Forum Discussion

anhpham1652525's avatar
anhpham1652525
Copper Contributor
Jul 18, 2023

Auto labeling on end-user machine

Hello All,

Microsoft Purview has auto-labeling policy for scanning Exchange mails, SharePoint and OneDrive files to applying the label for them. I wonder if it is possible to create something like auto-labeling policy for scanning end-user machine? If yes, what are the requirements?

Thank you.

  • Hi, anhpham1652525,

     

    Thank you for posting your question here. I understand you're looking for a solution to auto-label files stored on Endpoints, similar to the options for Exchange, SharePoint, and OneDrive.

     

    Unfortunately, there is no direct tool that will scan data-at-rest on endpoints and apply a label based on content being matched.

     

    However, there are a few options available to help with this:

     

    • You can automatically back-up the Known folders (Desktop, Documents, and Images) to OneDrive, which will help cut-back on the amount of files stored locally on the PC, and then they will be subject to OneDrive auto-labeling policies
    • You can configure auto-labeling within your sensitivity labels and as users interact with files on their endpoints, the files will be scanned and labeled accordingly
      • This is known as client-side labeling, the auto-labeling policies you're asking about is known as service-side labeling
    • Leverage Endpoint DLP to prevent unauthorized movements, such as putting the file on a USB, if the document is NOT labeled by using the "Content is not labeled" condition available for Endpoint DLP policies

     

Resources