Limit propagation of email and content - Technical resource

Limit propagation of email and content

Your customer uses Microsoft 365 email services, and you are asked the following question: 

We need to send documents by email to business partners and we want to make sure that the information is not forwarded or copied. 

 Is this possible with the mail service we currently have? 

You can tell them yes that there is a way to resolve this situation. The solution is to use Microsoft 365 Sensitivity Label Message Encryption available through Azure Information Protection. This encryption uses sensitivity labels that allow you to collaborate while limiting the use of organizational data. 

Nowadays a lot of information travels electronically. The use of email communications is very common as well as all types of information that can be transmitted there. 

 A lot of information is contained within these electronic communications and for certain reasons and in some cases, it is necessary to control how the information can be used by the recipient. 

 The purpose of the approach is to try to prevent data leakage and unauthorized actions relating to the transmitted information. 

Using the Microsoft 365 Sensitivity Label Message Encryption not only secures the transmission while it is being sent but can also limit the actions that can be taken with respect to an email and the information it contains. 

 In our example, the use of the confidentiality label “Do not forward” makes it possible to restrict what can be done with the email and the information it contains. 

 In the present case, the method makes it possible to control in the following way: 

    • Transfer of received email 
    • Printing the email and its content 
    • Backing up the email and its contents 
    • The screenshot of the email and its contents 
    • Adding or modifying recipients 


The scenario used shows us that the confidentiality label used, in this case, is ideal when we want to: 

    • Limit the propagation of email and content


“Do Not Forward: Recipients can’t forward the email, print it, or copy from it. For example, in the Outlook client, the Forward button isn’t available, the Save As and Print menu options aren’t available, and you can’t add or change recipients in the To, Cc, or Bcc boxes.”1. 


How to use this feature 

 Outlook desktop 
 Click New mail to open the window for composing a new mail, then Options, Encrypt and click on Do not forward. 

 The first time you send encrypted mail the following message appears: 

Once the connection to the server has been established, click on Do not forward 

Compose the email and click Send 

 When adding an attachment, the following message will be displayed : 

Click on OK to send the message 


Outlook web 

Click New message to open the window for composing a new mail, then Options, Encrypt and click on Do not forward. 

Compose the email and Send 

When receiving:
In both cases, regardless of whether the email is sent from Outlook desktop or web, the recipient will see a padlock symbol appear in the email indicating that it is encrypted. 

 For Microsoft 365 email service users:  

“If you receive a protected email message sent to your Microsoft 365 account in Outlook 2016 or Outlook on the web, the message should open like any other message”2.  

 For non-Microsoft 365 email service users:  

“If you’re using a different email service, you may receive a notification that you’ve received a protected message and need to take additional action”3. 


As the example has demonstrated, sending an encrypted email using Azure Information Protection is simple and requires no technical knowledge from users. 

 Receiving an encrypted email also does not require any technical knowledge on the part of the recipient. 

 The example that was used is suitable for the scenario where we want to: 

  • Limit the propagation of email and content

 In this situation the sender required that the propagation of the information be limited. 

Nowhere in this document is there any mention of needing to configure anything. The encryption service is automatically activated and configured by Microsoft when a license that contains Azure Protection Information P1 is present in the customer’s 365 environment. Once this license is assigned to a user, the user can use email encryption as demonstrated.

The functionality discussed in this article is included in Microsoft 365 Business Premium. 

Don’t hesitate to contact our experts at if you need help ensuring your customers’ data is secure. 

write to us at 



1Apply encryption using sensitivity labels | Do not Forward 

2 – For Microsoft 365 email service users 

3 – For non-Microsoft 365 email service users