Forum Discussion
Best practice basics for Labels and DLPs to protect company data
I believe you are right about not using encryption for your default labels. DLP will be able to catch cases of items being shared externally in email or SharePoint.
In email, if you use a sensitivity label that applies encryption, the email sender and recipients will be able to decrypt. I believe this also explains why you can't use a label that has permissions already assigned.
thanks for the info .... Will have a look at Information Barriers...
about email - let me explain a bit more - When I create a new email, there is no label assigned. Now, I can assign public (it just label data, no encryption etc) and restricted (this one has access control that user should specify) etc. However, when I want to assign "Confidential" that is configured with "assign permission now" and permission is granted to "all user in organization only", this confidential label is not assigned to emails - it will not change from no label to confidential (outlook 365 app). So if I by mistake send email that should be labelled with confidential to external user, he will not be able to open it. ....Strange is that when I switch to New Outlook, I can assign confidential label to email with no issues....