* [Blog](https://www2.paloaltonetworks.com/blog)
* [Cloud Security](https://www2.paloaltonetworks.com/blog/cloud-security/)
* [Cloud Security](https://www2.paloaltonetworks.com/blog/category/cloud-security/)
* Use Microsoft Sensitivity...

# Use Microsoft Sensitivity Labels in Your Multicloud Security Strategy with Cortex Cloud DSPM

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fmpip-sensitivity-labels-dspm%2F)  
[](https://twitter.com/share?text=Use+Microsoft+Sensitivity+Labels+in+Your+Multicloud+Security+Strategy+with+Cortex+Cloud+DSPM&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fmpip-sensitivity-labels-dspm%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fmpip-sensitivity-labels-dspm%2F&title=Use+Microsoft+Sensitivity+Labels+in+Your+Multicloud+Security+Strategy+with+Cortex+Cloud+DSPM&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/cloud-security/mpip-sensitivity-labels-dspm/&ts=markdown)  
\[\](mailto:?subject=Use Microsoft Sensitivity Labels in Your Multicloud Security Strategy with Cortex Cloud DSPM)  
Link copied  
By [Benny Rofman](https://www.paloaltonetworks.com/blog/author/benny-rofman/?ts=markdown "Posts by Benny Rofman")  
Aug 12, 2025  
5 minutes  
[Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown)  
[Data Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/data-security-posture-management/?ts=markdown)  
[data security](https://www.paloaltonetworks.com/blog/tag/data-security/?ts=markdown)  
[DSPM](https://www.paloaltonetworks.com/blog/tag/dspm/?ts=markdown)

We're pleased to announce the latest addition to Cortex Cloud. Now you can see sensitivity labels defined in Microsoft Purview Information Protection (MPIP) for files stored anywhere in your cloud environment. This helps you identify gaps in your labeling strategy, define policies and playbooks built on existing classifications and detect potential exposure risks in real time.

## How MPIP Sensitivity Labels Work

When we think of [sensitive data](https://www.paloaltonetworks.com/cyberpedia/sensitive-data), we might think about databases, object storage and other dedicated datastores. But a big chunk of the work is actually carried out in documents, presentations, spreadsheets and other files. These files can either be completely innocuous or contain highly sensitive information such as shareholder reports, employee [personally identifiable information (PII)](https://www.paloaltonetworks.com/cyberpedia/pii) or confidential intellectual property.

Organizations using Microsoft's productivity suite, such as SharePoint and Office applications, can use [sensitivity labels](https://learn.microsoft.com/en-us/purview/sensitivity-labels) to classify documents and define relevant data protection policies based on this classification. For example, they might decide that if a document is marked as confidential, it must be password-protected if shared externally. (We'll refer to these labels as *Microsoft Information Protection labels* or *MPIP labels.*)

MPIP labels are embedded in file metadata and remain there regardless of where the file is stored. They form the basis of further data loss prevention (DLP) policies within the Microsoft ecosystem such as email data protection in Microsoft Outlook.

## Extend and Improve Labeling with Cortex Cloud

[DSPM](https://www.paloaltonetworks.com/cyberpedia/what-is-dspm) already scans the files stored in your cloud environments -- be it Azure, Amazon Web Services, Google Cloud, or SaaS applications. As part of the continuous [data discovery](https://www.paloaltonetworks.com/cyberpedia/data-discovery) process, Cortex Cloud DSPM now identifies and catalogs MPIP labels associated with each file. It also scans the file contents themselves, enabling you to compare the results of the [Cortex classifiers](https://www.paloaltonetworks.com/blog/cloud-security/context-aware-data-classification-data-security-posture/) -- including prebuilt and custom classifications -- with the label given to a specific file.
![Showing MS 365 assets in Cortex Cloud Data Assets Inventory](https://www.paloaltonetworks.com/blog/wp-content/uploads/2025/08/screenshot-2025-07-09-at-13-19-23-png.png)
Figure 1: Showing MS 365 assets in Cortex Cloud Data Assets Inventory

As part of your ongoing risk posture analysis, you can use the sensitivity level defined in the MPIP labels either when filtering and exploring data -- to see where labeled files are stored and who has permission to access them -- or when defining policies. You can also use these capabilities across Cortex Cloud, whether in remediation playbooks, [CIEM](https://www.paloaltonetworks.com/cyberpedia/what-is-ciem) workflows or other business security workflows.

## Benefits of Integrating MPIP Labels

### Extend Visibility

Extend visibility to wherever the file is stored. Even if a Microsoft Excel file is stored on Amazon S3 or on a virtual machine running on Amazon EC2, Cortex Cloud can identify the file contents and read the label.

### Greater Value in MPIP Labels

Get more value from your existing MPIP labels. MPIP labels are often applied manually by the person generating the file, which can be an important source of insight alongside automated classifiers. Now you can gain more value from that information and use it in additional security workflows beyond those offered natively by Microsoft.

### Optimize Context

Connect labeling to your broader IT and security strategy. MPIP labels are often siloed in IT and underutilized by other parts of the business. With Cortex Cloud, security teams can now use MPIP labels alongside other data profiles and risk signals across the code-to-cloud-to-SOC journey. Seeing the actual data stored in each file also helps demystify labeling schemes and better connect the label to its business objective.

## Example Use Cases

### 1. Detect Data Exposure Risk

\*\*Scenario:\*\*A meeting summary document generated by Microsoft Word contains highly confidential information and is labeled accordingly. Due to an oversight, this document is moved to an Amazon S3 folder that is being used to store AI training data. The model trained on this data could expose the document's contents.
![Model is trained on confidential information](https://www.paloaltonetworks.com/blog/wp-content/uploads/2025/08/word-image-343060-2.jpeg)
Figure 2: Model is trained on confidential information

**How Cortex Cloud helps**: By seeing the full life cycle of the data and applications, Cortex Cloud "knows" that the folder contains AI training data. The label identifies the file as sensitive, even if classifiers looking for patterns such as customer PII miss it. Security teams can now see this risk and mitigate it by removing the file from the folder. The model itself can be retrained or disabled to remove the exposure path.

### 2. Find Unlabeled or Mislabeled Files

**Scenario:** The organizational policy dictates that files containing customer financial information must be labeled "highly confidential," which prevents them from being shared externally. However, a finance manager mistakenly mislabels an Excel spreadsheet containing such data as "confidential," which would then allow others to share it with contractors.

**How Cortex Cloud helps**: By running its own classifiers on any file found in your cloud storage environments, Cortex Cloud can identify the gap between your intended level of classification and the actual MPIP labels. You can define specific policy and playbooks to trigger when such a gap is identified.

### 3. Find and Fix Systemic Labeling Issues

**Scenario** : Marketing teams are exporting CRM data to Excel files for further analysis. These files contain customer information but are not being labeled. As a result, they could end up being shared in ways that violate compliance policies such as [GDPR](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance).

**How Cortex Cloud helps**: Cortex Cloud maps the specific risk to a specific data store. This helps pinpoint the problem, for example, by identifying the OneDrive location where these files are stored, which can then be traced back to the marketing department. Using this information, IT and security managers can find ways to improve education or policies and ensure that teams apply labels according to organizational expectations.

## Get Started Today

Support for MPIP labels is available as part of [Cortex Cloud DSPM](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management). Contact your account manager to learn more or [start with a customized demo](https://www.paloaltonetworks.com/cortex/cloud/trial).

*** ** * ** ***

## Related Blogs

### [CIEM](https://www.paloaltonetworks.com/blog/cloud-security/category/ciem-2/?ts=markdown), [Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Data Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/data-security-posture-management/?ts=markdown), [DSPM](https://www.paloaltonetworks.com/blog/cloud-security/category/dspm/?ts=markdown)

[#### Weak Identity Governance Leads to Data Exposure --- 3 Attack Paths Explained](https://www2.paloaltonetworks.com/blog/cloud-security/identity-goverance-data-exposure/)

### [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Data Detection and Response](https://www.paloaltonetworks.com/blog/cloud-security/category/data-detection-and-response/?ts=markdown), [Data Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/data-security-posture-management/?ts=markdown)

[#### Understanding the Costs and Benefits of DSPM Tools](https://www2.paloaltonetworks.com/blog/cloud-security/dspm-cost-benefits/)

### [Announcement](https://www.paloaltonetworks.com/blog/cloud-security/category/announcement/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown), [Data Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/data-security-posture-management/?ts=markdown)

[#### Prisma Cloud Innovations: September's Highlights](https://www2.paloaltonetworks.com/blog/cloud-security/feature-innovations-2024/)

### [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [IAM](https://www.paloaltonetworks.com/blog/cloud-security/category/iam/?ts=markdown), [IAM](https://www.paloaltonetworks.com/blog/cloud-security/category/iam-2/?ts=markdown)

[#### Stories from the Darkside: A Set of Stolen Access Keys and a Complete Cloud Takeover](https://www2.paloaltonetworks.com/blog/cloud-security/preventing-cloud-takeover-access-keys/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Data Security Posture Management](https://www.paloaltonetworks.com/blog/cloud-security/category/data-security-posture-management/?ts=markdown)

[#### Prisma Cloud DSPM Wins in Cloud-Native Data Security](https://www2.paloaltonetworks.com/blog/cloud-security/2024-globee-awards-dspm/)

### [AppSec](https://www.paloaltonetworks.com/blog/cloud-security/category/appsec/?ts=markdown), [ASPM](https://www.paloaltonetworks.com/blog/cloud-security/category/aspm/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Code Security](https://www.paloaltonetworks.com/blog/cloud-security/category/code-security/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Research](https://www.paloaltonetworks.com/blog/cloud-security/category/research/?ts=markdown)

[#### An Inside Look into ASPM: Five Findings from New Industry Research](https://www2.paloaltonetworks.com/blog/cloud-security/aspm-research-omdia/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language