Forum Discussion
Auto-Labeling based on data in Document Properties doesn't work
I have a customer who is moving away from Titus sensitivity labels to MIP sensitivity labels, and I need to migrate their documents from one label taxonomy to the other.
Titus creates two document properties in an Office document, TitusGUID and Classification, with text values representing the label GUID and the name of the Titus label. I have created an auto-labeling policy that searches a test SharePoint site and uses "Document property is", and then added the above DP's. I went into SharePoint and added both of them to the search index of the tenancy, unfortunately i've had no luck in getting the policy to detect my test documents.
I then decided to create a SIT containing these keywords and when I tested the SIT against a test document, it successfully detected them. I then created a 2nd rule in my auto-labeling policy that looks for the SIT, but it still didn't detect the test documents when I ran the simulation.
I finally created a test document with the keywords and values in the body of the document, ran the simulation and within a few minutes it had detected the document. So clearly there is an issue with the auto-labeling policy identifying sensitive data in the Document Property fields.
Could anyone confirm if they have been successful in getting this functionality to work, using either method?
Thanks.
Thanks Prathista, I managed to get this working eventually. Titus adds 2 document properties to the labelled document, "TitusGUID:1111ca11-1d11-11b1-1afa-a11d1a1f1a11" and "Classification:Public". I was targeting the GUID field primarily and it never worked so I switched to the classification property which eventually did.
I also had to figure out the process of adding a managed property to the SharePoint search schema. Fortunately I stumbled across this Microsoft article which proved useful. https://techcommunity.microsoft.com/blog/microsoft-security-blog/sensitivity-auto-labelling-via-document-property/4437574
3 Replies
Prathista IlangoMicrosoft
Hello CameronStephens2,
I haven't tried this personally, but based on the research, a few things to consider,
- If you plan to use document properties as a condition (Document property is), this option uses SharePoint managed properties in the same way as they are used for DLP policies. Use exact string matches; regex patterns aren't supported. Refer to: https://learn.microsoft.com/en-us/purview/apply-sensitivity-label-automatically#prerequisites-for-auto-labeling-policies
- Consider using only letters and digits in managed property names. Although it is possible to create custom managed properties with special characters (such as hyphens, dots, and underscores), many of those characters act as operator characters in the query syntax. For example, a hyphen means negation. Such property names have to be enclosed in double quotation marks when used in queries. Many tools and applications that create queries don’t handle this correctly, and therefore it is better to use only letters and digits in managed property names. Refer to: https://learn.microsoft.com/en-us/sharepoint/manage-search-schema#create-a-new-managed-property
- Also explore trainable classifiers/document fingerprinting if that fits your scenario.
Refer to: Get started with trainable classifiers | Microsoft Learn
About document fingerprinting | Microsoft Learn
Hope this helps!
Regards,
PI
Please mark as solution, if you find the answer helpful. This will assist others in the community who encounter a similar issue, enabling them to quickly find the solution and benefit from the guidance provided.
Thanks Prathista, I managed to get this working eventually. Titus adds 2 document properties to the labelled document, "TitusGUID:1111ca11-1d11-11b1-1afa-a11d1a1f1a11" and "Classification:Public". I was targeting the GUID field primarily and it never worked so I switched to the classification property which eventually did.
I also had to figure out the process of adding a managed property to the SharePoint search schema. Fortunately I stumbled across this Microsoft article which proved useful. https://techcommunity.microsoft.com/blog/microsoft-security-blog/sensitivity-auto-labelling-via-document-property/4437574
Thanks Prathista for your reply, but I managed to get it working in the end.
Titus adds 2 document properties to a file, and I was targeting the first "TitusGUID:1111ab11-1a11-11a1-1abc-a11a1a1a1a11". This never worked, so I updated the policy and targeted the second "Classification:Public", which did.
It took a bit longer for me to realise what the problem was because I also needed to add a managed property to SharePoint search schema and link it to one of the crawled properties above which I had sort of done, but not completely. This recent MS article helped me to better understand the process https://techcommunity.microsoft.com/blog/microsoft-security-blog/sensitivity-auto-labelling-via-document-property/4437574/replies/4440897