Sensitivity labels preservation and SharePoint ACLs in Azure AI Search

We’re introducing new enterprise security capabilities in Azure AI Search and knowledge bases to help you deliver more trusted, policy-aligned knowledge retrieval for RAG apps and agentic applications. This public preview enables support to sync and honor Microsoft Purview sensitivity labels across multiple Azure AI Search connectors. For knowledge bases, it also delivers full security governance via remote SharePoint knowledge source and adds basic document-level security in the indexed SharePoint knowledge source / SharePoint indexer in AI Search.

Microsoft Purview sensitivity labels (public preview)

• Azure AI Search introduces support to sync and honor sensitivity labels and their corresponding protection policies for source documents across multiple connectors. This allows AI Search to respect label-based protection policies so users can access only data authorized for them once labels are synced.
• Cross-connector support: SharePoint in Microsoft 365, Microsoft OneLake, Azure Blob Storage, and Azure Data Lake Storage Gen2.
• Query-time enforcement: Results are trimmed to the end user’s rights, honoring Microsoft Information Protection sensitivity label policies (including extract usage rights) and Microsoft Entra identity.
• Developer note: Available via REST API and latest beta SDK only, during public preview. Portal support is not available at this time. Use RBAC (not API keys) and include both the calling app authorization bearer token and end‑user Entra token when querying.
• Demo: Take a look at a demo that showcases how you can see reflected the sensitivity labels applied and honored by AI Search in your RAG app:

Figure 1. Sensitivity Labels Demo

• Demo repo: https://aka.ms/Ignite25/aisearch-purview-sensitivity-labels-repo

Indexed SharePoint updates in public preview

• Basic document level security: Sync per user permissions during ingestion and enforce at query time so users only see documents they’re authorized to access. This is supported for both SharePoint indexer and indexed SharePoint knowledge source .
• Site‑level scoping permissions: Provide authorization to ingest data from selected sites vs. all sites.
• Secretless configuration: Use managed identity to reduce credential management risk.

Recommended path for SharePoint content in knowledge bases

• Microsoft strongly recommends using remote SharePoint knowledge source to power agents via knowledge bases. Content stays in SharePoint and governance is honored out-of-the-box—including sensitivity labels, permissions, shared links, and policies—for behavior consistent with Microsoft 365 and Copilot. Note: The SharePoint Retrieval API is a separately metered service.
• Azure AI Search indexer / indexed SharePoint knowledge source introduces an initial level of document‑level security. It’s an incremental path toward broader governance support for customers who need indexed, multi‑source orchestration and unified scoring.

ADLS Gen2 with ACL support via Azure Blob knowledge source in public preview

• Access Control Lists (ACLs): When enabled, a knowledge base honors ACLs from Azure Data Lake Storage Gen2 via Azure Blob knowledge source configuration via the ingestionPermissionOptions parameter, enabling document-level security aligned with your data governance policies.
• Identity-based ACL enforcement: Results are trimmed based on the end user’s Microsoft Entra ID identity, preserving permissions defined in ADLS Gen2.

Why this matters

• Governance aligned: Honoring Purview label policies across supported sources to prevent oversharing and reduce risk.
• Consistent with Microsoft 365: The remote SharePoint knowledge source in knowledge bases / Foundry IQ approach delivers the same permission model behavior that users experience in SharePoint and expect out-of-the-box in custom RAG apps; the indexed SharePoint path is evolving toward broader governance coverage.
• Lower operational overhead: Secretless setup and built-in security trimming.

How it works at a glance

• Sensitivity labels: Indexers can be configured to extract label metadata; Azure AI Search evaluates label policies at query time against the user’s identity to return only permitted documents. The label GUID can be resolved via Microsoft Information Protection SDK for display in apps.
• Remote SharePoint knowledge source: This source provides document-level access honoring without extra configuration, fully aligning with the SharePoint security governance model.
• Indexed SharePoint knowledge source / SharePoint indexer document level security: When configured, ACL permissions are synced during initial data ingestion and enforced at query time using the end user’s identity, trimming results automatically.
• Site selection + managed identity: Configure the SharePoint indexer to crawl specific sites, authenticating with a managed identity for a secretless setup—without granting all-site access.

Scenarios

• RAG applications and agentic apps that must honor Purview label policies and (for remote SharePoint) full SharePoint governance.
• Multi‑source knowledge retrieval (SharePoint, Blob, ADLS Gen2) in knowledge bases with unified security enforcement.

Get started

• What’s new in Azure AI Search
• Use Azure AI Search indexers to ingest Microsoft Purview sensitivity labels
• Query‑time Microsoft Purview sensitivity label enforcement
• SharePoint knowledge source (remote) via Microsoft 365 Retrieval API
• SharePoint indexer with initial document‑level security (Public preview)
• SharePoint knowledge source (indexed) with ACL support
• Azure Blob knowledge source with ADLS Gen2 ACL support

Share your feedback

Public preview is the time to validate incremental requirements. Run high-scale tests across your SharePoint and Azure data, exercise both remote and indexed paths, and share your feedback—so we can finalize coexistence, performance, and governance support for secure, high quality knowledge retrieval.