Overview
Sensitivity labels are a result of implementing Azure Information Protection (sometimes referred to as AIP). By using sensitivity labels, an organization can categorize and protect its documents and emails. The sensitivity label is identifiable regardless of where the data is stored or with whom it’s shared. A sensitivity label typically includes a footer in the file, but could also include a header and watermark. It is not mandatory to apply a sensitivity label, but users are encouraged to categorize the type of information contained in the document or email.
Instructions
Microsoft Office displays sensitivity labels for Microsoft Word, Excel, and PowerPoint documents. An additional application is required to be loaded on the computer to select or change sensitivity labels. This application, the Azure Information Protection client, will be automatically loaded on College workstations. To use sensitivity labels on personal computers or mobile devices, you must download the client from the appropriate store: Microsoft store, Google Play, Apple Store.
The image below shows the sensitivity labels and protect icon for Microsoft Word. The default sensitivity label is General. You can select another label that is appropriate for the type of document that is being created or modified. If the possible sensitivity labels is not shown, the select the Sensitivity icon and the labels will be shown. To remove the label, re-select the label previously set, and it will return to a No Label status.
The figure below shows sensitivity label toolbar for emails. The sensitivity label on an email can be different than the sensitivity label on an attached file.
An additional feature is available to limit what the recipient can do with the email. Do Not Forward means the recipient can read the message, but cannot forward, print, or copy content. The conversation owner has full permission to their message and all replies. Do Not Forward can be found under message Options, as well as Encrypt-Only. There is a space at the end of the Subject line of the email where you can see what label is currently selected for the email. Selecting it will provide you with the same options you can see if you select Sensitivity from the Home ribbon.
Sensitivity Label Definitions:
Label Name
|
Label Description
|
Encryption
|
Document Footer
|
Instructional |
This sensitivity security label designates documents that are use for instructional purposes. The document is not encrypted. All users can use this sensitivity label. |
No
|
This document contains information that is used for instructional purposes.
|
General |
Business data that is not intended for public consumption. However, the document can be shared with external partners, as required. |
No
|
This document contains AACC information.
|
Confidential and Sensitive Information |
Use this sensitivity label if the document or email contains personally identifiable information like social security number, driver's license, full date of birth, or combination of information. This document or email will be encrypted. All users can use this sensitivity label. |
Yes
|
This document contains CONFIDENTIAL and SENSITIVE information. Distribution should be limited to college employees that have a need to see this information. Do not distribute this information outside of the college community.
|
FERPA |
This sensitivity level is used if the family Educational Rights and Privacy Act governs the release of information. The document or email will be encrypted. All users can use this sensitivity label. |
Yes
|
This document contains information that is controlled by FERPA. Dissemination of this document must be in compliance with FERPA requirements.
|
Financial - General |
Use this sensitivity label if the document or email contains financial data, either for a person or for the college. The document or email will be encrypted. All users can use this sensitivity label |
YEs
|
This document contains financial information. Distribution of this document should be limited.
|
Sensitivity Label Frequently Asked Questions (FAQ)
What are sensitivity labels?
With sensitivity labels, you can classify and protect sensitive content, while making sure that productivity and collaboration isn’t hindered. The default sensitivity labels are: Instructional, General, Confidential: Confidential and Sensitive; FERPA; Financial – General. A new sensitivity label can be created by submitting a service request into the Technical Service Desk (l), a sensitivity label can be for a specific department or group of people and include: encryption, document marking (header, footer, watermark).
Do I have to select a sensitivity label?
It is not mandatory to use sensitivity labels, at this time. Using sensitivity labels may become mandatory in the future.
Why don't I have the sensitivity label toolbar?
The Azure Information Protection (AIP) client is installed on the college computer which places the sensitivity label toolbar on only particular Microsoft applications – Outlook, Word, Excel, PowerPoint. Other applications do not display the sensitivity label toolbar. The online versions of Outlook, Word, Excel, and PowerPoint do not include the sensitivity labels. For personal computers, tablets, and smartphones, download the AIP client from an application store.
How do I get the Azure Information Protection client?
College faculty and staff workstations have the client installed automatically. For college computers, request the client from the Technical Service Desk (x4357)
For personal computers, any Application Store will have the client for smartphones and tablets. Look for the AIP client. The Windows store has the client for Windows 10 computers. The client is a free download. The installation requires administrator privileges.
Why can't I open a file or email?
The file may be encrypted. Designated sensitivity labels encrypt files and emails automatically to protect the information. You must have access to Office 365 to validate you have privileges to decrypt the file or email. You must also be using the Office 365 username and password to decrypt the file.
Select the View email button in the original email.
There may be an attachment to the email that is similar to:
This attachment cannot be viewed.
What username and password do I use to access an encrypted file or email?
Encrypted files and email use Office 365 username and password to decrypt the file or email. If you have received an encrypted email from an AACC email account to another email system, you will be asked for your username and password to decrypt the email. This is true if you send email from your AACC account to your personal email system. The Azure Information Client assists with the process.
If I choose a sensitivity label that encrypts the email, will the attachment also be encrypted?
No, the attachment will be encrypted along with the email during transmission, but once the email is decrypted, the attachment will be an unencrypted file.
Does the sensitivity label of an email have to match the sensitivity label on the attachment?
No, the body of the email may have information that requires a different sensitivity label. It recommended that if an attachment has a confidential sensitivity label, then the email should also have a confidential sensitivity label.
Troubleshooting
Still have questions? Contact the Technical Service Desk or complete a Service Offering on the Microsoft 360 service page.