1. Home
  2. Training Library
  3. Microsoft 365
  4. Microsoft 365 Courses
  5. Intro to Sensitivity Labels in Microsoft 365

Classifying and Protecting Data with Sensitivity Labels

Start course

This course introduces you to sensitivity labels in Microsoft 365, and you’ll learn what they are and what functions they perform. We’ll then look at the steps you need to take to define sensitivity labels. Finally, we'll take a look at classifying and protecting data with sensitivity labels.

Learning Objectives

By the time you finish this course, you should have a good understanding of what sensitivity labels are and what role they play in Microsoft 365.

Intended Audience

This course is intended for anyone who wishes to learn what sensitivity labels are and how to classify and protect data with them in Microsoft 365.


To get the most out of this course, you should already have a basic understanding of Microsoft 365.


Welcome back. To classify and protect data with sensitivity labels, you assign different labels to your data. We’ve already touched on this. Once you’ve gone ahead and labeled your data, you can protect that data.

While protection is usually viewed through the prism of encryption, there are several other ways that labels can protect data. For example, you can use labels to control who can access your data and what can be done with it. You can also enforce different types of authentication, depending on how your data is protected. 

Sensitivity labels allow you to configure specific usage rights and restrictions on data. For example, you can use labels to ensure that only internal users can open confidential documents and emails. You can use labels to ensure that only users within the HR department can edit or print certain HR-related documents or emails while allowing all other users in the organization to only read such documents or emails.

Sensitivity labels also allow you to prevent users from forwarding certain emails or copying information from classified documents.

Organizations will also often use sensitivity labels to prevent users from opening confidential documents all together, while still allowing them to send those docs to people who need to work with them.

The most common usage rights include Viewer, Reviewer, Co-Author, and Co-Owner.

Assigning the Viewer usage right provides the user with View, Reply, and Reply All usage rights.

Reviewer provides View, Edit, Reply, Reply All, and Forward usage rights.

When you assign a user Co-Author rights, you are providing that user with View, Edit, Copy, Print, Reply, Reply All, and Forward rights.

Of course, Co-Owner provides All Rights.

You can also assign Custom usage rights to users, via labels. When you do this, you can assign many different rights individually. The table on your screen shows the different rights available when assigning custom usage rights.

Ultimately, what you want to do, is talk to your end-users BEFORE you define labels in your organization. You want to do this, so you know what protection makes the most sense, given how those users actually use the data you wish to protect. 


About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.