Skip to content

Data Classification FAQ

Author: Anna-Liisa | Published: 16.4.2026
Keywords: , , , , ,

At the University of Oulu and Oamk, we will adopt The National Data Classification Model (for Finnish Universities) by the end of 2026. In connection with the deployment of the data classification model, we will also introduce the data classification tool in the M365 cloud service for staff.

On this instruction page, we have compiled questions grouped into the following themes:

If you cannot find an answer to your question here, please contact ICT Services at ict@oulu.fi.

Classification of documents in M365

  1. How do I classify a document in M365?
  2. Can I classify all documents in a folder at once?
    • Yes, by installing the Microsoft Purview Information Protection Client via Company Portal (available only on Windows). In case you have a Mac or a Linux computer, please consider borrowing a laptop from the ICT services.
  3. Can I classify all types of files? Can I classify a txt file or a CAD drawing located in my OneDrive?
    1. Not all file types support classification in their native applications (e.g. .txt, CAD files). Supported formats include:
      • Word: .docx, .docm, .dotx, .dotm
      • Excel: .xlsx, .xlsb; .xlsm, .xltx
      • PowerPoint: .pptx, .pptm, .potx, .potm, .ppsx, .ppsm
      • PDF
    2. You can add classification to soe other files with Microsoft Purview Information Protection Client. (Available for Windows only in Company Portal.) While technical controls are applied according to the sensitivity label, the sensitivity label may not be visible in all applications. You can check the classification (the sensitivity label) in the Microsoft Purview Information Protection Client. These are the formats that support labeling in the client:
      • Adobe Portable Document Format: .pdf
      • Microsoft Project: .mpp, .mpt
      • Microsoft Publisher: .pub
      • Microsoft XPS: .xps .oxps
      • Images: .jpg, .jpe, .jpeg, .jif, .jfif, .jfi. png, .tif, .tiff
      • Autodesk Design Review 2013: .dwfx
      • Adobe Photoshop: .psd
      • Digital Negative: .dng
  4. Can I change the sensitivity label default for me?
    • No. The default sensitivity label (confidential (3Y)) is defined centrally and cannot be changed by end users.
  5. May I change the classification of a file?
    • Users with edit rights can change the sensitivity label freely to match the files sensitivity better, except when the document is classified as secret (1R) – restricted access.
  6. Why doesn’t Word translation work with “secret (1R) – restricted access” documents?
    • This prevents secret (1R) content from being transmitted to AI services. However, the implementation is still a work in progress, as in Windows both Copilot and Translate are blocked for Secret (1R), but in MacOS translate still works technically on paragraph level (situation May 2026): It should not be used for paragraphs with information that is classified as Secret (1R).
  7. Does classification work in Teams?
    • Yes. Data classification works the same in OneDrive, Teams, and SharePoint.
    • You can also classify a team in Teams: The team’s classification affects membership restrictions, but it is separate from file classification.
  8. When, as a Teams member, I open a Word, PowerPoint, or Excel file created by someone else, and the program classifies the file through me, doesn’t this create a problem from the perspective of the original document owner?
    • Files that are actively in use should be classified. During the transition phase, it is important to understand that data classification is only in use for some users, and automatic classification applies to all Word, Excel, and PowerPoint files that are shared with edit permissions to a user who has classification enabled, even if the original author cannot yet classify files themselves. If necessary, as the file owner you can request the file to be reclassified to a specific class already when sharing it with edit permissions.
    • If a student shares a file with you with edit permissions and you already have classification enabled, the file will receive the default sensitivity label confidential (3Y). Since Data Loss Prevention rules are not applied to students, classifying a student’s file with the default sensitivity label (confidential (3Y)) does not in practice restrict the student from sending the file as an email attachment or sharing it from OneDrive. However, if the file is classified as internal (4G) or secret (1R), it will restrict sharing of the file outside the organisation from Teams groups in all situations.
  9. What kind of files can I share externally?
    • Classifications depend on content. The classifications which are allowed for external sharing are
      • open (5W)
      • confidential (3Y)
      • strictly confidential (2A) (if necessary)
    • Emails classified as strictly confidential (2A) are sent encrypted externally.
  10. Can I classify signed documents?
    • No. Digitally signed documents (especially PDFs) should not be reclassified after signing, as signed documents should not be altered after the signing,
  11. Why can’t I share classified files in Teams meetings?
    • Only the owner can share secret (1R) classified documents. Others will see a black screen. For now, sharing via browser works, because Microsoft has not yet implemented preventions (May 2026). Also, screencaptures of secret shared information on a browser is still possible. However, as a user, you should not share others’ secret files or take screencaptures of them either.
  12. How should I classify my personal documents?
    • Use the private class. However, storing personal data on your own devices is recommended.
  13. Why don’t I see a sensitivity label header/footer?
    • Labels are always stored in metadata. Visual labels in headers/footers were used only in an earlier pilot phase. Some files from that period might still have visible labels. It can be removed if needed. If it is in a PowerPoint, it must be removed from the master slides.
    • NB. The classification information is always stored in the document metadata, and the technical protection resulting from the classification also remains in place, regardless of whether the class is visible in the document header or footer.
  14. Does the data classification model relate to the Act on the Openness of Government Activities?
    • No. The data classification model is risk‑based and separate from legal public/secret status.
    • When a document falls under the scope of the Act on the Openness of Government Activities, a reference to the relevant legal provision and the classification according to the Act can be added separately to the document.

Data classification in other environments

  1. Is data classification taken into account in other systems (e.g. Workseed, Jobiili, Peppi)?
    • Technically, data classification primarily affects the handling of information within the Microsoft 365 environment. When information is processed outside the M365 environment, automatic classification‑based restrictions generally do not apply. An exception is the secret (1R) – restricted access class, which encrypts the file and thereby prevents the information from being processed in other systems.
    • However, the handling guidelines related to data classification apply to staff regardless of the platform used, so all users should be familiar with these guidelines.
  2. Does document classification apply to Linux users?
    • Data classification with Sensitivity Labels is a technical feature of the Microsoft 365 environment and applies to Linux users when:
      • files are edited using the browser version of Microsoft Office
      • classified files are shared from OneDrive, Teams, or SharePoint
      • classified files are sent by email
    • However, the handling guidelines related to data classification apply to staff regardless of the platform used, so all users should be familiar with them.
  3. Does document classification apply to Mac users?
    • Data classification with Sensitivity Labels is a technical feature of the Microsoft 365 environment and applies to Mac users when:
      • files are edited using Microsoft Office (locally or in the browser)
      • classified files are shared from OneDrive, Teams, or SharePoint
      • classified files are sent by email
    • However, the handling guidelines related to data classification apply to staff regardless of the platform used, so all users should be familiar with them.
  4. Where can I find classification (the Sensitivity label button) in PDF‑XChange / Adobe Acrobat?
    • In PDF‑XChange, select the Protect tab and you will find the classification options under Sensitivity.

Sensitive information

  1. Is it allowed to include secret (1R) information (such as health data) in an email message or its attachments sent, for example, to a Gmail address, when the data concerns the recipient’s own personal data related to work, research, or studies?
  2. Can Copilot be used to process sensitive information (e.g. strictly confidential (2A)) when drafting reports? If so, how?
    • If the material is intended only for specific individuals or a group and is classified as strictly confidential (2A) or secret (1R), it should not be processed as such with Copilot. If you can create a version of the material that fits the confidential (3Y) classification, do so and use Copilot with that version.

Email

  1. How can I add additional information to an email message about the classification shown in the message and the related handling instructions?
    • When data classification is enabled for you, you can add the following text at the end of your message (for example, as part of your signature):

      “We classify email messages at the University of Oulu in accordance with The National Data Classification Model (for Finnish Universities).”

  2. Why is it sometimes not possible to send an email?
    • The reason is most likely that the distribution list includes recipients outside the organisation. An email or file classified as internal (4G) requires that, before it can be sent even to internal recipients, all external recipients must first be removed from the distribution list.
  3. How do I send a medical certificate for sick leave to HR?
    • If you upload the certificate to your own OneDrive, you must classify it as private in order to send it to HR via email.
      This ensures that Copilot cannot access the file. Please note that sending email is secure within the M365 environment. However, if you are using your personal email, you must use secure mail (in this case, you do not need to classify the file, as you are not using M365 yourself).
    • Once you have received confirmation from HR that everything is in order, you should delete the file from your OneDrive if it is there. HR will classify the file as secret (1R) – personal data if the certificate is processed in the M365 environment.

Research data and publications

  1. How should research project materials be classified as a starting point?
  2. How do I classify research material intended for a scientific publication?
    • Information intended for publication is classified as open (5W).

Teaching and students

  1. What is the default classification for teaching materials (Word, PowerPoint, etc.) used and shared in a course?
    • As a starting point, in a risk‑based classification, teaching materials can typically be classified as open (5W). If a teacher considers that a more appropriate classification would be, for example, internal (4G), it should be noted that files can then only be shared with users who have a University of Oulu or Oamk user account. If the teaching material needs to be shared with users outside Oulu higher education institutions or via anyone links (anonymous sharing), the appropriate classification is open (5W).
    • Teachers have the right to determine the classification of their own teaching materials.
  2. How should I instruct students when they do not have classification available? How can they handle and share documents?
    • Information classified as confidential (3Y) is intended only for those individuals to whom it has been shared or sent. Forwarding or sharing further requires permission from the owner of the information or document.
    • Information classified as internal (4G) may be shared among individuals who have a user account in the Oulu higher education institutions’ systems.
    • Information classified as open (5W) may also be shared with individuals outside Oulu higher education institutions.
  3. Can I prevent classification if I receive edit access to a student’s thesis working version for commenting?
    • It is not possible to prevent file classification when the file is edited using Microsoft Office applications.
      However, the classification can be removed afterwards in Windows using the Microsoft Purview Information Protection Client (see more info about the client), if the file is accessible via File Explorer.
    • Because sharing restrictions for files do not apply to students’ email or OneDrive environments, the restrictions associated with the default sensitivity label confidential (3Y) are not significant in this situation. It is sufficient to remove the information visible in the header if visible, and it does not cause any issues if the classification information remains in the file metadata.

« Back

This article was published in categories English version available, All instructions, Oamk , for Oamk staff, for the University of Oulu staff, Saavutettava ohjeartikkeli, UniOulu and tags , , , , , . Add the permalink to your favourites.