Outlook desktop client is encrypting emails despite the sensitivity label setting

Iron Contributor

We have 3 different sensitivity labels set up - General, Internal and Confidential. The General label does not encrypt content, internal and confidential do. The default label for emails is Confidential.

 

When someone uses the Outlook Desktop client (release 2407) and switches from Confidential to General, the email is still encrypted. This doesn't happen with the Outlook web client. If the switch from Confidential to Internal and then to General, the email is not encrypted.

 

Has anyone else seen this behavior?

6 Replies
Try to check on labels policy, also try to remove the general label from policy and add new one

Hiya! @IvanWilson 

 

Since the encryption still seems to happen when you change to the "Internal" label, have you verified that no one has done changes to the "Control access" part of the label? 

 

Other things that would be of interest to try/verify is

  • Do you have an DLP policies that match the content of the emails and enforces encryption via another label? 
  • Do you have Transport rules in Exchange Online that enforces encryption? 
  • Have you tried waiting a few minutes after changing to the Internal label and then sending the email (to rule out delay in the Information protection service) 
  • How many of the users scoped for these labels seem to have the issue? 

 

Let me know how it goes and if further assistance is needed!

 

Cheers

Oliwer Sundgren

Thanks @oliwer_sundgren 

 

  • Only DLP policy configured is to remove encryption to specific addresses. We identified the issue prior to creating this policy
  • No Exchange mail rules configured. 
  • Waiting between label changes has no impact
  • This is affecting all users that the policy is scoped for, but only with the desktop client. The web client doesn't cause this issue
  • No Outlook add-ins 
  • Only one Publishing Label policy currently defined
no problem! @IvanWilson

Hmm very strange.
Do you have any attachments in the emails that have a different label applied to it that encrypts the attachment? emails usually Inherit the most restrictive label of any attachments.

If no attachments are present, then I would like for you to try and create a new label with the same configuration as the "internal" label and see if you can use that label as expected of if that one also has the same issue.

Looking forward to your reply.

Kind regards
Oliwer
So Microsoft have published details about an issue with Outlook desktop classic and sensitivity labels.

https://support.microsoft.com/en-us/office/outlook-desktop-is-unable-to-apply-labels-with-encryption...

The registry setting workaround described at the bottom of the article fixes the issue. Looking forward to a longer term fix