Microsoft has a feature for Office documents, called “co-authoring” (not enabled by default).
When it is enabled, and a document is open for co-authoring, you are wondering if DLP can still detect labelled content?
Data Loss Prevention where MIP inspection is enabled
Enabling co-authoring changes how labels are stored for Microsoft Office documents.
This is documented in their article on the topic, Enable co-authoring for encrypted documents - Microsoft Purview (compliance) | Microsoft Learn:
After you enable the setting for co-authoring, labeling information for unencrypted files is no longer saved in custom properties.
Do not enable this setting if you use any apps, services, scripts, or tools that reads or writes labeling metadata to the old location.
If co-authoring is enabled, DLP is not able to read MIP labels, however, decryption of MIP documents for content inspection still occurs.
Question: If we moved ahead with Microsoft MIP labelling and co-authoring now, how would this impact our current Symantec DLP operations with respect to visibility into policy violations and known sensitive documents?
Co-authoring impacts DLP's ability to read labels, however, DLP is still able to decrypt and match content to policy violations. Inability to read labels results in missed detection only for policy conditions that are looking for MIP labels. All other policies that are triggering based on CONTENT (Keywords, Patterns, EDM/IDM, etc.) are NOT affected. Enabling co-authoring is not known to create any additional issues. All current DLP policies would continue to work as they do today. If you change or create new DLP policies that specifically require the presence of a MIP label as a condition, then it would be impacted and you could have missed detections.
DLP Engineering has confirmed that support for the co-authoring feature will be available with 16.0 MP1.