When you receive an email with an applied sensitivity label, you can see the name of the applied label and a label icon marked in red. You can also see the header and footer text if the label has the settings for it. The header and footer text that appears in the email body is according to the label settings in Azure.

Based on the settings of the label, sender can restrict you to perform actions such as Reply, Reply all, or Forward on the received email.

When you tap the label name, you can view the additional label details such as name, permissions, and restrictions applied on the received email. If the sender gives you the permission, you can also change the label of the received email. Sometimes you are asked to provide a valid reason for changing the label. The policy setting in Azure controls such requests.

You cannot access sensitivity labels in the cases where:

  • Your admin has enabled the PolicySensitivityLabelsEmailClassification key in the Workspace ONE UEM console, but has not configured the sensitivity labels in Azure.
  • The Boxer application fails to connect to the Azure server.

Combination of IRM templates and Sensitivity labels:

  • When you receive an email with an already applied IRM template, then a default sensitivity label configured by the Azure admin is applied to that email. You can also apply the labels manually.
  • If you receive an email with an applied sensitivity label, you can use a different sensitivity label if you are allowed to do so.

Combination of S/MIME and Sensitivity labels:

  • When you receive a signed or encrypted email and you apply a sensitivity label to it, the signing or encryption level of protection is removed from that email.
  • If you receive an email with an already applied sensitivity label, the label is removed automatically when you sign or encrypt that email.