Have you tried the System Options -> Security -> Scan documents for AIP security markings feature?

I haven't but it reads like it might do what you need... here's the snippet from help:

• Scan documents for AIP security markings - select this option to scan all documents being checked into Content Manager for Azure Information Protection (AIP) security markings. When enabled, if a document with an AIP sensitivity label attached is checked in, then a search for a Content Manager Security Level with the same name is done, if a match is found, it will be applied to the document automatically at the time of check in. If a matching Security Level is not found, then a search for a matching Security Caveat will be done, if a match is found, it will be attached to the document.
  If no matching Security Level or Security Caveat is found to match the AIP label then the default Security/Access settings will be applied to the record.

  NOTE: The following are the file types and scenarios where this process does not work:

  • Mail files, e.g. *.msg and *.eml formats
  • Password protected documents
  • If the AIP label was created with the option Encrypt files and emails enabled.
  • If documents created using an AIP label that has limited access to the document to specific users or groups.
  • This matching process is only applied for the first check in of the document. If the document is checked in again, the record's Security will not be updated automatically. If there is a requirement to modify the security for subsequent check ins, it will need to be done manually.

That is precisely the integration I am interested in.

Keen to hear from others with their experiences 

Hey Josh,

We have implemented them, and the one intricacy we noticed was that the text must exactly match that which is in the AIP/MIP label.

I would have liked the ability for CM to reach out to the Azure list and enable a mapping so you could map a Azure sensitivity label to CM Security (Classification and Caveat)

Thanks,

Aaron

Maybe the mapping could be implemented as a list of values to match against that's maintained in each CM security level item?

And a regex match to get around the need for exact matching? But that'd be more of a nice-to-have.

Sorry for my delayed response. and thank you to everyone who gave suggestions. We are looking at using but we are a little stuck due to the need to ensure text matching. I have raised an enhancement request for CPE to look at giving customers more control over the configuration and referenced this discussion.