I'm fairly new to information protection and I'm trying to figure out the difference between security labels and DLP. For example, if I set up 3 security labels, public, internal and confidential, and mark all documents as internal by default, I can only send files to my colleagues. What is the point of setting up DLP then?
Security Labels/ Information Classification is not just used to protect data. It is also used to help you classify documents that will then help you to identify the type of data that is flowing around in your organisation. Having labels allows you to configure additional policies outside of Information Protection and DLP, you can use it for eDiscovery, Records Management, Insider Risk, etc.
Now In your scenario, I would assume that you've selected an encryption option for the "Internal" label where the encryption is set for only "All users and groups in your organisation" like the one shown below:
You are right by saying that this will protect data from being accessed by any third-party/ external users.
But users will be able to change the default label to either Public or Confidential.
This is where you will need to use Purview Data Loss Prevention. DLP can and should be used together with the Security labels. A policy you could put together can look this like:
Add Encryption to the Confidential label > then add permission to your organisation + the any authenticated users.
Then using DLP, you can setup policies where you can whitelist domains, or even put up a Policy tip/ notification if the content is Confidential and is meant to be sent outside the organisation.