How to analyze document sensitivity label mismatches in SPO?
+
A document sensitivity label mismatch occurs when a file has a higher-priority label than the site where it’s stored. This can expose metadata like titles and author, even if the file remains inaccessible to users.
When mismatches are detected, details like sensitivity label IDs, the priority levels for both the file & the site, along with the file's name and location, are provided. However, the identity of the user responsible for the mismatch is not included.
To retrieve the user responsible for a mismatch, you can use the FileUpload and FileModified events through Exchange Online PowerShell. Simply run the following PowerShell script, replacing <MM/DD/YYYY> with the appropriate start and end date.
Connect-ExchangeOnline
$auditData = Search-UnifiedAuditLog -StartDate <MM/DD/YYYY> -EndDate <MM/DD/YYYY> -ResultSize 5000 -Operations "FileUploaded, FileModified, DocumentSensitivityMismatchDetected"
$event = @{}
$auditData | Where-Object {$_.Operations -ne "DocumentSensitivityMismatchDetected"} | ForEach-Object {
$data = $_.AuditData | ConvertFrom-Json
$event[$data.ListItemUniqueId] = $data.UserId
}
$mismatchReport = $auditData | Where-Object {$_.Operations -eq "DocumentSensitivityMismatchDetected"} | ForEach-Object {
$data = $_.AuditData | ConvertFrom-Json
$user = if ($event[$data.ListItemUniqueId]){
$event[$data.ListItemUniqueId]
} else { "SharePoint Online" }
[PSCustomObject]@{
Date = $_.CreationDate
FileName = $data.SourceFileName
User = $user
SitePriority = $data.SiteSensitivityLabelOrder
FilePriority = $data.SensitivityLabelOrder
}
}
$mismatchReport | Sort-Object Date | Format-Table
The script will provide key details about document sensitivity label mismatches, including the date, file name, responsible user, and sensitivity priorities for both the file and site. This helps you quickly resolve these mismatches in SharePoint Online.