Apply sensitivity labels to your data in Data Map (preview)

Create new or apply existing sensitivity labels in Data Map

If you don't already have sensitivity labels, you need to create them and make them scoped for Files & other data assets. Existing sensitivity labels from Microsoft Purview Information Protection can also be modified with this scope to make them available to Data Map.

Step 1: Licensing requirements

Sensitivity labels are created and managed in the Microsoft Purview Information Protection. To create sensitivity labels for use through Microsoft Purview, you must have an active Microsoft 365 license that offers the benefit of automatically applying sensitivity labels and set up of pay as you go billing model.

To understand pay as you go billing by assets protected, see this pay-as-you-go billing model. For information about the specific licenses required, see this information on sensitivity labels. Microsoft 365 E5 trial licenses can be attained for your tenant by navigating here from your environment. For the full list of licenses, see the Sensitivity labels in Microsoft Purview FAQ. If you don't already have the required license, you can sign up for a trial of Microsoft 365 E5.

Step 2: Create or modify existing label to be scoped to "Files & other data assets" so they're available for Data Map

To create new sensitivity labels or modify existing labels, follow these instructions:

1. Sign in to the Microsoft Purview portal > Information Protection card > Sensitivity labels. If the Information Protection solution card isn't displayed, select View all solutions and then select Information Protection from the Data Security section.

2. Select + Create a label.

3. Name the label. Then, under Define the scope for this label, select Files & other data assets.

4. Follow the rest of the prompts to configure the label settings. For more information about configuration options, see What sensitivity labels can do in the Microsoft 365 documentation.

5. To modify existing labels, browse to Information Protection > Labels, and select your label. Then select Edit label to open the Edit sensitivity label configuration, with all of the settings you defined when you created the label.

6. When you're done creating all of your labels, make sure to view your label order, and reorder them as needed.

   To change the order of a label, select ... > More actions > Move up or Move down.

   For more information, see the documentation for label priority (order matters).

Step 3: Create auto-labeling policies scoped to non-Microsoft 365 workloads

To create an auto-labeling policy for non-Microsoft 365 workloads, follow these instructions:

1. Sign in to the Microsoft Purview portal. Go to Information Protection > Policies > Auto-labeling policies.

2. Select + Create auto-labeling policy.

3. At Choose info you want this label applied to, you can select any non-enhanced templated or Custom.

4. Name your auto-labeling policy and give it an optional description.

5. Select a sensitivity label with the Files & other data assets scope.

6. Keep the admin units set as Full directory, then select Next.

7. Select the non-Microsoft 365 locations you want to label. Select to label all assets within a ___location or specify which assets in each ___location you want to label. If you don't see a supported data source show up in the auto-labeling policy for selection, verify that the data source was correctly registered and shows up in Data Map. The locations displayed for auto-labeling policy scoping depend on what assets have already been registered. Check the list of supported data sources for auto-labeling.

8. Define Common rules to specify the same auto-labeling conditions/rules across multiple selected non-Microsoft locations. Select Advanced rules to define different specific rules for each ___location.

9. Create a new rule and select Microsoft's prebuilt, out of the box classifiers as conditions for auto-labeling. Custom sensitive info types and advanced classifiers like named entities (All Full Names, All Physical Addresses), trainable classifiers, credentials, and Exact Data Match are not supported.

10. Select Run policy in simulation mode, and select the checkbox if you want to automatically turn on the policy after seven days.

    Note

    Microsoft Purview Data Map locations don't support simulation.

11. Review your selected configurations and select Create policy.

Step 4: Scan your data to apply sensitivity labels automatically

Wait 15 minutes after auto-labeling policy creation for policy to saturate. Scan your data in Data Map to automatically apply the labels you've created, based on the auto-labeling policy you've defined.

For more information on how to set up scans on various assets in Data Map, find links to each data source that connect to Data Map.

View labels on assets in the catalog

Once you've configured auto-labeling policies for the non-Microsoft 365 workloads in Microsoft Purview Information Protection and scanned your data in Data Map, labels are automatically applied to your assets in Data Map.

To view the labels applied to your assets in the Microsoft Purview catalog:

In Microsoft Purview Unified Catalog, use the Label filtering options to show assets with specific labels only. For example:

To view details of an asset including classifications found and label applied, select the asset in the results.

For example:

View Insight reports for the classifications and sensitivity labels

Find insights on your classified and labeled data in Data Map use the Classification and Sensitivity labeling reports.