I'm trying to set up a unified data protection strategy, but I'm confused about how Sensitivity Labels work across the different "Microsoft Purview" and "Information Protection" portals.
Specifically, how do I ensure a label I create in the Purview Compliance portal actually shows up in Word/Excel and also tags my SQL databases in the Data Map? Is there a sync process I'm missing? Also, what’s the difference between a "Label" and a "Label Policy" when it comes to deployment? I want to make sure a "Confidential" tag follows the data everywhere—whether it's an email or a database row.
3 answers
Kimberly is right about the scope, but remember that a label is just a "definition" until you publish it. This is where Label Policies come in.
In 2026, the term Microsoft Information Protection (MIP) refers to the framework of capabilities, while Microsoft Purview is the administrative portal where you manage it. To make them work together, you don't "sync" them—you Scope them.
When creating a label, the most critical step for integration is the Scope. If you want a label to be available in Office apps and the Purview Data Map (SQL, Azure Storage, etc.), you must select the "Files & other data assets" scope. If you only select "Files & emails," the label will be invisible to the Data Map and you won't be able to use it for database column masking or governance.
If you want the protection to be truly persistent, make sure you've moved to the Microsoft Purview Information Protection client.
The old AIP (Azure Information Protection) add-in was retired in 2024. In 2026, we use the built-in labeling in Office and the new Purview client for Windows File Explorer. One big integration tip: enable "Co-authoring for files encrypted with sensitivity labels" in your tenant settings. Without this, you'll hit "Locked file" errors when multiple users try to edit a labeled document in the browser. Once enabled, the labels integrate seamlessly with SharePoint and OneDrive's versioning.
Think of the Label as the what (e.g., encryption, watermarks) and the Policy as the who (which users can see it). A label will never appear in Word or Excel unless it is included in a Label Publishing Policy assigned to that user. For the Data Map, it’s slightly different: you use Auto-labeling policies for non-Microsoft 365 workloads. These allow Purview to scan your databases (like SQL or AWS RDS) and automatically apply labels based on Sensitive Information Types (SITs) like credit card numbers.