Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Detecting Microsoft Purview Information Protection Sensitivity Labels

Go to solution
BrianThomas
New Contributor II

‎10-18-2022 06:41 PM

I was looking through the DLP profiles and did not find any support for triggering on Microsoft Purview Information Protection (formerly Azure Information Protection / MIP / AIP ) sensitivity labels for real-time protection policies. My goal is to coach/block users from uploading documents with certain labels to unapproved cloud storage. 

 

I can extract the labels from the office documents metadata, but there doesn't seem to be a way for Netskope to detect the labels even with custom dictionaries or EDM.  Has anyone gotten sensitivity label detection working in real-time protection DLP policies? 

Labels:
1 ACCEPTED SOLUTION
Go to solution
ryans
Netskope
Netskope

‎10-20-2022 11:25 AM

In previous versions of "Compliance Center" you could simply put the friendly name of the label in your DLP entity. I'm not sure when this changed -- likely with the rebrand to Purview -- MS no longer writes the friendly name to the metadata. Instead, they write the GUID. Take this GUID and create a case insensitive entity as follows:

MSIP_Label_GUID_Enabled

Use this entity in your Rule, assign the Rule to a custom Profile, and use the Profile in your Policy.

View solution in original post

5 REPLIES 5
Go to solution
ryans
Netskope
Netskope

‎10-20-2022 11:25 AM

In previous versions of "Compliance Center" you could simply put the friendly name of the label in your DLP entity. I'm not sure when this changed -- likely with the rebrand to Purview -- MS no longer writes the friendly name to the metadata. Instead, they write the GUID. Take this GUID and create a case insensitive entity as follows:

MSIP_Label_GUID_Enabled

Use this entity in your Rule, assign the Rule to a custom Profile, and use the Profile in your Policy.

Go to solution
BrianThomas
New Contributor II
In response to ryans

‎10-27-2022 12:23 PM

to add on to this, the DLP engine should be looking for the data in the headers, not the body of the file. 

Further info for others on this path. In your Purview tenant ( https://compliance.microsoft.com ) you MAY be able to see the GUID for each Purview label, but its not a given. If you cant see the data in the GUI, you can extract the GUID via Powershell but you will need to install the PowerShell commandlets for the compliance dashboard.  Here are the docs on how to connect: Connect to Security & Compliance PowerShell | Microsoft Learn

 

Alternatively you can set a label on a file (word, excel, powerpoint, etc), change the extension to .zip and then search for the text "MSIP_Label_" in the folder. You will then have the guid. Set the lable on the file to the other label types you want to target and perform the same zip -> search action to find the other GUID's. It's tedious mut maybe less so than PowerShell online which can be very fiddly. 

 

 

Go to solution
Rohit_Bhaskar
Community Manager
Community Manager

‎10-27-2022 11:19 AM

Hi @BrianThomas , Hope you're doing well. If @ryans answers helps you on what you're looking. Please feel free to click the  comment  "Accept as Solution". 🙂

0 Likes
Go to solution
BrianThomas
New Contributor II
In response to Rohit_Bhaskar

‎10-27-2022 12:23 PM

@Rohit_Bhaskar , I've flagged it as accepted. thanks to @ryans  for being the good citizen and following up with the details. 

0 Likes
Go to solution
ryans
Netskope
Netskope

‎10-27-2022 11:23 AM

@Rohit_Bhaskar - I've been working with Brian and in all fairness, he did most of the work here, I just validated it a few more times 🙂

In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below

Sign In