Microsoft AIP
Use Microsoft AIP sensitivity labels in Cato DLP profiles
Integration overview
Microsoft Purview: Industry-leading data classification
Define sensitivity labels once across your entire Microsoft 365 estate — documents, emails, and data automatically classified at scale.
Cato DLP: Network-wide policy enforcement
Inline DLP inspection across all traffic and applications, delivered as a unified cloud service within Cato SASE.
Together, organizations get the best of both: Microsoft’s powerful classification engine doing the heavy lifting on labeling, and Cato ensuring those labels drive consistent enforcement across the full network — no matter the app, location, or device.
How Cato Helps
Preventing sensitive document leakage to unsanctioned cloud storage
Data exfiltration prevention · Compliance
An enterprise has classified its internal documents — contracts, financial reports, product roadmaps — using Microsoft Purview sensitivity labels. Employees regularly use personal cloud storage services like Dropbox or Google Drive, creating an uncontrolled path for labeled files to leave the organization. With Cato DLP, the „Confidential“ and „Restricted“ labels are imported and added to a DLP content profile. A policy rule blocks upload of any file carrying those labels to non-approved cloud destinations — enforced for all users, including remote workers, without any changes to how employees use Microsoft 365.
Enforcing need-to-know access for highly confidential content
Access control · Insider risk
Not all sensitive data should be treated the same way for every team.
A company uses a „Highly Confidential“ Purview label for board materials, M&A documents, and executive communications. With Cato DLP, separate rules are created per label per user group: employees in authorized groups can access and share this content normally, while attempts by others to download, forward, or transfer it are blocked and logged. Security teams get full visibility into label-based violations in the Cato DLP dashboard — without needing to build separate policies in a standalone DLP tool.
