AIP, DLP and eDiscovery

%3CLINGO-SUB%20id%3D%22lingo-sub-568023%22%20slang%3D%22en-US%22%3EAIP%2C%20DLP%20and%20eDiscovery%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-568023%22%20slang%3D%22en-US%22%3E%3CP%3EI%20did%20some%20tests%20yesterday%20to%20verify%20some%20DLP%20and%20eDiscovery%20behavior%20for%20AIP%20protected%20documents%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ea)%20DLP%3A%20I%20setup%20a%20DLP%20policy%20with%20a%20rule%20do%20prevent%20users%20from%20saving%20documents%20that%20are%20marked%20as%20%22Streng%20Vertraulich%22%20(Highly%20Confidential)%20on%20SharePoint%2C%20ODfB%20and%20send%20through%20Exchange.%3C%2FP%3E%3CP%3EI%20used%20a%20rule%20that%20looks%20at%20a%20file%20property%20and%20named%20the%20property%20%22Sensitivity%22%2C%20with%20the%20Value%20%22Streng%20Vertraulich%22%20(see%20screenshot).%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20422px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F113318i1C2533AC4D1D13EA%2Fimage-dimensions%2F422x142%3Fv%3D1.0%22%20width%3D%22422%22%20height%3D%22142%22%20alt%3D%22screen1.PNG%22%20title%3D%22screen1.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EI%20activated%20the%20policy.%20(%22Yes%2C%20turn%20it%20on%20right%20away%22).%3C%2FP%3E%3CP%3EResult%3A%20Saving%20these%20documents%20was%20not%20prevented%2C%20no%20warning%20messages%20to%20the%20user%20and%20not%20alert%20to%20the%20adminstrators.%3C%2FP%3E%3CP%3EWhy%20is%20this%20policy%20not%20working%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20also%20bothered%20me%20was%2C%20that%20the%20Sensitivity%20property%20value%20was%20not%20listed%20in%20the%20Windows%20Explorer%2C%20see%20attached%20screenshot.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20421px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F113319i290A20FA371FC9D1%2Fimage-dimensions%2F421x295%3Fv%3D1.0%22%20width%3D%22421%22%20height%3D%22295%22%20alt%3D%22Screen2.PNG%22%20title%3D%22Screen2.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-568023%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EInformation%20Protection%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-618904%22%20slang%3D%22en-US%22%3ERe%3A%20AIP%2C%20DLP%20and%20eDiscovery%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-618904%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F203532%22%20target%3D%22_blank%22%3E%40Franck%20Marteaux%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F90352%22%20target%3D%22_blank%22%3E%40Enrique%20Saggese%3C%2FA%3E%3A%20Is%20this%20something%20you%20can%20speak%20to%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-619268%22%20slang%3D%22en-US%22%3ERe%3A%20AIP%2C%20DLP%20and%20eDiscovery%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-619268%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F203532%22%20target%3D%22_blank%22%3E%40Franck%20Marteaux%3C%2FA%3E%26nbsp%3BHo%20Franck!%20Did%20the%20label%20you%20applied%20involve%20protection%20or%20not%3F%3C%2FP%3E%0A%3CP%3EIn%20labels%20without%20protection%20the%20label%20metadata%20is%20only%20encoded%20as%20an%20Office%20Document%20metadata%20(which%20you%20can%20see%20from%20within%20Office%20by%20going%20to%20File%2FInfo%2FProperties).%20Only%20when%20you%20involve%20protection%20the%20labels%20are%20visible%20within%20Explorer.%3C%2FP%3E%0A%3CP%3EWe%20are%20working%20to%20integrate%20labeling%20with%20SPO%20so%20Office%20365%20DLP%20can%20act%20on%20labels%20whether%20the%20document%20is%20protected%20or%20not.%20We%20are%20also%20working%20to%20integrate%20labels%20in%20Explorer%20so%20the%20labels%20are%20visible%20as%20an%20Explorer%20column.%20We%20don't%20have%20ETA%20for%20this%20work%20to%20be%20complete%2C%20in%20the%20meantime%20unfortunately%20the%20results%20my%20not%20be%20consistent%20depending%20on%20whether%20the%20label%20applies%20protection%20or%20not.%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHTH%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-649499%22%20slang%3D%22en-US%22%3ERe%3A%20AIP%2C%20DLP%20and%20eDiscovery%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-649499%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F90352%22%20target%3D%22_blank%22%3E%40Enrique%20Saggese%3C%2FA%3E%26nbsp%3B%2C%20yes%2C%20most%20of%20the%20documents%20in%20the%20screenshot%20are%20protected%2C%20specifically%20the%20one%20%22Geb%C3%A4ude%22%20with%20the%20open%20properties%20dialog%20box.%3C%2FP%3E%3CP%3ERegards%2C%3CBR%20%2F%3EFranck%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Franck Marteaux
Occasional Contributor

I did some tests yesterday to verify some DLP and eDiscovery behavior for AIP protected documents:

 

a) DLP: I setup a DLP policy with a rule do prevent users from saving documents that are marked as "Streng Vertraulich" (Highly Confidential) on SharePoint, ODfB and send through Exchange.

I used a rule that looks at a file property and named the property "Sensitivity", with the Value "Streng Vertraulich" (see screenshot).

screen1.PNG

I activated the policy. ("Yes, turn it on right away").

Result: Saving these documents was not prevented, no warning messages to the user and not alert to the adminstrators.

Why is this policy not working?

 

What also bothered me was, that the Sensitivity property value was not listed in the Windows Explorer, see attached screenshot.

Screen2.PNG

 

3 Replies

@Franck Marteaux 

 

@Enrique Saggese: Is this something you can speak to? 

@Franck Marteaux Ho Franck! Did the label you applied involve protection or not?

In labels without protection the label metadata is only encoded as an Office Document metadata (which you can see from within Office by going to File/Info/Properties). Only when you involve protection the labels are visible within Explorer.

We are working to integrate labeling with SPO so Office 365 DLP can act on labels whether the document is protected or not. We are also working to integrate labels in Explorer so the labels are visible as an Explorer column. We don't have ETA for this work to be complete, in the meantime unfortunately the results my not be consistent depending on whether the label applies protection or not. 

HTH

 

Hi@Enrique Saggese , yes, most of the documents in the screenshot are protected, specifically the one "Gebäude" with the open properties dialog box.

Regards,
Franck

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies