label assignments.

Check:

• Go to Microsoft Purview Portal > Information Protection > Label Policies
• Open the relevant label policy and:
• Ensure the new label is added.
• Set it as the default label (there's a specific toggle).
• Confirm target users/groups include all affected users.

2.Client-Side Label Caching

Office apps cache label policy settings. So, changes like default label updates don’t apply instantly.

Fix:

• Ask affected users to run this on their local machine (CMD or PowerShell):

ipconfig /flushdns

And more importantly:

• In Word/Excel, go to:
• File > Options > Trust Center > Trust Center Settings > Privacy Options
• Uncheck and re-check “Let Office connect to online services” to refresh settings.
• Or fully reset the Office cache using:

Clear-AIPAuthentication

Reset-AIPConfiguration

(Requires AIP client installed)

3.OWA / Outlook Web – Azure Sync Delay

OWA sometimes lags in reflecting label changes because it pulls settings from Azure Information Protection unified labeling service, which may take up to 24 hours to fully propagate across services.

Try:

• Revoke and re-sign into OWA
• Use Outlook on the Web > Settings > View all Outlook settings > Mail > Sensitivity labels to confirm visible list

4.Conflicting Label Policies

Sometimes users are assigned multiple overlapping label policies, and a legacy policy might still push the old default label.

Fix:

• Use PowerShell to list policies per user:

powershell

CopyEdit

Get-LabelPolicy | Where-Object {$_.AssignedUsers -contains "email address removed for privacy reasons"}

• Remove user from legacy policies pushing the old label.

Diagnostic Steps Summary

If Still Not Working

Use Microsoft Support’s built-in label policy analyzer tool:

• Go to Compliance Center > Information Protection
• Under “Label Policies,” use the “Simulate Policy Evaluation” tool (if available in your tenant).

Or run diagnostic via PowerShell:

Connect-AipService

Get-AipServiceConfiguration