I'm trying to set up a consistent data protection strategy, but I'm confused about the relationship between Sensitivity Labels and the different portals. I see options for labels in the "Microsoft Purview" portal, but also mentions of "Microsoft Information Protection" (MIP).
Specifically, how do I ensure that a label I create in Purview actually shows up in Word, Excel, and even non-Microsoft assets like SQL databases in the Purview Data Map? Is there a specific "activation" step to sync these, and how do "Label Policies" differ from the labels themselves when it comes to deployment? I want to make sure if I tag something as "Confidential," that protection follows the file everywhere.
3 answers
Kimberly mentioned the labels, but the actual "deployment" happens through Label Policies. Think of Labels as the "sticker" and Policies as the "distribution list.
In 2026, the distinction is mainly branding: Microsoft Purview is the umbrella platform that manages the Microsoft Information Protection (MIP) capabilities. To integrate them, you don't "sync" them—you manage them from the centralized Purview Compliance Portal.
The key to integration is the Label Scope. When you create a label, you must define where it can be used. If you want it to protect files, emails, and also appear in the Purview Data Map for assets like Azure SQL or AWS S3, you must select the "Files & other data assets" scope. Once scoped, the label becomes a piece of metadata that "travels" with the content, regardless of whether it's sitting in a SharePoint site or a third-party cloud app.
If you want the protection to be truly universal, make sure to enable "Co-authoring for files encrypted with sensitivity labels" in your Purview settings.
Without that setting, labeled files can sometimes get "locked" when multiple users try to edit them in the web browser. Also, for the "Information Protection" client on Windows, ensure you’ve migrated to the Microsoft Purview Information Protection client (the successor to the old AIP client). This ensures that the right-click "Classify and Protect" feature in File Explorer perfectly matches the labels you've defined in the Purview portal.
Even if you create a "Confidential" label, no one will see it in their Office apps until you Publish it via a Label Policy. This integration allows you to target specific labels to specific departments (e.g., Finance sees "Highly Confidential - Payroll," while Marketing doesn't). For those using the Purview Data Map, you also need to enable Auto-labeling policies. This allows Purview to scan your databases and automatically apply these MIP labels based on Sensitive Information Types (SITs) like credit card numbers or tax IDs.