MC642510 · Microsoft 365 Suite, Microsoft 365 Experts
From Microsoft Corporation
Technical Bulletin MC642510 · Published Jul 14, 2023
Message Summary
Currently Microsoft Purview Data Loss Prevention policies support detecting email attachments with sensitivity label using the condition called “content contains sensitivity label” (https://learn.microsoft.com/microsoft-365/compliance/dlp-sensitivity-label-as-condition?view=o365-worldwide). Currently, this condition supports detecting labels in Microsoft Office and PDF file types. However, Microsoft Purview Information Protection sensitivity label can be applied to other file types as well using AIP client or other clients using Information Protection SDK like Secude which uses this SDK to convert the labelled file to .pfile (https://learn.microsoft.com/azure/information-protection/how-does-it-work#variations).
We are now extending the support of the DLP condition “content contains sensitivity label” to pfile as well ensuring all possible labelled files will be detected and protected by DLP policies.
This message is associated with Microsoft 365 Roadmap ID 145116
When this will happen:
The commercial tenant’s rollout will start in early August 2023 and complete by late August 2023.
How this will affect your organization:
If you have an existing DLP policy for detecting labelled email attachments, it will start applying on emails containing .pfile attachments as well. You do not need to make any changes to your existing policies.
For example, if you have a DLP policy with a condition “content contains highly confidential sensitivity label” with an action “Restrict access (block people outside organization)”, then all Exchange emails with attachments containing “highly confidential label” including pfiles like .ptxt/.pjpg etc. will be blocked by this DLP policy. Currently, this DLP policy restricts only Microsoft Office and PDF files.
