Ask the community

Detecting Microsoft Purview Information Protection Sensitivity Labels

BrianThomas
New Contributor II

I was looking through the DLP profiles and did not find any support for triggering on Microsoft Purview Information Protection (formerly Azure Information Protection / MIP / AIP ) sensitivity labels for real-time protection policies. My goal is to coach/block users from uploading documents with certain labels to unapproved cloud storage. 

 

I can extract the labels from the office documents metadata, but there doesn't seem to be a way for Netskope to detect the labels even with custom dictionaries or EDM.  Has anyone gotten sensitivity label detection working in real-time protection DLP policies? 

1 Solution
ryans
Netskope
Netskope

In previous versions of "Compliance Center" you could simply put the friendly name of the label in your DLP entity. I'm not sure when this changed -- likely with the rebrand to Purview -- MS no longer writes the friendly name to the metadata. Instead, they write the GUID. Take this GUID and create a case insensitive entity as follows:

MSIP_Label_GUID_Enabled

Use this entity in your Rule, assign the Rule to a custom Profile, and use the Profile in your Policy.

View solution in original post

5 Replies 5
ryans
Netskope
Netskope

In previous versions of "Compliance Center" you could simply put the friendly name of the label in your DLP entity. I'm not sure when this changed -- likely with the rebrand to Purview -- MS no longer writes the friendly name to the metadata. Instead, they write the GUID. Take this GUID and create a case insensitive entity as follows:

MSIP_Label_GUID_Enabled

Use this entity in your Rule, assign the Rule to a custom Profile, and use the Profile in your Policy.

BrianThomas
New Contributor II

to add on to this, the DLP engine should be looking for the data in the headers, not the body of the file. 

Further info for others on this path. In your Purview tenant ( https://compliance.microsoft.com ) you MAY be able to see the GUID for each Purview label, but its not a given. If you cant see the data in the GUI, you can extract the GUID via Powershell but you will need to install the PowerShell commandlets for the compliance dashboard.  Here are the docs on how to connect: Connect to Security & Compliance PowerShell | Microsoft Learn

 

Alternatively you can set a label on a file (word, excel, powerpoint, etc), change the extension to .zip and then search for the text "MSIP_Label_" in the folder. You will then have the guid. Set the lable on the file to the other label types you want to target and perform the same zip -> search action to find the other GUID's. It's tedious mut maybe less so than PowerShell online which can be very fiddly. 

 

 

Rohit_Bhaskar
Community Manager
Community Manager

Hi @BrianThomas , Hope you're doing well. If @ryans answers helps you on what you're looking. Please feel free to click the  comment  "Accept as Solution". 🙂

Best Wishes
Rohit Bhaskar

@Rohit_Bhaskar , I've flagged it as accepted. thanks to @ryans  for being the good citizen and following up with the details. 

ryans
Netskope
Netskope

@Rohit_Bhaskar - I've been working with Brian and in all fairness, he did most of the work here, I just validated it a few more times 🙂

Subscribe
Labels

In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below

Sign In