Netskope Community
-
Forums
ProductsCommunity Resources
-
Learn
Education, Training, Certification, and Thought LeadershipCommunity Resources
-
Groups
Community GroupsCommunity Resources
-
Events
Community Resources
- Support
- Netskope Community
- Products
- Next Gen SWG
- Re: Detecting Microsoft Purview Information Protec...
Detecting Microsoft Purview Information Protection Sensitivity Labels
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-18-2022 06:41 PM
I was looking through the DLP profiles and did not find any support for triggering on Microsoft Purview Information Protection (formerly Azure Information Protection / MIP / AIP ) sensitivity labels for real-time protection policies. My goal is to coach/block users from uploading documents with certain labels to unapproved cloud storage.
I can extract the labels from the office documents metadata, but there doesn't seem to be a way for Netskope to detect the labels even with custom dictionaries or EDM. Has anyone gotten sensitivity label detection working in real-time protection DLP policies?
Solved! Go to Solution.
- Labels:
-
DLP
-
EDM
-
sensitivity
-
SWG
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-20-2022 11:25 AM
In previous versions of "Compliance Center" you could simply put the friendly name of the label in your DLP entity. I'm not sure when this changed -- likely with the rebrand to Purview -- MS no longer writes the friendly name to the metadata. Instead, they write the GUID. Take this GUID and create a case insensitive entity as follows:
MSIP_Label_GUID_Enabled
Use this entity in your Rule, assign the Rule to a custom Profile, and use the Profile in your Policy.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-20-2022 11:25 AM
In previous versions of "Compliance Center" you could simply put the friendly name of the label in your DLP entity. I'm not sure when this changed -- likely with the rebrand to Purview -- MS no longer writes the friendly name to the metadata. Instead, they write the GUID. Take this GUID and create a case insensitive entity as follows:
MSIP_Label_GUID_Enabled
Use this entity in your Rule, assign the Rule to a custom Profile, and use the Profile in your Policy.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-27-2022 12:23 PM
to add on to this, the DLP engine should be looking for the data in the headers, not the body of the file.
Further info for others on this path. In your Purview tenant ( https://compliance.microsoft.com ) you MAY be able to see the GUID for each Purview label, but its not a given. If you cant see the data in the GUI, you can extract the GUID via Powershell but you will need to install the PowerShell commandlets for the compliance dashboard. Here are the docs on how to connect: Connect to Security & Compliance PowerShell | Microsoft Learn
Alternatively you can set a label on a file (word, excel, powerpoint, etc), change the extension to .zip and then search for the text "MSIP_Label_" in the folder. You will then have the guid. Set the lable on the file to the other label types you want to target and perform the same zip -> search action to find the other GUID's. It's tedious mut maybe less so than PowerShell online which can be very fiddly.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-27-2022 11:19 AM
Hi @BrianThomas , Hope you're doing well. If @ryans answers helps you on what you're looking. Please feel free to click the comment "Accept as Solution". 🙂
Rohit Bhaskar
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-27-2022 12:23 PM
@Rohit_Bhaskar , I've flagged it as accepted. thanks to @ryans for being the good citizen and following up with the details.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-27-2022 11:23 AM
@Rohit_Bhaskar - I've been working with Brian and in all fairness, he did most of the work here, I just validated it a few more times 🙂
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- SSPM : Monitoring Salesforce Delegated Group settings with SSPM in Security Posture Management
- August Office Hours Recap in Advanced Analytics
- SSPM: Securing Google Workspace in Security Posture Management
- MIP Labeling Challenges in Data Loss Prevention (DLP)
- Netskope Private Access: "Life of a Packet" in Private Access for ZTNA
-
NG-SWG
24 -
SWG
23 -
NSClient
17 -
DLP
12 -
Next Gen SWG
11 -
NGSWG
8 -
netskope client
7 -
android
6 -
Client
5 -
cloud firewall
4 -
forward proxy
4 -
SSL bypass
4 -
sso
4 -
Support Mobiles
4 -
SCIM
4 -
CASB
4 -
GRE
4 -
Netskope Endpoint Client
4 -
Real-time Policy
4 -
URL List
4 -
users
3 -
Google Idp
3 -
Threat Protection
3 -
policy
3 -
Provisionning
3 -
DLP Violation
3 -
malware
3 -
categories
3 -
IDP
3 -
IOS
3 -
Groups
3 -
Certificate SSL
3 -
Decrypt SSL
3 -
skopeit
3 -
cfw
3 -
Azure
2 -
inline
2 -
install
2 -
Advanced Analytics
2 -
traffic
2 -
ChromeOS
2 -
Directory Importer
2 -
IPSec Tunnels
2 -
Linux
2 -
Cloud
2 -
Windows OS updates
2 -
PAC file
2 -
AWS
2 -
Reverse Proxy
2 -
url filtering
2 -
Admin
2 -
ipsec
2 -
Authentication
2 -
okta
2 -
Apps
2 -
steer traffic
2 -
Email DLP
2 -
cloud exchange
2 -
Azure AD
2 -
Netskope
2 -
User Notification
2 -
Advance Analytics
2 -
web
2 -
Chromebook
2 -
slowness issue
2 -
MacOS
2 -
steering exception
2 -
Netskope Agent
2 -
ssl
2 -
Certificate Pinned
2 -
communication between domain and application
1 -
data
1 -
Profile
1 -
Sanctioned apps
1 -
activities
1 -
Desktop Dropbox
1 -
Log
1 -
UPD errors and nsClientFLow
1 -
Epic
1 -
Netskope Client installation mechanism
1 -
status
1 -
no decryption
1 -
alerts
1 -
logs
1 -
Download
1 -
Firewalls Local
1 -
GOSKOPE
1 -
SSL Decrypt Bypass
1 -
dashboards
1 -
google
1 -
multi-user mode
1 -
log data
1 -
Upload
1 -
Internet next hop type
1 -
openai
1 -
googledocs
1 -
interception
1 -
SASE
1 -
WebSecurity
1 -
Best Practices
1 -
CCL
1 -
Fail Close
1 -
EDM
1 -
flow
1 -
chatgpt
1 -
appdefinition
1 -
browser
1 -
endpoint
1 -
sensitivity
1 -
fundamentals
1 -
Artificial Intelligence
1 -
ldap
1 -
steering
1 -
block
1 -
Cloud & Threat Challenges
1 -
Threat
1 -
instance
1 -
extension
1 -
url categorization
1 -
CTEP
1 -
AVD
1 -
explicit proxy over IPSec
1 -
AMP
1 -
MIP
1 -
Rest API
1 -
Report
1 -
awareness
1 -
Upgrade
1 -
Default OfficeSuite policy
1 -
DaaS
1 -
Office 365
1 -
Evasive Phishing
1 -
best practice
1 -
security posture check
1 -
Proxy
1 -
Reports
1 -
Changes
1 -
OfficeSuite
1 -
Virtual Desktop
1 -
Access
1 -
domain fronting
1 -
CCI
1 -
User Group
1 -
questions
1 -
Widgets
1 -
Config
1 -
No Decrypt
1 -
MFA
1 -
Whitelist
1 -
SIEM Integration
1 -
Enterprise Application
1 -
Config Update
1 -
Default Policy
1 -
AD
1 -
Google chat
1 -
Windows Server 2016
1 -
domain
1 -
interoperability
1 -
Education
1 -
RBAC
1 -
Traffic Steer on Galaxy S8
1 -
PAC
1 -
App
1 -
Netskope Admin
1 -
YouTube
1 -
file size
1 -
export
1 -
Explicit Proxy
1 -
Local Groups
1 -
Sync
1 -
APP instance
1 -
licensing
1 -
incremental update
1 -
vpn
1 -
Netskope Threat Labs
1 -
import
1 -
Block Page
1 -
SWG Login
1 -
Private App
1 -
Instances Corp
1 -
debugging
1 -
controls
1 -
native definition
1 -
API
1 -
Guidelines
1 -
configuration
1 -
entry
1 -
intel CPU
1 -
Remote Browser Isolation
1 -
Instances APP Enterprise
1 -
fiddler
1 -
AAD
1 -
Dropbox
1 -
SSL-TLS
1 -
Automation
1 -
punycode
1 -
Whatsapp
1 -
Local admin
1 -
client update
1 -
Next Fen SWG
1 -
Custom Rule
1 -
certificate
1 -
TLS
1 -
ngrok
1 -
discord
1 -
NativeApp
1 -
Internet Access
1
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below
Sign In