← Back to Blog

Sensitivity Labels for Microsoft Copilot: Setup Guide for IT Admins

E2E Agentic Bridge·February 27, 2026

Sensitivity labels are the single most underutilized security control in Microsoft 365. According to Microsoft's own data from Ignite 2025, fewer than 23% of M365 E5 customers have deployed sensitivity labels beyond a basic pilot. And yet, with Copilot now indexing everything users can access, labels are your most direct mechanism for controlling what AI can do with your data.

Here's the thing: Copilot respects sensitivity labels. If a document is labeled "Highly Confidential" with encryption, Copilot can't summarize it for users who don't have decryption rights. If a label restricts copying, Copilot won't paste that content into a Teams message. Labels are the guardrails that actually work.

But only if you configure them properly.

Understanding How Copilot Interacts With Labels

Copilot checks sensitivity labels at the point of content retrieval. When a user prompts Copilot and it finds a labeled document, the following happens:

  1. Copilot checks the user's rights against the label's protection settings (encryption, access restrictions)
  2. If the user has read access, Copilot can include the content in its response
  3. If the label includes content markings (headers, footers, watermarks), Copilot inherits awareness of the classification level
  4. If the label includes encryption with restricted access, users without decryption rights see nothing from that document

The critical gap: labels without encryption don't prevent Copilot from surfacing content. A "Confidential" label with no protection settings applied is just a visual tag — Copilot treats the underlying document like any other accessible file.

This means your label taxonomy needs to map directly to protection actions, not just classification categories. A label that says "Confidential" but does nothing is worse than no label at all — it gives a false sense of security.

Step 1: Design Your Label Taxonomy

Most organizations overthink this. You don't need 15 labels with nested sub-labels. You need a taxonomy that's simple enough for users to apply correctly and structured enough to drive meaningful protection.

Recommended Four-Tier Taxonomy

Public — Content explicitly approved for external distribution. No restrictions. Marketing materials, published blog posts, press releases.

General (Internal) — Default label for everyday business content. No encryption, but content marked as internal. Meeting notes, project updates, internal announcements.

Confidential — Business-sensitive content that could cause harm if exposed. Encryption enabled, access restricted to internal users plus authorized guests. Financial reports, client proposals, strategic plans.

Highly Confidential — Content whose exposure could cause severe business damage. Strong encryption, access restricted to named individuals or specific security groups. Board materials, M&A documents, legal investigations, HR disciplinary records.

Sub-Labels for Granular Control

Within "Confidential" and "Highly Confidential," add sub-labels for different audiences:

  • Confidential \ All Employees — Encrypted, accessible to all internal users
  • Confidential \ Specific People — Encrypted, user must specify recipients
  • Highly Confidential \ Leadership Only — Encrypted, restricted to an executive security group
  • Highly Confidential \ Project [Name] — Encrypted, restricted to a project-specific group

Keep the total count under 10. Every additional label increases decision fatigue and reduces adoption.

Step 2: Configure Label Protection Settings

This is where most deployments fail. Labels without protection settings are classification theater.

Encryption Settings

For Confidential and Highly Confidential labels, enable Azure Rights Management encryption:

  1. In the Microsoft Purview compliance portal, navigate to Information Protection > Labels
  2. Select the label and click Edit
  3. Under Encryption, select Apply
  4. Configure access:
    • Assign permissions now: For labels with pre-defined audiences (e.g., "All Employees")
    • Let users assign permissions: For labels where the creator specifies who can access (e.g., "Specific People")

For "Assign permissions now," add the appropriate security groups and set permission levels:

  • Co-Owner: Full control (use sparingly, typically only for label admins)
  • Co-Author: Edit, save, but cannot change permissions
  • Reviewer: Read and edit, but cannot save changes
  • Viewer: Read-only

Content Marking

Enable visual markings for all labels above "Public":

  • Header: "Classification: [Label Name]" — appears on all documents
  • Footer: "This document is classified as [Label Name]. Handle according to data handling policy."
  • Watermark (Highly Confidential only): "HIGHLY CONFIDENTIAL" diagonally across the page

These markings persist in printed copies and screenshots — areas where Copilot's controls don't reach.

Access Expiration

For project-specific sub-labels, set access expiration dates. When the project ends, encrypted documents become inaccessible without re-authorization. This prevents Copilot from surfacing stale confidential content from completed projects.

Step 3: Deploy Default and Mandatory Labeling

The biggest sensitivity label failure mode is optional adoption. If labeling is optional, most users won't bother. Microsoft reports that in tenants with optional labeling, fewer than 15% of documents receive labels. With mandatory labeling, that jumps to 95%+.

Default Label Policy

Set "General (Internal)" as the default label for all new documents created in Office apps. This ensures every document starts with at least a baseline classification:

  1. In Purview, go to Information Protection > Label policies
  2. Create or edit a policy
  3. Under Default label, select "General (Internal)" for documents and emails
  4. Apply to all users

Mandatory Labeling

Enable mandatory labeling to prevent users from saving or sending content without a label:

  1. In the same label policy, enable Require users to apply a label to their email and documents
  2. This blocks save/send actions until a label is selected

Users will push back. They'll say it slows them down. It does — by about 3 seconds per document. That's the price of data governance, and it's worth paying before Copilot turns your unlabeled content into an all-you-can-eat data buffet.

Step 4: Implement Auto-Labeling

Manual labeling catches new content. Auto-labeling catches the mountain of existing content that was never labeled. Both are essential.

Client-Side Auto-Labeling

Configure sensitivity labels to automatically apply when Office apps detect specific content patterns:

  • Credit card numbers → Confidential \ All Employees
  • Social Security numbers → Highly Confidential \ HR Only
  • Source code patterns → Confidential \ Engineering

Client-side auto-labeling shows users a recommendation banner. They can accept or override. This is gentler than service-side auto-labeling and works well for new content.

Service-Side Auto-Labeling

For existing content at rest in SharePoint and OneDrive, create auto-labeling policies in Purview:

  1. Go to Information Protection > Auto-labeling
  2. Create a policy targeting SharePoint sites and OneDrive accounts
  3. Define conditions using sensitive information types or trainable classifiers
  4. Set the label to apply when conditions match
  5. Run in simulation mode first — review matched items before applying labels

Service-side auto-labeling runs asynchronously and can process millions of documents. Start with your highest-risk content identified during your SharePoint permissions audit.

Trainable Classifiers

For content types that don't match pattern-based rules (legal contracts, financial statements, strategic plans), use Microsoft's trainable classifiers:

  • Pre-built classifiers: Microsoft provides classifiers for resumes, source code, financial statements, and more
  • Custom classifiers: Train on your own content samples — provide 50-500 positive examples and the classifier learns your organization's document patterns

Trainable classifiers are particularly effective for catching sensitive content that standard sensitive information types miss. A financial forecast doesn't contain credit card numbers, but a well-trained classifier can identify it by structure and terminology.

Step 5: Label-Aware DLP Policies

Sensitivity labels become even more powerful when paired with Data Loss Prevention policies. After the Copilot DLP bug in February 2026, robust DLP configuration is non-negotiable.

Create DLP policies that use label conditions:

  • Block external sharing of documents labeled "Confidential" or higher
  • Require justification for sharing "Confidential" content with guests
  • Block entirely any sharing of "Highly Confidential" content outside designated security groups
  • Alert on bulk access — if a user accesses more than 10 "Highly Confidential" documents in an hour, trigger an alert

These policies work alongside Copilot's label-aware behavior to create defense in depth. Even if Copilot respects the label, a DLP policy catches the user who tries to copy Copilot's response into an email to an external recipient.

Step 6: Monitor and Iterate

Label Analytics

Use the Purview Activity Explorer to track label usage:

  • Which labels are being applied most frequently
  • Which labels are being downgraded (Confidential → General)
  • Which users or departments have the lowest labeling rates
  • Where auto-labeling is triggering most often

Copilot-Specific Monitoring

Monitor Copilot interactions involving labeled content through Purview Audit:

  • Search for CopilotInteraction events where labeled content was accessed
  • Track patterns of Copilot surfacing Confidential or Highly Confidential content
  • Identify users whose Copilot usage patterns suggest overly broad access

Quarterly Label Review

Schedule quarterly reviews of your label taxonomy:

  • Are users applying the right labels? (Check downgrade/upgrade patterns)
  • Are auto-labeling policies generating too many false positives?
  • Do new content types need new labels or sub-labels?
  • Are protection settings still aligned with business requirements?

Common Pitfalls

Labels without encryption: A "Confidential" label that doesn't encrypt is a sticker, not a security control. Copilot ignores stickers.

Too many labels: More than 8-10 labels creates decision paralysis. Users pick randomly or pick the lowest classification. Keep it simple.

Skipping simulation mode: Auto-labeling without simulation will mislabel thousands of documents. Always simulate first, review the results, tune the rules, then deploy.

Forgetting email: Labels apply to emails too. An encrypted email labeled "Highly Confidential" can't be summarized by Copilot for unauthorized recipients. Don't focus only on documents.

Not training users: Even mandatory labeling fails if users don't understand the taxonomy. Run a 15-minute training session explaining what each label means and when to use it. Repeat quarterly.

The ROI of Getting This Right

Organizations with mature sensitivity label deployments report 73% fewer data exposure incidents related to Copilot (Microsoft Digital Defense Report, 2025). Labels are the one control that works with Copilot rather than trying to work around it.

The investment is real: taxonomy design, policy configuration, auto-labeling tuning, user training. Plan for 4-6 weeks of focused effort for a mid-size organization. But the alternative — deploying Copilot without labels — is like deploying a search engine that can find everything and telling users to just be careful.

They won't be careful. Copilot won't be careful for them. Labels are how you make "careful" the default.

Take Action Now

Don't wait for a security incident to assess your Copilot readiness. Run a free CopilotScan assessment → and get your readiness report in under 5 minutes.