Create and manually apply custom sensitivity labels using Azure Information Protection (AIP) to each data source, table, and column in the semantic model and lakehouse, ensuring each label is configured with the appropriate protection settings.

Define a set of data classification and labeling policies using Azure Policy, and assign these policies at the subscription level to automatically enforce compliance across all Azure resources, including semantic models and lakehouses.

Utilize Azure SQL Information Protection to automatically classify and label sensitive data within the lakehouse, and apply dynamic data masking rules based on the sensitivity labels to restrict data access.

Deploy Azure Purview to automatically discover, classify, and label sensitive data across the lakehouse and semantic models, and use these labels to enforce access controls and compliance policies dynamically.