Microsoft Purview Information Protection and Netskope DRM
Microsoft Purview Information Protection and Netskope DRM
Microsoft Purview Information Protection currently works with CASB Inline, API Data Protection, Endpoint DLP and IaaS.
Microsoft Purview Information Protection (MPIP) was formerly known as Microsoft Information Protection (MIP).
The feature set includes the following:
Ability to read:
Netskope allows reading of labels for identifying sensitive content and providing the ability to take action based on the sensitivity label as well as content.
Below use cases are supported:
- Read MPIP Labels from unencrypted documents, webmail
- Read MPIP Labels from encrypted documents, webmail
- Read content from encrypted and unencrypted documents, webmail
- Detect if there is encrypted content passing through traffic
Ability to Write:
- Classify content without using any protection settings
- Ex: Simply assign a label as a result of classifying the content without applying any encryption or other protection policies.
- Provide protection settings that include encryption and content markings
- Ex: Apply a “Confidential” label to a document or email, and that label encrypts the content and applies a “Confidential” header, footer and watermark. Encryption can also restrict what actions authorized people can take on the content.
- Protect content in Office apps across different platforms and devices
- Ex: Apply labels in Word, Excel, PowerPoint, and Outlook on the Office desktop apps and Office on the web
For detailed information, see Integrate Netskope with Microsoft Purview Information Protection.
Sensitivity Label Integration
See Microsoft Documentation for more information.
Upon granting access, Netskope will fetch your pre-defined sensitivity labels as defined in vendor portal. For example, MPIP labels are fetched from Microsoft Compliance page.
In order to grant access and fetch your configurations:
1.Go to Settings > Manage > Sensitivity Label Integration.
2.Click Setup Instance, click Microsoft, enter the Instance Name, select between GCC High and Commercial, and click Grant Access.
3. Click … on the right-side of your newly setup instance and click View.
Sensitivity Label is the label defined in the Microsoft compliance page. A parent label can have multiple sublabels.
Order is the priority of the labels as defined in the Microsoft Purview Information Protection instance.
Scope defines the objects that the label will be applicable to.
These labels will be available for referencing when creating/editing a DLP File Profile.
Sync Labels:
Netskope provides the ability to sync labels on demand for any change that has been made to the label in the Microsoft compliance page. The same can be achieved by using the option, Sync sensitivity labels in either of the workflows/screenshots shown below.
Email (.eml) File Scanning Support
As of R122, admins are able to define policies for matching against Sensitivity Labels applied to SMTP Proxy Traffic. For the time being, decryption for emails is currently not supported.
For more information, see Real-time Protection Policies and View DLP Incidents related to SMTP Proxy.