I'm trying to set up sensitivity labels and Windows Information Protection to prevent employees from accidentally or purposefully leaking sensitive documents to non-corporate environments.
Everything with WIP works great, it's configured via Intune, and sensitivity labels appear to be working.
However, I'm not sure what the point is of the sensitivity label option for "Endpoint data loss prevention". If I apply a SUPER SECRET sensitivity label to a Word document with the option enabled, users are still able to simply right click and change file ownership to Personal, and then they can email it from their personal gmail account or whatever. So it's not enforcing endpoint DLP at all.