Integration documentation: Purview Sensitivity Labels

When Datamapper scans files in OneDrive and detects GDPR-sensitive information, it can automatically apply a Microsoft Purview Sensitivity Label directly to the file in its original location — making risk files visible and actionable without any manual effort.

Prerequisites

Two Sensitivity Labels must be created and published in your Microsoft Purview tenant, and assigned to each relevant OneDrive account:

Datamapper-risk

Applied to files where Datamapper has identified sensitive personal data as defined by GDPR Article 9 (e.g. health data, biometric data, racial or ethnic origin) or Article 10 (criminal convictions and offenses).
Datamapper-highrisk Applied to files where Datamapper has identified risk numbers such as passport numbers and personal identity numbers, which require urgent attention.

Once created, you can view the label status for each account under Locations → OneDrive in Datamapper. If a label is not available for an account, Datamapper will show additional information about why.

See the Microsoft Purview documentation for guidance on creating labels and publishing them via a label policy.


Setting up labels in Microsoft Purview

Labels are created and published in two steps in the Microsoft Purview portal: first create the label, then publish it via a label policy so it becomes available to the relevant accounts.


1.    Sign in to the Microsoft Purview portal and go to Solutions → Information Protection → Sensitivity labels.

2.    Select + Create a label. Give it the exact name Datamapper-risk or Datamapper-highrisk, and set the scope to Files & other data assets.

3.    Repeat to create the second label. Both labels must exist before Datamapper can apply them.

4.    Go to Publishing policies and select Publish label. Add both labels to the policy and assign it to the relevant OneDrive accounts or groups.

5.    Allow up to 24 hours for the labels to propagate before they appear as available in Datamapper.


Label names must match exactly.  Datamapper looks for labels named Datamapper-risk and Datamapper-highrisk. Labels with different names or casing will not be recognized.


↗  Microsoft documentation: Create and configure sensitivity labels

Supported file types

Microsoft Purview supports automatically setting sensitivity labels on the following file types:

.docx   .docm   .xlsx   .xlsm   .xlsb   .pptx   .ppsx   .pdf

Files in other formats will still be classified in Datamapper, but no sensitivity label will be applied in OneDrive.

How it works

1.    Datamapper scans files from the configured OneDrive account.

2.    Files classified as risk or high-risk are checked against the available Purview labels for that account.

3.    If the matching label exists, Datamapper applies it to the file in its original OneDrive location. No file is moved or copied.

4.    If a label is missing at the time of scanning, the file is still classified in Datamapper — but no label is applied in OneDrive until setup is completed.

Datamapper scans new files daily and updates labels overnight. Once setup is completed, risk files in OneDrive will be labeled automatically.


If you have any questions, do not hesitate to reach out to our Customer Success team via support@safeonline.dk 👋🏻

Still need help? Contact Us Contact Us