Forum Discussion
anhpham1652525
Jul 18, 2023Copper Contributor
Auto labeling on end-user machine
Hello All,
Microsoft Purview has auto-labeling policy for scanning Exchange mails, SharePoint and OneDrive files to applying the label for them. I wonder if it is possible to create something like auto-labeling policy for scanning end-user machine? If yes, what are the requirements?
Thank you.
- miller34mikeMicrosoft
Hi, anhpham1652525,
Thank you for posting your question here. I understand you're looking for a solution to auto-label files stored on Endpoints, similar to the options for Exchange, SharePoint, and OneDrive.
Unfortunately, there is no direct tool that will scan data-at-rest on endpoints and apply a label based on content being matched.
However, there are a few options available to help with this:
- You can automatically back-up the Known folders (Desktop, Documents, and Images) to OneDrive, which will help cut-back on the amount of files stored locally on the PC, and then they will be subject to OneDrive auto-labeling policies
- You can configure auto-labeling within your sensitivity labels and as users interact with files on their endpoints, the files will be scanned and labeled accordingly
- This is known as client-side labeling, the auto-labeling policies you're asking about is known as service-side labeling
- Leverage Endpoint DLP to prevent unauthorized movements, such as putting the file on a USB, if the document is NOT labeled by using the "Content is not labeled" condition available for Endpoint DLP policies