Office 365 Sensitivity Labels at UQ
Office 365 Sensitivity Labels are persistent labels assigned to an Office 365 document or email, that indicate its information security classification.
Additional controls to protect the information (e.g. encryption, restriction on access/sharing) are also applied to some labels. This helps protect information and enables better clarity over the confidentiality of documents.
Why are we using Office 365 Sensitivity Labels at UQ?
Data security is an ongoing concern at both UQ and other institutions around the world, particularly as threats of phishing and other scams and hacking attempts become more complex. As UQ staff handle confidential information in a variety of respects - including personal information regarding students, and research data - it is vital we continually work to prevent this, protecting the confidentiality of the information and the integrity of the University. This is something that Office 365 Sensitivity Labels can help achieve.
How to use Office 365 Sensitivity Labels
Assigning a label
Once Office 365 Sensitivity Labels are enabled for you, every time you create an Office 365 document or email, a label will be applied.
At UQ, the default information security classification is OFFICIAL - INTERNAL. Therefore, this label will be applied by default. If this is incorrect for the information you are dealing with, you will need to assign a label.
What labels are there?
Label | When to use | Examples |
---|---|---|
UNOFFICIAL | Use this for information, files and emails that are non-work related. |
|
OFFICIAL - PUBLIC | Use if the information is authorised for public access. *Note that this information does not necessarily have to be made available in the public domain. |
|
OFFICIAL - INTERNAL | Use this for information that would be unlikely to cause harm to UQ, another organisation or an individual if released publicly. |
|
SENSITIVE | Use this for information that if breached owing to accidental or malicious activity could reasonably be expected to cause harm to UQ, another organisation or an individual if released publicly. Access should be authorised based on strict academic, research or business need. |
|
PROTECTED | Use this for information that if breached owing to accidental or malicious activity could reasonably be expected to cause serious harm to UQ, another organisation or an individual if released publicly. Access should be authorised based on very strict academic, research or business need. |
|
You can also use the 'Which Information Security Classification should you apply?' decision tree to help determine what label is appropriate.
To read more examples of when and when not to use each Sensitivity Label, click here
How to assign a label
Once Office 365 Sensitivity Labels are enabled for you, you should see a 'Sensitivity' tool in the top ribbon of Word, Excel, PowerPoint and Outlook.


Demonstration video
This explanatory video guides you through using O365 Sensitivity Labels, on documents and emails.
What does each label do?
The below table outlines what each label does when you apply it to a document or email in Outlook.
Label | Word, Excel and PowerPoint | Outlook (Email) |
---|---|---|
UNOFFICIAL | These labels simply add a persistent metadata label to the document. This helps to increase data literacy and awareness, and should prompt users to become more conscious in their decision making when storing and sharing emails and files. | These labels simply add a persistent metadata label to the email. This helps to increase data literacy and awareness, and should prompt users to become more conscious in their decision making when storing and sharing emails and files. |
OFFICIAL - PUBLIC | ||
OFFICIAL - INTERNAL | ||
SENSITIVE | SENSITIVE and PROTECTED have additional controls, to help protect against unauthorised access, compromise or accidental breaches:
| SENSITIVE and PROTECTED have additional controls, to help protect against unauthorised access, compromise or accidental breaches:
|
PROTECTED |
User experience
The below table outlines the user experience for each label.
Label | Word, Excel and PowerPoint | Outlook (Email) |
---|---|---|
UNOFFICIAL | Access to this document, if shared or saved in a shared location, will not be impacted. Users will not notice any change, however if they have Office 365 Sensitivity Labels enabled they will be able to see what label has been set under the 'Sensitivity' tool. | If the recipient of the email has UQ's Office 365 Sensitivity Labels enabled: the label will display next to the email subject line. If they mouse over the label, a description of the label will appear. If the recipient of the email does not have UQ's Office 365 Sensitivity Labels enabled: they will not notice any change. |
OFFICIAL - PUBLIC | ||
OFFICIAL - INTERNAL | ||
SENSITIVE | The document will be automatically encrypted. A header and footer will be displayed, clearly denoting the content's Information Security Classification and handling instructions. The document owner controls viewing, editing and sharing permissions. Another user will only be able to open this document if it has been shared with them by the document owner. Whether they can only view, edit, or have full access to the document, will depend on the permissions the owner has set. | The email will be automatically encrypted. If the recipient is using Outlook, they will see an icon (a lock icon or a red dot, depending on their Outlook version) next to the email preview, indicating that the content is confidential. The content of your email will not preview in the recipient's inbox (they will have to open the email to read it). If the recipient does not use Outlook with an Microsoft-provisioned email address, they will be directed to a safe and protected gateway to view the email.
Within the email body, a header and footer will be displayed clearly denoting the content's Information Security Classification and handling instructions. |
PROTECTED |
Frequently asked questions (FAQs)
Here are our answers to common questions about Office 365 Sensitivity Labels:
Using Office 365 Sensitivity Labels
Do I have to use Office 365 Sensitivity Labels?
Which Office 365 Sensitivity Label should I use for my document or email?
How do I set or change sharing permissions for a SENSITIVE or PROTECTED document?
Why do I have to add I justification when I downgrade a label?
Troubleshooting
Why can't I see SENSITIVE or PROTECTED labels in Word, Excel or PowerPoint?
The Office 365 Sensitivity Label button isn't showing in my Office apps. What should I do?
I'm having issues with sensitivity labels using Office on my personal computer. What should I do?
How do I turn off Office 365 Sensitivity Labels from my personal Office account?
Do SENSITIVE and PROTECTED documents allow auto-save?
Do SENSITIVE and PROTECTED documents allow shared editing?
Why is a read-only file not saving an Office 365 sensitivity label?
Technical considerations
What is the Azure Information Protection (AIP) Client and how do I install it?
Do Office 365 Sensitivity Labels work if I am using the Mac or iOS ‘Mail' application?
Do Office 365 Sensitivity Labels work on Linux?
Can I use Office 365 Sensitivity Labels with shared mailboxes?
How do I use Office 365 sensitivity labels if I'm a student and a staff member?
What do I do with Office 365 sensitivity labels if I have old documents pinned in Microsoft Teams?