Global settings

Manage global settings that apply to all Data Protection policies.

  1. Click the Edit button next to Global settings.
  2. On the Global settings dialog, we have following fields:

    • Endpoint Email Domains: This includes defining which directions may be monitored for endpoint email (for instance, only outbound). The direction or directions that are enforced are determined by the Destination on the custom rule of a policy. In the rule, if you choose a direction that is not allowable per the Email Domains setting, endpoint email traffic is not analyzed.

      Enter a domain and click the plus symbol to add the domain to the list. Select the following traffic direction(s) to monitor:
      • Outbound: To monitor traffic between a source domain defined in the Internal email domains list and any destination domain that is not in the list.
      • Internal: To monitor email traffic between source and destination domains that are both in the Internal email domains list.

    • Endpoint Microsoft MIP (Not Supported Yet): Enable the option to decrypt and analyze Microsoft Office files that were encrypted by Microsoft Information Protection on Windows endpoints. This includes files found on Windows endpoints (discovery) or sent via any endpoint channel.

      This feature enables enterprises to maintain sensitive data visibility and control for files protected using MIP. Forcepoint ONE Data Security interacts directly with MIP, enabling MIP to work both on and off the network. It can also be used to better understand how MIP is being used by employees to protect sensitive data.

    • Optical Character Recognition (OCR): The OCR service enables the system to analyze image files being sent through network channels, such as email attachments and web posts. The service determines whether the images are textual, and if so, extracts and analyzes the text for sensitive content. There is no special policy attribute to configure for optical character recognition (OCR). If sensitive text is found, the image is blocked or permitted according to the active policies.

      Note: The option to enable OCR is only displayed if the system has the DPS cloud OCR license enabled. This can be checked from the tenant information section.

      To enable OCR analysis in your network:

      • Enable the toggle button under the Enable Optical Character Recognition (OCR).

      When OCR is enabled, images of the following types are sent to the OCR server for text extraction:

      • JPEG_2000_JP2_File - JPEG-2000 JP2 File Format Syntax (ISO/IEC 15444-1) (.jp2, .j2k , .pgx)
      • JBIG2 - JBIG2 File Format(.jB2, .jbig2)
      • MacPaint - MacPaint
      • PC_Paintbrush - Paintbrush Graphics (PCX)
      • BMP - Windows Bitmap
      • JPEG_File_Interchange - JPEG Interchange Format
      • PNG - Portable Network Graphics (PNG)
      • GIF_87a - Graphics Interchange Format (GIF87a)
      • GIF_89 - Graphics Interchange Format (GIF89a)
      • TIFF - TIFF
      • Scanned documents PDF - documents containing only scanned text