MIP sensitivity labels not being detected by DLP.
search cancel

MIP sensitivity labels not being detected by DLP.


Article ID: 275625


Updated On:


Data Loss Prevention Data Loss Prevention


DLP does not appear to be successfully detecting MIP labels. 


Release : 15.8+ / 16.0+


This may be due one or both of the following reasons:

  1. The MIP labels are being encrypted.
  2. MIP labels are not being added into the message.



1. If MIP labels are being encrypted then this is unsupported because DLP needs the ability to read them. The following is a Microsoft document that has a resolution for this by using DRMEncryptProperty registry setting.



2. To confirm if MIP labels are being added into the message, there are compound file viewers (like Compound File Explorer). You can also use 7zip to decompress the files and confirm if the labels are present:

Use 7zip to un compress the files to their constituent sub files. Then navigate to "[6]DataSpaces\TransformInfo\LabelInfo" in a text editor and you should be open to confirm the label. If the label is missing then it is not being added to the file for DLP to inspect.