Defender ATP + Windows Information Protect + Sensitivity labels - Prevent intrasystem leaks?

%3CLINGO-SUB%20id%3D%22lingo-sub-1022346%22%20slang%3D%22en-US%22%3EDefender%20ATP%20%2B%20Windows%20Information%20Protect%20%2B%20Sensitivity%20labels%20-%20Prevent%20intrasystem%20leaks%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1022346%22%20slang%3D%22en-US%22%3E%3CP%3EI%20need%20to%20control%20the%20flow%20of%20information%20based%20on%20its%20sensitivity%20label.%20Defender%20ATP%20%2B%20Microsoft%20Information%20Protection%20looks%20like%20the%20perfect%20tool%2C%20but%20all%20of%20the%20documentation%20I%20can%20find%20is%20oriented%20toward%20only%20two%20classifications%3A%20Work%20information%20and%20Personal%20information.%20I%20can't%20find%20anything%20that%20describes%20the%20fidelity%20allowed%20when%20utilizing%20sensitivity%20labels.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20example%2C%20if%20one%20SharePoint%20site%20is%20HR%20(sensitivity%3A%20HR%2FPII)%2C%20and%20one%20is%20a%20Project%20XRay%20(sensitivity%3A%20General%20Business)%2C%20I%20need%20to%20restrict%20both%20of%20those%20from%20going%20out%20to%20uncontrolled%20non-work%20environments%2C%20that%20looks%20easy.%20However%2C%20is%20it%20possible%20to%20also%20restrict%20HR%2FPII%20labeled%20information%20from%20accidently%20being%20leaked%20to%20the%20XRay%20site%20and%20every%20other%20site%20except%20ones%20that%20are%20approved%20to%20store%20that%20type%20of%20information%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1022346%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdvanced%20Security%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EDLP%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EInformation%20Protection%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESensitivity%20Labels%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1082961%22%20slang%3D%22en-US%22%3ERe%3A%20Defender%20ATP%20%2B%20Windows%20Information%20Protect%20%2B%20Sensitivity%20labels%20-%20Prevent%20intrasystem%20leaks%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1082961%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F119035%22%20target%3D%22_blank%22%3E%40Andrew%20Kovacs%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20anyone%20know%3F%20Is%20there%20nuance%20in%20Defender%20ATP%20beyond%20simply%20%22work%22%20and%20%22personal%22%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

I need to control the flow of information based on its sensitivity label. Defender ATP + Microsoft Information Protection looks like the perfect tool, but all of the documentation I can find is oriented toward only two classifications: Work information and Personal information. I can't find anything that describes the fidelity allowed when utilizing sensitivity labels.

 

For example, if one SharePoint site is HR (sensitivity: HR/PII), and one is a Project XRay (sensitivity: General Business), I need to restrict both of those from going out to uncontrolled non-work environments, that looks easy. However, is it possible to also restrict HR/PII labeled information from accidently being leaked to the XRay site and every other site except ones that are approved to store that type of information?

1 Reply

@Andrew Kovacs 

 

Does anyone know? Is there nuance in Defender ATP beyond simply "work" and "personal"?