How sensitivity labels work in Microsoft 365?

Solutions
- By Need
  - Control Access
    Stop oversharing
  - Cost Optimization
    Reduce unnecessary storage and cut costs
  - External User Management
    Ensure external guests don’t retain access forever
  - Sprawl Prevention
    Prevent workspace sprawl
  - AI Readiness
    Prevent data leaks when employees use AI tools like Microsoft Copilot
  - Security Monitoring
    Track risky behavior and anomalies
  - Compliance and Audits
    Show governance and compliance in audits
- By Industry
Features
Pricing
Resources
- - Blog
    Technology and industry insights
  - Analyst reports
    What analysts think of Syskit
  - Documentation
    Product documentation
  - Webinars
    Videos from top Microsoft MVPs
  - eBooks
    In-depth guides
- - Governance handbook
    Master M365 governance and security
  - Syskit Point brochure
    Detailed product functionality
  - Product updates
    What's new!
  - Other products
    SPDockit and other products
  - Comparison table
    Compare Syskit Point with M365
- - Featured blog
    AI is only as safe as your Microsoft 365 governance
Customers
Company
- - About us
    Meet the brains behind the technology
  - Events
    Save the date for our events
  - Careers
    Join us and create innovative solutions
- - Contact us
    We're just a click away if you have questions
  - Become a partner
    Explore the realm of partnership opportunities
  - Find a partner
    Check out our full list of partners

Book a Demo

Try for free

When you apply a sensitivity label, you classify data and enable proactive protection settings and actions.

edit-sensitivity-label-1024x607

Sensitivity labels operate at two levels:

Workspace / container level:

Controls internal and external access to Teams, SharePoint sites, and M365 Groups.
Configures privacy settings and external sharing rules.
Applies Conditional Access settings, such as blocking access from unmanaged devices.
Defines whether private teams are discoverable in search results.

Files / meetings / emails level:

Applies encryption and content markings.
Restricts access to authorized users.
Enables custom headers, footers, and watermarks.
Auto-labels files and emails based on specified conditions.
Protects meetings and chats by enforcing label-based security.

Sensitivity_labels_example

Learn how to govern Microsoft 365 the right way

Discover how to prevent oversharing in Microsoft 365, control file access, and protect sensitive data with smart governance practices.

Start now