Which service should be used to automatically protect sensitive information across emails and documents in Microsoft 365?

Using Microsoft Information Protection is the right choice for automatically protecting sensitive information across emails and documents in Microsoft 365. This service offers organizations a set of tools to classify, label, and protect data based on its sensitivity. Microsoft Information Protection allows for the implementation of policies that can automatically apply labels to documents and emails, which in turn enforce protection settings tailored to the sensitivity of the data. With features like Azure Information Protection, sensitive data can be automatically encrypted or restricted from being accessed by unauthorized users, ensuring compliance with data protection regulations and reducing the risk of data breaches.

The other services mentioned, while important in their respective areas, do not primarily focus on the automatic protection of sensitive information across emails and documents. Microsoft Defender for Identity is geared towards monitoring and protecting user identity and behavioral analytics, Microsoft Defender for Endpoint focuses on securing endpoints against threats, and Microsoft Cloud App Security enhances visibility and control over cloud applications. None of these options provide the specific automated labeling and protection capabilities that are fundamental to Microsoft Information Protection.