Content Explorer does not show Access Controlled Encrypted files

This behavior is normal and expected . Microsoft Purview’s Content Explorer cannot display encrypted items that use access-controlled encryption (labels that apply user or group permissions) in SharePoint or OneDrive. These items are indexed and protected, but their contents and metadata are not fully visible to Content Explorer due to the way encryption and search indexing interact in the Microsoft 365 cloud.

When a label applies encryption with access control, the document’s encryption keys are tied to the users or groups defined in the label’s policy. Search and compliance tools like Content Explorer rely on the Microsoft Search index, which can only read metadata and content if the indexing service account has decryption rights. For Exchange emails, Microsoft uses a special compliance pipeline that allows encrypted messages to be decrypted for eDiscovery and Content Explorer indexing. That same mechanism is not yet available for encrypted files stored in SharePoint or OneDrive when they are protected with access-controlled encryption.

If you need visibility into encrypted documents, there are a few approaches that work today. You can use Activity Explorer to see when those labeled files were created, modified, or accessed, even though you cannot view their content. You can also run a Data Classification Content Search or an eDiscovery (Premium) case with decryption permissions enabled through the super user role. In that scenario, Purview decrypts the files temporarily for indexing and review. Alternatively, suppose you remove access restrictions and instead use an encryption label with the “anyone in the organization” permission. In that case, Content Explorer will start showing those files within about 24 hours once they are reindexed.

So, nothing is broken in your setup. Content Explorer is simply limited by design and cannot display SharePoint or OneDrive files that are protected with user-specific encryption. You can still confirm their presence and labeling status through Activity Explorer or eDiscovery using super user access.

Please hit like if you like the solution.

SPO/ODFB's support for sensitivity labels comes with some limitations, as detailed here: https://learn.microsoft.com/en-us/purview/sensitivity-labels-sharepoint-onedrive-files#limitations 

Basically, it cannot "reason" over data that is labelled/encrypted outside of it. Now, if you are not seeing any entries at all in Content explorer, across all your SPO/ODFB sites, this is probably some backend issue. I had something similar happen in my tenant for ExO items, eventually it got fixed.