Transparent read of protected files

%3CLINGO-SUB%20id%3D%22lingo-sub-238511%22%20slang%3D%22en-US%22%3ETransparent%20read%20of%20protected%20files%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-238511%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20community%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EI've%20read%2C%20that%20AIP%20offers%20a%20mechanism%20to%20transparently%20let%20the%20protected%20files%20be%20indexed%20by%20third%20party%20engine.%20Can%20anybode%20point%20me%20to%20the%20right%20direction%20here%20please%3F%3C%2FP%3E%3CP%3EI've%20build%20an%20indexer%2Ffile%20scanner%20who%20should%20transparently%20also%20scan%20the%20content%20of%20AIP%20protected%20documents%20from%20the%20company.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Estatement%20from%20Microsoft%3A%3C%2FP%3E%3CP%3EOffice%20365%20services%20and%20cloud-based%20applications%20for%20your%20tenant%20can%20integrate%20with%20Azure%20Information%20Protection%20so%20that%20important%20business%20functions%2C%20such%20as%20search%2C%20indexing%2C%20archiving%2C%20and%20anti-malware%20services%20continue%20to%20work%20seamlessly%20for%20content%20that's%20protected%20by%20Azure%20Information%20Protection.%20This%20ability%20to%20read%20the%20encrypted%20content%20for%20these%20scenarios%20is%20often%20referred%20to%20as%20%22reasoning%20over%20data%22.%20For%20example%2C%20it's%20this%20ability%20that%20lets%20Exchange%20Online%20decrypt%20emails%20for%20malware%20scanning%20and%20to%20run%20data%20loss%20prevention%20(DLP)%20rules%20on%20encrypted%20emails.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Finformation-protection%2Fconfigure-adrms-restrictions%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Finformation-protection%2Fconfigure-adrms-restrictions%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-238511%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EInformation%20Protection%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ERights%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-239461%22%20slang%3D%22en-US%22%3ERe%3A%20Transparent%20read%20of%20protected%20files%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-239461%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Martin%2C%20sounds%20like%20you%20need%20the%20super%20user%20feature%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Finformation-protection%2Fconfigure-super-users%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Finformation-protection%2Fconfigure-super-users%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EEnable%20the%20feature%20(if%20not%20already%20enabled)%20for%20your%20organization%2C%20and%20then%20make%20the%20account%20that%20runs%20your%20indexer%2Fscanner%20a%20super%20user.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Visitor

Hi community


I've read, that AIP offers a mechanism to transparently let the protected files be indexed by third party engine. Can anybode point me to the right direction here please?

I've build an indexer/file scanner who should transparently also scan the content of AIP protected documents from the company.

 

statement from Microsoft:

Office 365 services and cloud-based applications for your tenant can integrate with Azure Information Protection so that important business functions, such as search, indexing, archiving, and anti-malware services continue to work seamlessly for content that's protected by Azure Information Protection. This ability to read the encrypted content for these scenarios is often referred to as "reasoning over data". For example, it's this ability that lets Exchange Online decrypt emails for malware scanning and to run data loss prevention (DLP) rules on encrypted emails.

https://docs.microsoft.com/en-us/azure/information-protection/configure-adrms-restrictions

 

 

1 Reply

Hi Martin, sounds like you need the super user feature: https://docs.microsoft.com/en-us/azure/information-protection/configure-super-users

 

Enable the feature (if not already enabled) for your organization, and then make the account that runs your indexer/scanner a super user.