X-Protective-Marking multi-values are not accepted in Purview DLP Policy

[CryptikCrisis]

The ASD Secure cloud blueprint has a DLP policy configuration that intends to add the following protective marking header to messages when sensitivity labels are applied.

The X-Protective-Marking header is a multi-string value header which is not supported by Purview DLP policies. The result of the policy is that the last value entered is the value inserted into the mail header.

Expected behaviour:

When message MSIP label contains "UNOFFICIAL" then x-protective-marking should contain the following values

x-protective-marking: VER=2018.6, NS=gov.au, SEC=UNOFFICIAL

Actual behaviour:

x-protective-marking:SEC=UNOFFICIAL

[RebelliousBadger]

Hi CryptikCrisis,

Thank you for your above feedback on the Blueprint. We received a similar query via our inbox and this is an area we are looking to clarify as part of future releases.

In the interim, as you have suggested above please put quote marks " around the header name (X-Protective-Marking) and header value (VER=2018.6, NS=gov.au, SEC=UNOFFICIAL), ensuring to separate the two with a colon :

Essentially, the value should be entered as:

"X-Protective-Marking":"VER=2018.6, NS=gov.au, SEC=UNOFFICIAL"