How are sensitivity labels applied and managed in Microsoft 365?

Overview

This article explains how sensitive data is labeled in Microsoft 365 and provides guidance on how clients can apply sensitivity labels to emails, documents, and other content within Microsoft applications to help protect privacy and data.

Table of Contents

Microsoft 365 Sensitivity Labels

UIC currently uses the following sensitivity labels within Microsoft 365:

  • Public Information approved for public sharing. No protection is applied. 
  • Internal Non-public UIC business information intended for UIC students, faculty, and staff use only.
  • Confidential Sensitive or restricted information requiring additional protection.

More details and examples can be reviewed at the Data Classifications web page.

If you are unsure which label to use, select Internal or Confidential and contact IT for guidance.

Where You Will See Sensitivity Labels

Sensitivity labels are available in:

  • Outlook (email)
  • Word
  • Excel
  • PowerPoint
  • SharePoint

Labels can be applied when creating or editing content.

How to Apply a Sensitivity Label

In Outlook (Email)

  1. Create a new email
  2. Select Sensitivity from the message toolbar
  3. Choose Public, Internal, or Confidential

    Sensitivity Label menu circled in red with an arrow pointing to draw attention to it
     
  4. Send the email

In Word, Excel, or PowerPoint

  1. Open the document
  2. Select Sensitivity in the toolbar

    Microsoft bar with Sensitivity button circled in red
     
  3. Select the appropriate label

    Sensitivity labels drop down menu with Public, Internal and Confidential
     
  4. Save the file

Automatic Encryption of Emails

UIC has enabled automatic encryption for certain emails when sensitive information is detected.

What This Means

  • Emails containing Internal/Confidential data (such as personal, academic, or financial information) may be automatically encrypted
  • Encryption may occur even if a sensitivity label is not manually selected
  • Recipients may be required to verify their identity before accessing the email

Examples of Information That May Trigger Encryption

  • Student records or identifiers
  • Financial or payroll information
  • Sensitive personal data
  • Regulated or restricted university data

This protection helps prevent accidental disclosure and ensures that data is accessible only to authorized recipients.

What Happens When a Label Is Applied?

Depending on the label:

  • Emails or documents may be encrypted, meaning that only the intended recipient will be able to open and read the message and its attachments
  • External sharing may be limited or restricted
  • Content may require authentication to open
  • Protections remain in place even if the file is forwarded or downloaded

Best Practices for UIC Faculty and Staff

  • Apply a sensitivity label before sharing content
  • Use Confidential for sensitive or restricted information
  • Do not remove labels to bypass security restrictions
  • When in doubt, choose the more restrictive label

Frequently Asked Questions

Can I share labeled content externally?

It depends on the label and recipient. Confidential content may restrict or block external access.

Why was my email automatically encrypted?

Microsoft 365 detected sensitive information and applied encryption to protect the content.

Will recipients outside UIC be able to open encrypted emails?

Yes, but they may need to verify their identity or use a one-time passcode.

Where To Get Support

If you have questions or encounter issues related to sensitivity labels, please reach out to the Technology Solutions Service Desk at it.uic.edu/service-desk.

Print Article