Office 365 Sensitivity Labels at UQ
Sensitivity labels are labels assigned to a UQ Microsoft 365 document or email to indicate its information security classification.
Depending on the label applied, additional controls to protect the information (e.g. encryption, restriction on access/sharing) may be automatically applied.
Sensitivity labels are an important tool that staff can use to protect and manage access to UQ’s information, particularly information that is confidential or requires access restrictions.
Please note: UQ is applying minor changes to its sensitivity labels as part of updates to the Information Security Classification Procedure.
- OFFICIAL-PUBLIC becomes PUBLIC
- OFFICIAL-INTERNAL becomes OFFICIAL (this is the default sensitivity label classification).
These changes will be applied to UQ’s sensitivity labels on Friday 1 March. Once the sensitivity label names are updated, any files and documents previously classified as Official-Public and Official-Internal will carry the updated label names. There will be no change to the functionality of sensitivity labels, or the controls applied for each classification.
How to use sensitivity labels
Assigning a label
Once sensitivity labels are enabled for you, every time you create a Microsoft 365 document or email, a label will be applied.
At UQ, the default information security classification is OFFICIAL. Therefore, the OFFICIAL label will be applied by default. If the information contained within the document or email is not classified as OFFICIAL, you will need to assign a different label.
What labels can I apply?
There are five labels, and each corresponds to a UQ information security classification, as defined in the Information Security Classification Procedure. View the information security classification page for more guidance and examples.
Label | When to use | Examples |
---|---|---|
UNOFFICIAL | Use this for information, files and emails that are not related to UQ work or study. |
|
PUBLIC | Use if the information is authorised for public access. *Note that this information does not necessarily have to be made available in the public domain. |
|
OFFICIAL | Use this for information that would be unlikely to cause harm to UQ, another organisation or an individual if released publicly. |
|
SENSITIVE | Use this for information that if breached owing to accidental or malicious activity could reasonably be expected to cause harm to UQ, another organisation or an individual if released publicly. Access should be authorised based on strict academic, research or business need. |
|
PROTECTED | Use this for information that if breached owing to accidental or malicious activity could reasonably be expected to cause serious harm to UQ, another organisation or an individual if released publicly. Access should be authorised based on very strict academic, research or business need. |
|
To read more examples of when and when not to use each Sensitivity Label, click here
How to assign a label
OnceSensitivity Labels are enabled for you, you should see a 'Sensitivity' tool in the top ribbon of Word, Excel, PowerPoint and Outlook.
Demonstration video
This explanatory video guides you through using O365 Sensitivity Labels, on documents and emails.
What does each label do?
The below table outlines what each label does when you apply it to a document or email in Outlook.
Label | Word, Excel and PowerPoint | Outlook (Email) |
---|---|---|
UNOFFICIAL | These labels simply add a persistent metadata label to the document. This helps to increase data literacy and awareness, and should prompt users to become more conscious in their decision-making when storing and sharing emails and files. | These labels simply add a persistent metadata label to the email. This helps to increase data literacy and awareness, and should prompt users to become more conscious in their decision making when storing and sharing emails and files. |
PUBLIC | ||
OFFICIAL | ||
SENSITIVE | SENSITIVE and PROTECTED have additional controls, to help protect against unauthorised access, compromise or accidental breaches:
| SENSITIVE and PROTECTED have additional controls, to help protect against unauthorised access, compromise or accidental breaches:
|
PROTECTED |
User experience
The below table outlines the user experience for each label.
Label | Word, Excel and PowerPoint | Outlook (Email) |
---|---|---|
UNOFFICIAL | Access to this document, if shared or saved in a shared location, will not be impacted. Users will not notice any change, however if they have Office 365 Sensitivity Labels enabled they will be able to see what label has been set under the 'Sensitivity' tool. | If the recipient of the email has UQ's Office 365 Sensitivity Labels enabled: the label will display next to the email subject line. If they mouse over the label, a description of the label will appear. If the recipient of the email does not have UQ's Office 365 Sensitivity Labels enabled: they will not notice any change. |
PUBLIC | ||
OFFICIAL | ||
SENSITIVE | The document will be automatically encrypted. A header and footer will be displayed, clearly denoting the content's Information Security Classification and handling instructions. The document owner controls viewing, editing and sharing permissions. Another user will only be able to open this document if it has been shared with them by the document owner. Whether they can only view, edit, or have full access to the document, will depend on the permissions the owner has set. | The email will be automatically encrypted. If the recipient is using Outlook, they will see an icon (a lock icon or a red dot, depending on their Outlook version) next to the email preview, indicating that the content is confidential. The content of your email will not preview in the recipient's inbox (they will have to open the email to read it). If the recipient does not use Outlook with an Microsoft-provisioned email address, they will be directed to a safe and protected gateway to view the email.
Within the email body, a header and footer will be displayed clearly denoting the content's Information Security Classification and handling instructions. |
PROTECTED |
Frequently asked questions (FAQs)
Here are our answers to common questions about sensitivity labels:
Using Office 365 Sensitivity Labels
Do I have to use Office 365 Sensitivity Labels?
Which Office 365 Sensitivity Label should I use for my document or email?
How do I set or change sharing permissions for a SENSITIVE or PROTECTED document?
Why do I have to add I justification when I downgrade a label?
Troubleshooting
Why can't I see SENSITIVE or PROTECTED labels in Word, Excel or PowerPoint?
The Office 365 Sensitivity Label button isn't showing in my Office apps. What should I do?
I'm having issues with sensitivity labels using Office on my personal computer. What should I do?
How do I turn off Office 365 Sensitivity Labels from my personal Office account?
Do SENSITIVE and PROTECTED documents allow auto-save?
Do SENSITIVE and PROTECTED documents allow shared editing?
Why is a read-only file not saving an Office 365 sensitivity label?
Technical considerations
What is the Azure Information Protection (AIP) Client and how do I install it?
Do Office 365 Sensitivity Labels work if I am using the Mac or iOS ‘Mail' application?
Do Office 365 Sensitivity Labels work on Linux?
Can I use Office 365 Sensitivity Labels with shared mailboxes?
How do I use Office 365 sensitivity labels if I'm a student and a staff member?
What do I do with Office 365 sensitivity labels if I have old documents pinned in Microsoft Teams?