Crawl Document Properties for DLP
The following image contains a use case that I have provided MS support for a design change request.
The ultimate issue here is that SharePoint Online search does NOT crawl document level properties. Therefore, DLP cannot use these properties to help protect that document from leaking since DLP is reliant on the search index.
The workaround I have been given is to create a column in the document library where the file is stored; this allows the custom document property to populate the list column in the library upon upload. The challenge with this approach is that this column must be deployed across our entire tenant. This includes all OneDrive sites as well as SharePoint sites. In order to deploy this column to our tenant involves custom development which we try to avoid at all costs as the cost to maintain custom solutions is high.
The next area where this workaround falls down is within Office Groups. Unless an API is available, not sure if one exists or not yet, the Office Groups UI does not allow the user to add columns to the FILES feature within a group.
I can also see a scenario where PDF files are generated from a system and stamped with custom properties. Once these files are distributed within an organization, having the ability for O365 DLP to identify these files based on properties would be a huge win for controlling the data from leaking.