Migrating data from platforms like Google, Box, Dropbox, or network file systems to M365 can help to simplify your storage offerings. After data for which you have completed your migration, you should make sure that the data is classified and protected in a way that fits within your organization’s data classification policies.
Purview offers a powerful solution: auto-labeling policies that can automatically classify files based on their content. Running an auto-labeling policy post-migration can help “catch up” everything that was migrated and get that data labeled correctly.
In this post, we’ll talk about how to configure an auto-labeling policy in Purview to classify migrated files.
Why Should I Automatically Label Migrated Files? Shouldn’t Users Do That Themselves?
Expecting users to manually classify sensitive data is inefficient, time consuming, and error-prone, especially when dealing with a large amount of migrated data. Auto-labeling ensures that migrated files containing sensitive information—such as financial records, PII, or health data—are accurately tagged with the correct sensitivity label. This can help you maintain compliance and reduces the risk of data over sharing.
READ: Azure Automation for Microsoft 365 – How to Set Up Managed Identity
How to Set Up an Auto-Labeling Policy in Microsoft Purview
1. Define the Scope and Label
From the Purview console, go to Information Protection, expand Polices, and select Auto-labeling policies to create a new policy. Give the policy a name and choose the sensitivity label that should be applied. Select the locations to scan (SharePoint and/or OneDrive). You can target all sites and users, or just specific ones.
2. Set Conditions Using Sensitive Information Types (SITs)
Define the conditions for labeling using SITs. These should be SITs that you have high confidence in not producing false positives and you should test them beforehand on a small set of data or users.
Common examples of SITs include:
- Credit Card Number
- Social Security Number
- Bank Account Number
- Passport Number
READ: Securing Entra ID – Addressing Modern IAM Security Threats
3. How to Exclude Newly Created Files from Microsoft Purview Auto-Labeling
To target only migrated files, try these approaches:
- Target files created by a migration account.
- Scope policies to specific folders or sites used for migration.
- Apply policies right after migration to avoid labeling new files.
Purview lacks native date-based auto-labeling conditions, but these methods can get you close.
4. How to Test Your Microsoft Purview Auto-Labeling Policy
Before activating the policy, it is important to run it in Simulation mode. This will allow you to preview which files would be labeled without making any changes. Use this step to fine-tune your policy and communicate to users that may be impacted.
5. Enable the Policy
Once satisfied with the simulation results, you can activate the policy. It will begin to label content that matches it’s conditions automatically.
6. Remove the Policy After Completion (Optional)
Once the policy has finished, you should consider removing or disabling it. Though this step is optional, leaving the policy in-place could result in the unintended labeling of new files that were not a part of the original scope.
READ: Endpoint privilege management with Microsoft Intune
Final Thoughts
Auto-labeling within Microsoft Purview can help you safeguard organizational data following a file cloud migration. Automating the classification of sensitive information not only secures migrated content but it also establishes a strong foundation for an effective information protection strategy by ensuring that you start from a good place.
Microsoft Purview Professional Services by WME
The postmodern enterprise is facing a dilemma where both data velocity and lack of transparency threaten to outpace institutional controls.
Microsoft Purview is a proven architecture that gives you this control. You can classify, access, and perform behavioral telemetry, fused together into a single layer of protection. But this requires some deep sophisticated expertise.
WME’s professional services puts its expertise at the nexus of policy formulation and system-level operationalization. We bring advanced interpretative frameworks to the construction of sensitivity label categories, design auto-labeling policies with precision and semantic depth, and ensure auditability via recursive policy validation cycles. The objective we help you achieve is the installation of a living, adaptive compliance ecosystem using PURVIEW.
Windows Management Experts
Now a Microsoft Solutions Partner for:
✓ Data & AI
✓ Digital and App Innovation
✓ Infrastructure
✓ Security
The Solutions Partner badge highlights WME’s excellence and commitment. Microsoft’s thorough evaluation ensures we’re skilled, deliver successful projects, and prioritize security over everything. This positions WME in a global tech community, ready to innovate on the cloud for your evolving business needs.
