I need to check my understanding of what happens when a file is protected by encryption applied via a sensitivity label, then that access expires. This is my understanding, please correct any mistakes. When the label is applied, unless the document author is included in the encryption settings of the label they will be locked out by RMS. The person who applies the label then becomes the RMS Owner of that file. When access to the file expires (due to the settings specified in the label - for example, 30 days) everybody loses access to the file except the RMS Owner, who still has access. At this point, I believe that the original owner still has no access, regardless of underlying permissions (SharePoint for example) to the file. So if the original owner was not given RMS rights to the file, and the RMS protection expires, the original owner (who has rights in SharePoint) will not regain access. Is this correct and does it make sense?