Files with Microsoft AIP labels not detected by DLP

Files with Microsoft AIP labels not detected by DLP

1310
Created On 01/29/24 08:10 AM - Last Modified 02/06/25 21:29 PM


Symptom


  • Custom data pattern is configured with the following file property types as per our documentation: 
    • Sensitivity -> Confidential
    • MSIP_Label_<GUID>_Enabled -> Confidential
  • File is set with the Confidential label but DLP is not detecting the file and not triggering an incident. 

Environment


  • Prisma Access
  • PanOS

Cause


  • The file properties identified appears to be different compared to is documentated.
  • File property called "ClassificationContentMarkingFooterText" contains the value "Confidential" or "Non-Confidential" .

Resolution


In the custom data pattern, configure the file property type field dropdown to "AIP Tags" and value to "ClassificationContentMarkingFooterText=Confidential" or "ClassificationContentMarkingFooterText=Non-Confidential" based on the requirement. 

file property
 

Additional Information


Secure AIP Labeled Files with Enterprise DLP
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000XheICAS&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail