• Needs a specific PDF Reader

https://docs.microsoft.com/en-us/azure/information-protection/rms-client/protected-pdf-readers

Nitro PDF at the time of writing this does not work! Remember this will be for Internal and External People reading a protected document

• Deployment of Microsoft Azure Information Protection Viewer ( There is no Mac OSX client for Azure Information Protection.)
  To read-protected Txt files and image files, think of files that will be protected without a reader.
  
  
• Authorized Workflow or Users to Remove the Sensitivity Label
  If you want the send the document out of the organization to a user who is not setup in your company’s Azure AD ( e.g Guess Access ) you will need a Workflow that automates and logs this removal for Compliance/Auditing of a User with these permissions
• Sensitivity Labelling

1. Enable Sensitivity on a Teams or Sharepoint Library  Does not set Files underneath it
2. You can set a Default Document Label however you will still need to encrypt old documents ( see below ) 
3. Auto-Labelling Technology to do this needs License and is still in Preview License needed ( Microsoft 365 E5/A5/G5, Microsoft 365 E5/A5/G5 Compliance, Microsoft 365 E5/A5 Information Protection and Governance, Office 365 E5, Office 365 Advanced Compliance, Enterprise Mobility + Security E5, and AIP Plan 2 provide the rights for a user to benefit from automatic sensitivity labeling. ) 
4. Use the Microsoft Cloud App Security dashboard with File Policy to Tag the files ( still needs above license ) 

• Breaks CoAuthoring
  Can only use the web version of Office for Document CoAuthorign
  
  
• Needs the latest version of Office 365 for Client-Side Labelling Modifications 
  Remember any external people you are sharing with will need this as well to open