Read Microsoft Purview/MIP sensitivity labels at M365 ingest + a client-side DLP egress gate (Layer 1 — honor the client's existing classification)
task-purview-sensitivity-label-ingest-gate
Purview/MIP sensitivity-label read at M365 ingest + client-side DLP egress gate
Layer-1 of the DEC-0059 boundary: honor the client's existing classification at the M365 source, gating egress before bytes leave their environment.
The capability
- Read labels at ingest — Graph
extractSensitivityLabels(GA; needs onlyFiles.Read.All; returnssensitivityLabelId/assignmentMethod/tenantId); resolve the taxonomy viaGET .../sensitivityLabels+extractLabel/extractContentLabel. - Detect without the MIP SDK where possible — labels persist as clear-text
MSIP_Label_{GUID}_*metadata (MSIP_Label_GUID_Enabled = trueis the canonical "is-classified" signal) — but only for unencrypted, non-co-authored files; RMS/IRM-encrypted files need the MIP SDK. - Incremental sync — Graph delta query (
deltaLink/nextLink; 7-day token expiry; 410 → full resync). - Client-side DLP egress block — a Purview DLP rule using a sensitivity label as a condition can enforce block, not just warn.
The load-bearing caveat — L1 cannot stand alone
Microsoft itself states "DLP's ability to detect sensitivity labels in SharePoint and OneDrive is limited" (pre-enablement labels, DKE/password-protected, >12 MB encrypted Office, images, zip contents). So Layer 1 requires the Layer-2 detector backstop (Detector ensemble at the ingestion boundary with a MEASURED F2/recall target (Presidio recall-tuned + custom "P2" recognizers + cloud DLP) — measure detection, don't trust it) — an unlabeled or undetectable file still hits Dossier's own detection.
Why a task, not a fix-in-place
The Microsoft365Connector is a reserved stub (Ingestion connector seam — assemble, don't build, and ingestion owns the input contract); this is its classification/security layer — real Graph integration + a DLP gate, owner judgment + code. Detail + citations: research/2026-06-18-sensitive-data-and-injection-defense.md §4. confidence: inferred (agent-filed from DEC-0059).