Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
Microsoft Ignite 2019 – Microsoft Information Protection solutions Partner ecosystem showcase
Published Nov 05 2019 06:58 AM 16.1K Views

Last year at  the Ignite conference we delivered the Microsoft Information Protection SDK, which enabled our growing ecosystem of partners to build integrations in a truly cross-platform way.  Since then several partners  have joined the Microsoft Intelligent Security Association (MISA) and are in the process of releasing or already have solutions in the market that enhance and extend the value of Microsoft Information Protection capabilities. Below is a round-up highlighting some of the key Microsoft Information Protection integrations available.

 

Adobe

Now you can use Adobe Acrobat DC and Acrobat Reader DC on Windows & MacOS desktop computers to open files protected by Microsoft Information Protection capabilities.

Acrobat Reader DC / Acrobat DC auto-detects a  file protected by Microsoft Information Protection and prompts you to download the corresponding plugin from Adobe’s helpx page. Once you download and install the plug-in, the protected file open like any other PDF in Acrobat or Reader after authentication. You can also see the sensitivity label information applied to the PDF file using Acrobat Reader DC and Acrobat DC.

You can download the plugin from the following location (make sure you have the latest version of Adobe Acrobat installed:  https://helpx.adobe.com/acrobat/kb/mip-plugin-download.html

 

Adobe integration with Microsoft Information Protection on Windows and MacAdobe integration with Microsoft Information Protection on Windows and Mac

 

 

 

Absolute Software

Absolute, the self-healing endpoint security company, has solidified its technology partnership with Microsoft by integrating with Microsoft information Protection solutions, adding persistent visibility to enhance data protection.

The integration allows organization to detect productivity file types that contain sensitive data such as Word, Excel, PowerPoint, and PDF files.  Once the rules are configured via the Absolute console, the sensitivity label and protection persists with the file even when it moves off the endpoint. Customers now have a better way to manage unwanted access to sensitive files, without restrictive policies that hamper productivity. 

For more information, go to https://www.absolute.com/platform/

Absolute Software Integration with Microsoft Information ProtectionAbsolute Software Integration with Microsoft Information Protection

 

 

BigID

BigID’s integration with Microsoft Information Protection allows enterprises to automatically propagate labels to sensitive and personal data for greater accuracy, ensure consistent enforcement, and address emerging privacy regulations, including GDPR and CCPA. BigID helps identify whether or not Microsoft Information Protection labeled data contains data regulated by resident-based policy (like the CCPA or GDPR) or identity-based policy (like HIPAA or CCPA) – and can automate data protection policies based on regulation and data privacy best practices. With BigID, organizations can automate data access rights, assign data residency, and monitor & alert on cross-border data flows. For more information on their integration, visit the following link: How BigID And Microsoft Information Protection (MIP) Work Together

 

Big ID integration with MIPBig ID integration with MIP

 

BigID2.png

 

 

Checkpoint Software

An integrated solution of Microsoft Information Protection capabilities with Check Point  Next Generation Firewall Security Solutions helps protect organizations from data loss.  It keeps sensitive business data safe, regardless of where it travels or how it is shared, including via email, web browsing or file-sharing services, which extend Microsoft Information protection capabilities outside of Microsoft Products.

Checkpoint1.png

 

Checkpoint2.png

 

 

Digital Guardian

Digital Guardian is integrating Microsoft Information Protection capabilities into its Linux based Digital Guardian Appliance.  This will allow Digital Guardian customers to do several things:

  • Inspect Microsoft Information Protection labeled and encrypted documents– this capability extends the Digital Guardian email gateway inspection process to allow it to decrypt and inspect Microsoft Information Protection labeled and encrypted documents for sensitive or regulated data.  This will ensure that even encrypted documents are inspected and adhere to the regulatory stance of an organization before the email leaves the organization.
  • Review content vs. label – this capability allows Digital Guardian customers to compare the content, sender and destination of an emailed document with the Microsoft Information Protection sensitivity label and controls that have been applied to the document.  This will ensure documents have not been mislabeled and the appropriate controls are applied before a document is emailed out of an organization

For more information about the integration, visit Digital Guardian’s website: https://digitalguardian.com/products/technology-partners/microsoft-aip

 

DG.png

 

ForcePoint

For many years, customers have trusted Forcepoint’s DLP to satisfy compliance regulations and protect their intellectual property. With the enforcement of the GDPR regulation, the focus on classifying and protecting data, wherever it resides, has become of utmost importance. Forcepoint and Microsoft are partnering to extend protection offered by Microsoft Information Protection solutions to customers’ on-premises digital estate.


Forcepoint’s ecosystem of data classification partnerships allows for joint customers to experience the best that both solutions have to offer. When data resides in Microsoft’s cloud services, customers can take advantage of the sensitivity labeling and protection system that Microsoft provides. Forcepoint ensures that Microsoft Information Protection classification, labeling and data protection can be automatically applied to sensitive data on managed endpoints, within the customer’s datacenter infrastructure or within sanctioned cloud applications.


Forcepoint products also work to provide the appropriate visibility, access and data protection in public or hybrid cloud environments. Customers looking to protect data in Office 365 and other SaaS apps can do so thanks to this interoperability. Organizations can proactively apply policies governing the use of cloud-hosted files to help ensure compliance and deliver uniform visibility and control over cloud-hosted information assets, based on sensitivity labels applied by Microsoft Information Protection solutions. For more information about the integration go to the following site: https://www.forcepoint.com/blog/insights/forcepoint-dlp-integration-microsoft-information-protection...

FP_DLP_AIP_Import Labels.png

 

FP_DLP_AIP - Incident Reporting.png

 

FP_DLP_AIP - Action Plan.png

 

 

 

Informatica

Unified Intelligent Data Protection: Informatica’s integration with Microsoft Information Protection capabilities offers a unified approach to data protection, data privacy and the support of regulatory compliance across devices, the modern workplace, Azure Data Services, on-premises and other data repositories. 

Offering CISOs, Privacy Officers and CDOs with a “single pane-of-glass” view into the location, risk and proliferation of personal and sensitive data throughout the enterprise and aggregate risk profiles for key regulations such as GDPR and CCPA compliance. You can find more information here:   https://blogs.informatica.com/2018/09/27/unified-intelligent-data-protection

 

 SplitScreen1 365 removed.png

 

 

McAfee

McAfee MVISION Cloud now supports integration with Microsoft Information Protection Solutions. This allows security admins to take advantage of Microsoft Information Protection encryption seamlessly across multiple cloud applications while managing policies with a single-pane-of-glass view provided by MVISION Cloud. Some of the key use cases supported by McAfee MVISION Cloud with Microsoft  Information Protection solutions include monitoring sensitive documents uploaded to cloud applications and protecting/classifying these documents with Microsoft Information Protection capabilities, detecting collaboration activities on documents with given sensitivity label, and protecting documents being downloaded to unmanaged devices with Microsoft Information Protection sensitivity labels

For more information go to the following website:

https://www.skyhighnetworks.com/cloud-security-blog/mcafee-mvision-cloud-and-azure-information-prote...

Configuration (1).png

 

Policy - AIP Label Detection.png

 

Policy - Apply AIP Labels.png

 

 

NetSkope

Netskope’s integration with Microsoft Information Protection allows policy-based rights management to be applied to documents stored in Office 365 OneDrive for Business. Netskope continuously monitors OneDrive to uncover specific data using predefined data loss prevention (DLP) rules for common regulations (PCI, HIPAA etc), or custom rules that use advanced DLP capabilities (Regex, OCR etc).  Documents discovered to contain sensitive data, and/or inappropriately shared externally, can have specific rights management policies applied by Netskope to protect the files.

For more information please go to the following website: https://resources.netskope.com/product-demos/demo-azure-rms-integration

Netskope integration with MIP policy screenshot.png

 

 

NucleusCyber

NC Protect’s integration with Microsoft Information Protection sensitivity labels provides customers with a solution that can dynamically apply  Microsoft Information Protection labels and protection at time-of-access, right down to the individual file level. This allows support for multiple protection policies for a single Microsoft Information Protection file classification to protect the data across every conceivable collaboration scenario. For more details,review the following url: https://nucleuscyber.com/nc-protect-overview/

NC Labels SDR.pngNC Labels.png

 

Palo Alto Networks

Palo Alto Networks Next-Generation Firewalls, using the ContentID feature, and Prisma SaaS, can identify Microsoft Information Protection sensitivity labels in documents that are in-transit through the network or are at-rest on sanctioned SaaS applications. These capabilities allow granular auditing and tracking of sensitive documents. Security policies can be configured on Next-Generation Firewalls to alert when files with specific Microsoft Information Protection labels leave the corporate network, and sensitive data leak prevention can be achieved by preventing files with certain labels to be uploaded to non-sanctioned services. Prisma SaaS can detect labels on files and documents stored on sanctioned SaaS services to identify issues with data governance and flag abnormal behavior.  For more details, checkout the following URLs:

Prisma SaaS - https://docs.paloaltonetworks.com/prisma/prisma-saas/prisma-saas-admin/manage-prisma-saas-policy/pri... 

Next-Generation Firewall: https://live.paloaltonetworks.com/t5/Blogs/Using-Azure-Information-Protection-Policies-to-Control-Do... and  https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/threat-prevention/set-up-data-filtering/cr...

prisma-saas-aip.png

 

firewall-data-filtering-aip-labels.png

 

SecuPi

SecuPi data-centric security and privacy protection platform applies Microsoft information Protection Labels and Protection at creation-time across every business application and analytics tool in use.

By installing the light-weight SecuPi overlays on the application servers, SecuPi monitors access to all sensitive data. 

Once all reports and ad-hoc queries that include sensitive data are identified (by having SecuPi parse and identify the source SQL to the list of sensitive tables and columns). 

 

No changes nor manual work is required to apply Microsoft Information Protection labels  across millions of newly created documents.

Details on SecuPi integration with a Microsoft Information Protection Solution:

https://www.youtube.com/watch?v=m-ZshayZnHY  

SecuPi.jpeg

 

 

 

Shieldox

The tight integration between Microsoft Information Protection and Shieldox gives organizations a solution that finds risks in sharing. Office 365 has made sharing business information easier than ever. But while the cloud has accelerated business, but it has made it impossible for organizations to know exactly what's at risk. It can be difficult to determine if business information is being shared where it shouldn’t, like if the CFO’s files are exposed externally or if financial information is circulating around the company. Shieldox along with Microsoft Information Protection sensitivity labels makes it possible. It seamlessly integrates with Office 365and Cloud App Security to scan for sharing and automatically label business information with a high degree of accuracy. Shieldox’s Information Intelligence algorithm connects the dots between different share events and actions, labels, files, and more to make sense of sharing and separate risks from safe collaboration, works without disrupting users, and only takes 5 minutes to get started. With Shieldox and Microsoft Information Protection, organizations gain insights into risks to shared business information, so they can take action to secure their collaboration. Now you can protect just what needs protection. For more details about the platform, visit https://shieldox.ai/shieldox-and-mip/

 

Sheildox1.png

 

Sheidox.png

 

 

Trustwave

As enterprises migrate to Microsoft Information Protection for encryption and enabling restricted access to documents and email both inside and outside the organization, protected content remains obfuscated, creating security blind spots - Trustwave Secure Email Gateway (SEG) decrypts Microsoft Information Protection encrypted messages (including protected files) and enforces corporate email policies on the decrypted content. Once the policy has been applied, the gateway can repackage the content for delivery to ensure your company data is both inspected and protected.

The gateway does multi-level extraction of the message to allow for extensive analysis of the content via multiple conditions such as DLP engines and file types. Administrators can then apply a wide range of actions to both protected and unprotected messages, like quarantine, stamping, or alerting the administrator. This integration is provided in both SEG Cloud and on-premise offerings. Get more information at the following website: https://www.trustwave.com/en-us/services/technology/secure-email-gateway/

 

Trustwave_AIP_ContentTab_STAMPED.PNG

 

Trustwave_AIP_DetailsTab.PNG

 

Trustwave_AIP_Stamped_Content.png

 

 

 

Varonis

Varonis integrates with Microsoft Information Protection capabilities to protect sensitive data across your environment regardless of where it lives - or how it’s shared.  Data classification labels utilizes Varonis’ sophisticated rule capabilities to identify sensitive data, like GDPR, CCPA, or PCI, and leverages their extensive pattern repository to build even more labeling rules.  By integrating with Microsoft Information Protection, customers can automatically apply sensitivity labels and encrypt files that Varonis has identified as sensitive.  In addition, Varonis can find mislabeled files that contain sensitive data based on its advanced classification engine and re-apply the correct labels.  CLICK HERE to watch a technical integration demonstration.

 

To learn more, visit Varonis online at:  https://www.varonis.com/products/data-classification-labels/

 

Varonis_DCL_ScreenShot2019_v2 - Copy.PNG

 

 

Veritas

Veritas Enterprise Vault is the archiving solution providing the ability to archive and index over 80 content sources.   Our integration with Microsoft Information Protection allows encrypted content to be fully indexed and classified when archived while still preserving the original AIP encrypted files with full fidelity.   Veritas worked closely with Microsoft in building a tool to decrypt content to facilitate text extraction prior to indexing.   The original encrypted file is preserved in the archive along with the extracted text in HTML format for use in Discovery use cases.   Upon export from Discovery, content can be decrypted to allow production to external counsel.

 

For more information:  https://www.veritas.com/insights/enterprise-vault

EV1.jpg

 

EV2.jpg

 

 

 

 

 

1 Comment
Version history
Last update:
‎May 11 2021 02:06 PM
Updated by: