Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

User Defined Encryption and Auto labelling conflict

Brass Contributor

Hi there,


We have a scenario where we want to create Auto labelling policy to detect "budget" keyword and apply the label as Confidential. The policy works fine and tag all Exchange, One Drive or Sharepoint documents.

However When I create the label policy and choose "Let user apply permissions" then It doesnt allow me to save the policy and says that it is referenced in Auto labelling so we cannot use it.


We want to tag all data at rest in the cloud using Auto labelling and also want to use the same tag auto applied to word document as soon as user enter the sensitive keyword "budget".


Currently I cannot do both..... am i missing anything? let me know please.




2 Replies

Hi, @FahadAhmed,


When you configured the label and set the encryption to "Let users assign permissions when they apply the label", did you set the option for "In Outlook, enforce one of the following restrictions" as well as "In Word, PowerPoint, and Excel, prompt users to specify permissions"?

And then on the auto-labeling policy for content at rest, did you configure the policy to apply to Exchange, SharePoint, and OneDrive?


If so, this may be the issue. An auto-labeling policy cannot be scoped to SharePoint or OneDrive if the label you're wanting to apply has exchange-specific actions configured, which would be the case if you set the "In Outlook, enforce one of the following restrictions" option.

that probably seems to be the issue, let me verify at my end and update here. Thanks @miller34mike for the prompt response, much appreciated.