Aug 15 2017 02:55 PM
I am trying to implement Office 365 DLP policy to prevent external sharing of documents in SharePoint based on the AIP Classification. I can add a notification or block access for internally shared documents but the rule doesn't match when scope is set to NotInOrganisation.
I followed this article to promote the AIP classification to SharePoint:
http://www.eekels.net/promoting-azure-information-protection-labels-to-sharepoint-metadata-column/
I then followed this article to create a DLP policy through PowerShell that detect if the property was equal to "Secret" and scope is NotInOrganization. I then share the document in SharePoint but access is not blocked, if I change the scope to InOrganization it is detected and blocked:
Anyone know why this wouldn't work? Can someone else test it so I can validate it isn't just in my tenant.
Aug 16 2017 12:13 AM
Give it some time. Not only SPO needs to index the item, but additional delay is added due to the DLP policy deployment. The SLA is supposedly 1h, but in my experience that's nowhere close to the truth.
Other than that, you can also create a rule with different criteria in order to exclude issues with the property used.
Aug 16 2017 01:39 PM
I have seen that it can take hours before the rules are applied but in this case, I created the rule on Monday and it is now over 3 days and still not working.
Aug 16 2017 11:53 PM
Thus my suggestion to try with a different criteria, just to make sure.