Secure AIP Labeled Files with Enterprise DLP
Leverage Enterprise data loss prevention (DLP) to inspect and take action on assets protected with Microsoft Azure Information Protection (AIP).
Leverage Enterprise data loss prevention (DLP) from the cloud management console to inspect for and take action on assets protected with Microsoft Azure Information Protection (AIP).
- Create a document protected with a Microsoft AIP label.Refer to the Microsoft Azure Information Protection documentation for detailed information.
- In the cloud management console, select.ManageConfigurationSecurity ServicesData Loss Prevention
- Configure a file property data pattern.
- Select.Detection MethodsData PatternsAdd Data PatternsFile Property
- Enter aNamefor the file property data pattern.
- For theFile Property Type, selectCustom.
- For the custom file propertyName.You must enter the full AIP labelNamethat you want to take action on. This can be either theMSIP_Label_<GUID>_Enabledlabel name or theSensitivitylabel name.
- For the custom file propertyValue, enter the Microsoft AIP label you want to scan for and take action on.For example, if you want to take action on assets protected with theConfidentialAIP label, enterConfidential.
- (Optional)Add File Propertyand repeat the steps above to take the same action on multiple AIP labels using a single data pattern.
- Configure a data profile.Before you create the data profile, consider which AIP labels you want to allow and block. If you add match criteria only to the Primary rule, you can select whether to allow or block matched traffic. If you add match criteria to both the Primary and Secondary rules, traffic that matches the Primary rule is always allowed and traffic that matches criteria the Secondary rule is always blocked.When a data profile contains match criteria that you want to both allow and block, be aware that the sessions in which the matched traffic is inspected matters. For example,File1matches criteria in the Primary rule you want to allow andFile2matches criteria in the Secondary rule you want to block. Both of these files are attached to a single email. In this scenario, the DLP cloud service blocks the email both files are attached to becauseFile2has match criteria that is blocked. However, if each file is attached to separate emails or if the files are attached to the same email one at a time, the appropriate action is taken for each file.
- SelectData Profilesand.Add Data ProfileWith Data Patterns only
- Enter aData Profile Name.
- For the Primary Rule,Add Data Pattern Groupand set the confidence level asLow.Search for and select the file property data pattern you created in the previous step. Repeat this step to add multiple data patterns if needed.
- (Optional) For the Secondary rule,Add Data Pattern Groupand set the confidence level asLow.Search for and select the file property data pattern you want to block. Repeat this step to add multiple data patterns if needed.You can add data patterns to the Primary rule and skip this step if you plan to only block matched traffic.
- Modify the DLP rule.
- SelectDLP rulesand locate the data profile you created in the previous step.The data profile and corresponding DLP rule have identical names.
- Expand the Action column andEdit.
- Select theActionyou want to take.If you added data patterns to both the Primary and Secondary rules, the Action isAlert and Blockby default and cannot be modified.Alertapplies to the Primary rule andBlockapplies to the Secondary rule.
- Alertgenerates a DLP incident and allows matched traffic.
- Blockgenerates a DLP incident and blocks matched traffic.
- Specify theLog Severitywhen a DLP log is generated for matched traffic.Informationalgenerates an information DLP log and does not generate a DLP incident. All other log severity types generate the corresponding severity DLP log and generate a DLP incident.
- Add the Enterprise DLP data profile to a profile group.
- Select.ManageConfigurationSecurity ServicesProfile Groups
- Add Profile Groupor select an existing profile group.
- For the Data Loss Prevention Profile, select the DLP rule you modified in the previous step.
- Add the profile group to a Security policy rule.
- SelectandManageConfigurationSecurity ServicesSecurity PolicyAdd Rule.
- Configure the Security policy rule as needed.
- For the Action and Advanced Inspection:
- set the Action asAllow.
- Verify the Action isAllow(default).
- For the Profile Group, select the profile group you added the DLP rule to in the previous step.
- In thePrisma Access - Pre Rules, verify that the Security policy rule is at the top of the policy rulebase to ensure traffic is not allowed or blocked before it can be inspected.
- Push Config.
- Verify that the Enterprise DLP successfully detects and takes action on the assets protected by AIP labels you specified in your Enterprise DLP configuration.You can use sites such as DLP ToolBox and DLP Test to verify.Refer to the Enterprise DLP Administrator's Guide for more information on supported applications.
Recommended For You
Recommended videos not found.