Sensitivity Labels not detecting in DLP
Article ID: 273526
Updated On:
Products
Issue/Introduction
MIP sensitivity labels test files are not (no longer) working with DLP policies Sensitivity label policies, no incidents are getting created when testing.
Cause
The following are a few documented issues why DLP does not appear to be detecting the sensitivity Labels.
1. The labels are getting encrypted.
2. The Labels are not properly added to the file.
Resolution
1. It is possible that you are set to encrypt metadata by default. This issue would be resolved through Microsoft article "https://learn.microsoft.com/en-us/deployoffice/office2016/security/protect-sensitive-messages-documents-using-irm#office-2016-irm-registry-key-options". You need to confirm the registry key mentioned in the article is set to 0.
2. Confirm if the labels exist on the file, if they are not there then DLP could not detect them.
There are currently 2 places (A,B) Microsoft will put label information (old and new), the label information would need to be in either or both of the places for DLP to detect that they exist. If they are not present in the file, then I would advise the customer contact Microsoft support.
A. Go to file and click on: File Properties > Custom. This is the original, or "old" method of labeling a Microsoft document.
B. Unzip the file and locate <[6]DataSpaces\TransformInfo\LabelInfo>. If the file "labelinfo" is missing from this directory, then there where no labels created for the newer updated version. This is considered the "new" method Microsoft uses. The labels need to be in one or both of the locations.
Feedback
