Forum Discussion
Auto-Apply Sensitivity Label
I am working on DLP and Information Protection feature of Purview to utilize the Sensitive Info Types. In DLP, I made a policy to send alerts when the SITs are found. In Information Protection, I have sensitivity label and configured to auto apply it once it detects the SIT. I use the same SIT on alert and in sensitivity label. Upon doing tests on several documents, I am receiving alerts via email because the SIT is found. However, the automatic application of SIT on the document does not persist, even it's been 2 weeks since I have created the document.
Other information:
*Upon publishing other labels, i did not configure any default labels on documents.
*Tenant is US
*Im working in the Philippines
Here is the email i am receiving coming from the DLP policy.
Here is my configuration of the sensitivity label.
_simon22 There are two ways to auto label content in Microsoft 365.
You have created a client-side auto-labeling for a specific sensitivity label. This will automatically apply a label based on the rules when the user creates or edits content after the auto-labeling is set up. It requires the user to interact with the content. For example, if you create a new document, edit an existing document, or send or forward an email, and it matches the rules, then it will be automatically labeled. If your file was created before auto-labeling was set up and you have not edited it since, the file is not labeled.
If you want to label content that is already saved (in SharePoint or OneDrive) or emailed (processed by Exchange Online), then you need to set up an auto-labelling policy. This does not need the user to interact with the file
Full details Automatically apply a sensitivity label to Microsoft 365 data | Microsoft Learn
5 Replies
_simon22 There are two ways to auto label content in Microsoft 365.
You have created a client-side auto-labeling for a specific sensitivity label. This will automatically apply a label based on the rules when the user creates or edits content after the auto-labeling is set up. It requires the user to interact with the content. For example, if you create a new document, edit an existing document, or send or forward an email, and it matches the rules, then it will be automatically labeled. If your file was created before auto-labeling was set up and you have not edited it since, the file is not labeled.
If you want to label content that is already saved (in SharePoint or OneDrive) or emailed (processed by Exchange Online), then you need to set up an auto-labelling policy. This does not need the user to interact with the file
Full details Automatically apply a sensitivity label to Microsoft 365 data | Microsoft Learn
You mention that you have E5 Security licensing. For auto-labelling, you need either:
- Microsoft 365 E5/A5/G5,
- Microsoft E5/F5/G5 Compliance,
- Microsoft F5 Security & Compliance,
- Microsoft 365 E5 Information Protection and Governance
- Office 365 E5/A5/G5
E5 Security does not support auto-labelling. See full details Microsoft Purview service description - Service Descriptions | Microsoft Learn
You may have already checked this, but does your data have a mandatory label applied? Autolabeling doesn't override a manual assigned label.
https://learn.microsoft.com/en-us/purview/apply-sensitivity-label-automatically
SumanthSomireddyMicrosoft
Hi _simon22
The labelling configuration and condition looks good. To auto-apply the sensitivity labels based on the SIT detected (assuming the auto-labelling policy is also configured correctly), we need to take a look on the special factors on the locations where this sensitivity label is being applied.
SharePoint/OneDrive
- PDF's and Office docs (Word, PowerPoint and Excel) are supported
- Make sure that total number of auto-labelling policies in the tenant <100
- The location in which the document, you are trying to auto apply sensitivity label must be included in the auto-label policy. Verify if it's included in the location scope
- Ensure that there's no other policy that is running in conflict with the policy that applies your created label
Exchange
- If the document is present as mail attachment, the label won't be applied. If the attachment contains SIT, the label gets applied on the mail.
- Verify if that target document is already labelled manually. Auto-labelling policies can't override manual labels
- Check if there is any other label applied by other high priority label policy. If there's any, then change your label policy priority accordingly.
Hi SumanthSomireddy , thanks for replying.
I'm trying it out on sharepoint/onedrive and all the conditions you've mentioned are met.
I have two sensitivity labels. One is General and the other one is SOC- Confidential (highest priority)
Upon publishing it, the Sensitivity Label Policy holds the General Label where by default, files and emails will have this General label applied. While the SOC - Confidential (Automation Testing) Policy holds the SOC - Confidential Label and in this policy, no default sensitivity label is applied.
I forgot to mention that our license is E5 Security.
Do you think the reason why the auto applying of label is not working is due to the policies or is it because of the license requirements?
