Forum Discussion

Tiffanyb's avatar
Tiffanyb
Copper Contributor
Mar 18, 2026

Sensitivity Label Permissions

Hello,   I have set up sensitivity labels within my company. I have Public, Standard, Confidential and Highly Confidential. When testing with my external email (e.g. Gmail and Yahoo) I am prompted ...
Microsoft Purview
microsoft purview communication compliance
Pbv85's avatar
Pbv85
MCT
Mar 25, 2026

Hi Tiffanyb,

All Microsoft users are natively authenticated thus they do not need to enter OTP as this step is skipped.  However for any Non-Microsoft accounts they need to explicitly input OTP to complete the authentication process.

If you would like to force the Microsoft users users to enter OTP than you must remove Authenticated Users and explicitly list each email addresses, or create a conditional access policy to enforce MFA so all users can use OTP based authentication.

Alternatively you can configure advanced email encryption or have predefined permissions configured within the sensitivity label.

https://learn.microsoft.com/en-us/purview/encryption-sensitivity-labels#choose-permissions

Please read the known issues before implementing this approach. 

https://support.microsoft.com/en-au/office/known-issues-with-sensitivity-labels-in-office-b169d687-2bbd-4e21-a440-7da1b2743edc

Regards, Prash

 

If you find the answer useful, please do not forget to like and mark it as a solution