Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Auto labeling on end-user machine

Copper Contributor

Hello All,

Microsoft Purview has auto-labeling policy for scanning Exchange mails, SharePoint and OneDrive files to applying the label for them. I wonder if it is possible to create something like auto-labeling policy for scanning end-user machine? If yes, what are the requirements?

Thank you.

1 Reply

Hi, @anhpham1652525,


Thank you for posting your question here. I understand you're looking for a solution to auto-label files stored on Endpoints, similar to the options for Exchange, SharePoint, and OneDrive.


Unfortunately, there is no direct tool that will scan data-at-rest on endpoints and apply a label based on content being matched.


However, there are a few options available to help with this:


  • You can automatically back-up the Known folders (Desktop, Documents, and Images) to OneDrive, which will help cut-back on the amount of files stored locally on the PC, and then they will be subject to OneDrive auto-labeling policies
  • You can configure auto-labeling within your sensitivity labels and as users interact with files on their endpoints, the files will be scanned and labeled accordingly
    • This is known as client-side labeling, the auto-labeling policies you're asking about is known as service-side labeling
  • Leverage Endpoint DLP to prevent unauthorized movements, such as putting the file on a USB, if the document is NOT labeled by using the "Content is not labeled" condition available for Endpoint DLP policies