This post is a part of the AB-900: Microsoft 365 Copilot and Agent Administration Fundamentals Exam Prep Hub.
This topic falls under these sections:
Understand data protection and governance tasks for Microsoft 365 and Copilot (35–40%)
--> Understand Microsoft Purview
--> Identify the use cases for sensitivity labels in Microsoft Purview
Note that there are 10 practice questions (with answers) at the end of each section to help you solidify your knowledge of the material. Also, there are 4 practice tests with 30 questions each available from the hub's main page below the exam topics section.
Introduction to Microsoft Purview Sensitivity Labels
Microsoft Purview Sensitivity Labels are classification and protection mechanisms that help organizations secure sensitive information across Microsoft 365. Labels enable organizations to identify important data and apply protections automatically or manually.
Sensitivity labels are part of Microsoft Purview Information Protection and support the principles of:
- Data classification
- Data protection
- Compliance
- Governance
- Secure collaboration
- AI readiness for Microsoft 365 Copilot
Instead of securing locations only, sensitivity labels secure the data itself, allowing protections to remain with content wherever it travels.
Why Sensitivity Labels Matter
Organizations often handle information with varying levels of confidentiality:
- Public documents
- Internal business data
- Financial records
- Human resources information
- Customer data
- Intellectual property
- Legal documents
Sensitivity labels provide a consistent method for:
- Identifying content sensitivity
- Applying encryption
- Restricting access
- Adding visual markings
- Preventing accidental exposure
- Supporting compliance requirements
How Sensitivity Labels Work
A sensitivity label can be applied to:
- Documents
- Emails
- Microsoft Teams
- Microsoft 365 Groups
- SharePoint sites
- OneDrive content
Labels can be:
Manually applied
Users choose the appropriate label.
Automatically applied
Microsoft Purview detects sensitive information and assigns labels automatically.
Recommended
Users receive suggestions to apply a label.
Common Label Hierarchies
Organizations frequently create labels such as:
| Label | Intended Audience |
|---|---|
| Public | Anyone |
| General | Employees |
| Internal | Internal users only |
| Confidential | Specific departments |
| Highly Confidential | Restricted users |
Labels are customizable and vary by organization.
Core Protection Capabilities
A sensitivity label may configure:
Encryption
Controls who can open content and what actions they can perform.
Examples:
- View only
- Edit allowed
- Print blocked
- Copy restricted
Content Markings
Visual indicators help users recognize sensitivity.
Examples:
- Headers
- Footers
- Watermarks
Access Restrictions
Limits content access to:
- Individuals
- Groups
- Departments
- External users
Expiration Settings
Content access can expire after a specified period.
Major Use Cases for Sensitivity Labels
1. Protecting Confidential Documents
Organizations can label:
- Financial statements
- Contracts
- Product designs
- Strategic plans
Example:
A “Highly Confidential” label encrypts a document and restricts access to executives only.
2. Protecting Email Messages
Labels can secure email communication.
Example:
An HR manager sends salary information using a “Confidential – HR” label that:
- Encrypts the email
- Restricts forwarding
- Prevents printing
3. Supporting Microsoft 365 Copilot
Copilot respects existing permissions and sensitivity labels.
If a document is labeled:
- Confidential
- Highly Confidential
- Executive Only
Copilot only uses content that the user already has permission to access.
Sensitivity labels therefore help organizations prepare data safely for AI experiences.
4. Securing External Collaboration
Organizations can share files externally while maintaining protection.
Example:
A company sends a proposal to a partner:
- External recipients can read it.
- Forwarding is blocked.
- Printing is disabled.
Protection travels with the document.
5. Meeting Regulatory Compliance Requirements
Sensitivity labels help support:
- GDPR
- HIPAA
- Financial regulations
- Privacy laws
- Industry-specific requirements
Organizations can demonstrate that sensitive information receives appropriate protection.
6. Preventing Accidental Data Exposure
Users sometimes unintentionally send sensitive information.
Labels provide:
- Classification awareness
- Visual reminders
- Automated protection
Example:
A user sending customer data receives an automatic recommendation to apply a Confidential label.
7. Protecting Intellectual Property
Engineering designs, research documents, and proprietary information can be restricted.
Example:
Only members of the Research department can access files labeled “R&D Confidential.”
8. Applying Visual Classification
Headers, footers, and watermarks immediately show sensitivity.
Examples:
- INTERNAL USE ONLY
- CONFIDENTIAL
- HIGHLY CONFIDENTIAL
These markings help employees recognize handling requirements.
9. Labeling Containers
Sensitivity labels can be applied to:
- Microsoft Teams
- Microsoft 365 Groups
- SharePoint sites
Container labels can control:
- Guest access
- Privacy settings
- External sharing
- Unmanaged device access
Example:
A Team labeled “Confidential Project” automatically disables guest access.
10. Supporting Data Loss Prevention (DLP)
Sensitivity labels integrate with Microsoft Purview DLP.
Example:
A DLP policy may block external sharing of content labeled “Highly Confidential.”
Labels and DLP together provide layered protection.
Manual vs Automatic Labeling
| Method | Description |
|---|---|
| Manual labeling | User chooses the label |
| Recommended labeling | System suggests labels |
| Automatic labeling | Purview assigns labels automatically |
Automatic labeling reduces reliance on users and improves consistency.
Supported Workloads
Sensitivity labels work across:
- Microsoft Word
- Excel
- PowerPoint
- Outlook
- Teams
- SharePoint Online
- OneDrive
- Microsoft 365 Groups
Relationship Between Sensitivity Labels and Retention Labels
These labels serve different purposes:
| Label Type | Purpose |
|---|---|
| Sensitivity label | Protect and classify data |
| Retention label | Govern how long data is kept |
Sensitivity labels answer:
“Who can access this?”
Retention labels answer:
“How long should we keep this?”
Benefits of Sensitivity Labels
Organizations gain:
- Stronger data protection
- Better compliance
- Secure AI adoption
- Reduced data leakage
- Improved collaboration
- Consistent classification
- User awareness of sensitive data
AB-900 Exam Tips
Remember these key points:
- Sensitivity labels protect the content itself, not just the storage location.
- Labels can apply encryption, markings, and access restrictions.
- Labels work across Microsoft 365 workloads.
- Microsoft 365 Copilot honors sensitivity labels and permissions.
- Labels can be manually or automatically applied.
- Sensitivity labels and retention labels serve different purposes.
- Labels integrate with DLP policies for additional protection.
Practice Exam Questions
Question 1
What is the primary purpose of Microsoft Purview sensitivity labels?
A. Monitor network traffic
B. Protect and classify data based on sensitivity
C. Manage software updates
D. Create backups
Answer: B
Explanation: Sensitivity labels classify information and apply protections such as encryption and access restrictions.
Question 2
Which Microsoft 365 service respects sensitivity labels when generating responses?
A. Microsoft DHCP
B. Windows Update
C. Hyper-V
D. Microsoft 365 Copilot
Answer: D
Explanation: Copilot honors both user permissions and sensitivity labels.
Question 3
Which capability can sensitivity labels provide?
A. Device firmware updates
B. Password resets
C. Encryption and access control
D. Network routing
Answer: C
Explanation: Labels can encrypt content and define who can access it.
Question 4
A company wants documents to display “CONFIDENTIAL” across every page. Which sensitivity label feature supports this?
A. Authentication logs
B. Retention policies
C. Device compliance
D. Watermarks and content markings
Answer: D
Explanation: Labels can add headers, footers, and watermarks.
Question 5
What type of information is commonly protected with sensitivity labels?
A. Product designs and financial reports
B. Printer drivers only
C. Operating system files only
D. DNS records
Answer: A
Explanation: Sensitive business information is a common use case.
Question 6
Which statement about automatic labeling is correct?
A. Users must always choose labels manually.
B. Labels only work with Outlook.
C. Purview can automatically apply labels based on detected sensitive information.
D. Automatic labeling disables encryption.
Answer: C
Explanation: Purview can detect sensitive content and assign labels automatically.
Question 7
Which object can receive a sensitivity label?
A. Microsoft Teams
B. Documents
C. Emails
D. All of the above
Answer: D
Explanation: Labels support files, emails, Teams, groups, and SharePoint sites.
Question 8
How do sensitivity labels differ from retention labels?
A. They are identical.
B. Sensitivity labels protect data, while retention labels control how long data is kept.
C. Retention labels encrypt content.
D. Sensitivity labels manage software deployment.
Answer: B
Explanation: Protection and lifecycle management are separate functions.
Question 9
Which Microsoft Purview feature commonly works together with sensitivity labels to prevent data leakage?
A. Windows Firewall
B. Azure Virtual Machines
C. Data Loss Prevention (DLP)
D. Active Directory Sites and Services
Answer: C
Explanation: DLP policies can use sensitivity labels to enforce protection rules.
Question 10
Why are sensitivity labels important for Microsoft 365 Copilot adoption?
A. They increase processor speed.
B. They replace permissions.
C. They eliminate identity management.
D. They help ensure AI accesses data according to existing protections.
Answer: D
Explanation: Copilot follows permissions and sensitivity labels, helping organizations safely enable AI experiences.
Go to the AB-900 Exam Prep Hub main page
The Data Community 