Forum Discussion
DLP with the new sensitivity labels
If you look at the pictures, you will see that this applies only to retention labels. Using DLP policies is basically a way to make sure that both retention and protection will apply, with the retention already enforced via a label, and the protection action enforced via the DLP policy. In the future perhaps...
Francis Ouellet We've been able to make this work by looking at the document properties that the sensitivity labels create. For docs in SharePoint/OneDrive, you have to set up some mapping behind the scenes so you can reference the property - we mapped it to a field called "SensitivityAlias," then set up a condition:
Document property is:
SensitivityAlias = (label value you're looking for)
It works for us for DLP policies applied to SharePoint, and for direct links to docs attached to emails. It does NOT work for copies of docs attached to emails, since it can't see that mapped property - for that, we set up an Exchange transport rule to look for the property value and we mimic the same logic there. Hope that helps!
It still doesn't seem to create DLP policies applied to Sensitivity Labels. I wonder why is that and it doesn't really make any sense why you only can apply DLP policies to Retention labels.
Anyone heard about this changing even though the docs.microsoft.com https://docs.microsoft.com/en-us/microsoft-365/compliance/data-loss-prevention-policies#using-a-label-as-a-condition-in-a-dlp-policy "it's coming".