My life can be depicted in many different Morrissey or The Smiths song titles. “My Life Is a Succession of People Saying Goodbye”, “We Hate It When Our Friends Become Successful”, “The More you Ignore Me, The Closer I Get”, “Seasick, Yet Still Docked”. At this moment, Heaven Knows I’m Miserable Now.
I have been training for the half marathon. Two months ago, after running ten miles, my knees started to tighten. My car was still a mile away but I thought I could easily run another mile. Bad judgement. My left knee gave out. After a week of rest, I thought I was ready to try again and ended up in urgent care. Pes Anserine Bursitis – inflammation of the bursa that sits between the shinbone and three tendons of the hamstring muscle, inside of knee. Injury is increased in distance runner especially those with weak gluteus medius like myself. Cortisone shot, a couple PT treatments, electrodes and targeted exercises enabled me to run again. However, I could no longer sprint. It was just too painful. My Physical Therapists advised against me running the half marathon. So tomorrow, I will be running the 5K instead. Don’t you hate it when your body fails you?
Fortunately, I still have my head. Going in a different direction at work. Instead of changing the RMSOwner, I am hoping I can set up a DLP policy condition where Document property is ContentPropertyContainsWords .
I read in a forum that “The DLP condition may be based on the managed property in SharePoint Search“. Setting up a managed property was pretty straight forward here and here. The latter sounded promising because of a property called SetBy which is the account name of the person applying the label. Yes, you can also get this information from the Activity Explorer but I wanted a DLP policy based on this condition.
I checked the crawled property selection in SharePoint Admin and couldn’t find this “SetBy” property. Did Microsoft deprecate this crawled property? I looked at the File’s Properties –> Custom and couldn’t find it there
I even checked the xml properties of the word document but to no avail (docProps –> custom.xml)
More information on these properties can be found here. Subsequently, I opened a ticket with Microsoft.
While I am waiting for Microsoft to get back to me, I found another interesting tidbit. There are custom properties in the File–>Info–> Properties–> Advanced Properties (of .docx, .xlsx, etc) that one can set. I set a value of “EXTERNALALLOWED” on the “Purpose” property.
In Sharepoint Admin Center, open up Search and click on “Manage Search Schema”. In the “Managed Properties” tab, click on “new Managed Property” to create new one. I named mine “DLPDocPurpose“. Select “Queryable” and “Retrievable” then click on “Add a Mapping”. Here you select the crawled property. I typed the word “Purpose” (without quotes) and ows_Purpose and Purpose were displayed. I tested both and the former property is the crawled property that maps to Excel’s custom “Purpose” property.
Once you set up this managed property, you can then use it in your DLP Policy. My example, I used it in an Exception condition as a test:
This DLP policy will block attachments with certain sensitivity labels. However, if the DLP policy finds in the metadata, a DLPDocPurpose property (mapped to the Purpose custom property in the document) and the text is “EXTERNALALLOWED”, the email will not be blocked.