Sensitivity Label not visible when sending to external recipients

Copper Contributor

Hi everyone,


I have a question related to Sensitivity Labels. Encryption works as intended when sending to external recipients (i.e. Gmail), however the label itself is not visible, on the top of the email. Footer is added, but it's not sufficient. 


Only if both recipient and sender are from the same domain using the same apps and services, you see the notification and label. However for ex: in gmail or Outlook it does not exist, if you are from another domain. (External)


Is this by design, or is there a way to enforce it? So far, only the text footer is showing, but nothing else. I think it may be a missing configuration somewhere, or does it require auto-labeling to be on?


3 Replies
There are some prerequisites and limitations to have in mind when protecting externally. Basically as long as the apps are supported and permissions granted in the label the experience is rather seamless, but not always visible as noted. In the same tenant there is full support.

Externally the protected icon is visible in Outlook on the web but not if using Gmail for example, as those user accounts gets a "wrapper" instead of seeing the content directly. That goes for the Outlook desktop client as well, you'll see the protected icon, but cannot open it if you don't configure your settings properly. You can use guest accounts or/with Azure B2B SharePoint and OneDrive integration as well. MFA is also something to consider and you can trust MFA claims using cross-tenant access settings or use exclusions with conditional access.

These explains it more in detail. Hope it helps.

@ChristianJBergstrom Hey Christian, 


Thanks for the explanation. I'll explore what you suggested, since auto-labeling is in project scope, it should also help with creating a seamless process for sending to externals. 

If we are sending emails from external to internal (like gmail to internal organization)is possible to apply label?