Sensitivity labeling and protection in Outlook for iOS and Android in Exchange Online

Summary: How to classify and/or protect messages when using Outlook for iOS and Android.

Protecting company or organizational data is extremely important. Outlook for iOS and Android supports two scenarios for classifying and/or protecting content:

  • Sensitivity labeling
  • Secure/Multipurpose Internet Mail Extension (S/MIME)

Sensitivity labeling and S/MIME in Outlook for iOS and Android are supported with Microsoft 365 or Office 365 accounts using the native Microsoft sync technology.

Understanding sensitivity labeling

Sensitivity labeling enables organizations to classify and protect sensitive content. For more information, see Learn about sensitivity labels.

From a classification perspective, a sensitivity label is applied to a message and is retained throughout the message's lifecycle (assuming the label is not removed). In addition, sensitivity labels can be configured to mark content by adding a header or footer to the message body.

Sensitivity labels can also be configured to protect messages with access restrictions or encryption. Access restrictions include ensuring only users within the organization can open the message, restricting editing rights, preventing forwarding, printing, or copying the contents of the message. Encryption provides at-rest encryption and ensures only authorized users can decrypt the message.

When a sensitivity label is configured with encryption, the encryption process depends on the client platform. With Outlook for iOS and Android, encryption occurs within Exchange Online transport after the message is sent from the sender, prior to recipient delivery. Encryption does not occur within the app. For more information, see Manage sensitivity labels in Office apps.

Likewise, Outlook for iOS and Android does not perform decryption of received messages, either. Exchange Online performs the decryption prior to delivering the message to Outlook for iOS and Android. For more information, see Outlook for iOS and Android in Exchange Online: FAQ.

Deploying sensitivity Labeling with Outlook for iOS and Android

For information about how to create and define sensitivity labels, as well as, publishing a label policy, see Create and configure sensitivity labels and their policies. If you are new to sensitivity labels, you might also find it useful to review Get started with sensitivity labels for information about licensing, permissions, deployment strategies, and a list of common scenarios that support sensitivity labels.

Important

If your organization has previously deployed Azure Information Protection labels, you must migrate to the unified labeling platform that supports sensitivity labels. To determine which platform is being used, see Frequently asked questions for Azure Information Protection. To complete the migration, see How to migrate Azure Information Protection labels to unified sensitivity labels.

Using sensitivity labeling with Outlook for iOS and Android

For information about the end user experience, see Apply sensitivity labels to your documents and email within Office.

Understanding S/MIME

S/MIME provides encryption, which protects the content of email messages, and it provides digital signatures, which verify the identity of the sender of an email message. S/MIME in Outlook for iOS and Android is supported with Microsoft 365 or Office 365 accounts using the native Microsoft sync technology. For a general overview of S/MIME, see S/MIME in Exchange Online.

Deploying and using S/MIME with Outlook for iOS and Android

See S/MIME for Outlook for iOS and Android.