Applies To
Outlook for Microsoft 365 Outlook on the web New Outlook for Windows

Last Updated: February 13, 2026

ISSUE

When a user replies to an email message that was protected by encryption using a sensitivity label from an external organization, sending the reply can fail if the user is required to apply a sensitivity label and selects a label that applies encryption.

To reproduce this issue 

  1. A sender in Organization A sends an email that has a sensitivity label applied that applies encryption (for example, Highly Confidential) to a recipient in Organization B.

  2. In Organization B, the recipient replies by using Outlook for Windows (classic), Outlook for Windows (new) or Outlook on the web.

  3. Organization B has a sensitivity label policy configured that requires users to apply a label (mandatory labeling).

  4. When prompted to select a label, the recipient selects a sensitivity label that applies encryption, for example, Confidential, and then sends the message.Add sensitivity label example for issue

Expected result

The reply is sent successfully.

Actual result

In Outlook for Windows (classic), users receive an error message when they try to send.

Permission error applying sensitivity label in Outlook

In new Outlook for Windows and Outlook on the web, no error message is displayed. However, message delivery fails and the sender receives a non-delivery report (NDR).

Undeliverable error in Outlook

Cause 

Sensitivity labels are scoped to a user’s organization (tenant). When a recipient in Organization B replies to a message that was labeled and encrypted by a sender in Organization A, the original label from Organization A isn’t available in Organization B. As a result, the message can appear to be unlabeled in Organization B, which can trigger a prompt to select a label when mandatory labeling is configured. 

Additionally, because the original message was encrypted by the sender in Organization A, that sender is the rights management owner of the protected content. By design, other users can’t change the encryption on that content. If the recipient in Organization B applies a sensitivity label that also applies encryption, Outlook attempts to apply new protection, and fails.

STATUS: BY DESIGN

This behavior is by design. However, Microsoft recognizes that the current prompts and error handling can be confusing. We’re evaluating improvements to provide clearer guidance in this cross-organization reply scenario.

WORKAROUND

When you reply, select a sensitivity label that does not apply encryption, for example, General, and then send the message.

More Resources

Icon Experts (brain, gears)

Ask the experts

Connect with experts, discuss the latest Outlook news and best practices, and read our blog.

Outlook Tech Community

Icon Community

Get help in the community

Ask a question and find solutions from Support Agents, MVPs, Engineers, and Outlook users.

Outlook Forum on Answers

Icon feature request (light bulb, idea)

Suggest a new feature

We love reading your suggestions and feedback! Share your thoughts. We're listening.

Find out how

See Also

Fixes or workarounds for recent issues in new Outlook for Windows

Fixes or workarounds for recent issues in classic Outlook for Windows

Facebook LinkedIn Email

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center