![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 57.00000000000001%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENL%3C/text%3E%3C/svg%3E)
Azure Information Protection
An Azure service that is used to control and help secure email, documents, and sensitive data that are shared outside the company.
515 questions
Only adding it now in case its useful to someone else. You need this data source:
CloudAppEvents
| where ActionType == "FileSensitivityLabelChanged"
| extend SensitivityLabelJustificationText_ = tostring(RawEventData.SensitivityLabelJustificationText)
| where isnotempty(SensitivityLabelJustificationText_)