Import and enable Microsoft Information Protection labels
Before you begin
Before you can import Microsoft Information Protection labels for the first time, you must obtain permission for the Forcepoint application to perform the import, as follows:
Steps
- Log into the Microsoft Office 365 Admin Consent page, using your Microsoft Office 365 admin credentials for authentication.
- Accept the permission statement on the page.
Next steps
Next, to import enable Microsoft Information Protection labels, first ensure that the labeling system is installed on the network, and then do the following:
- Log into the Data Security module of the Security Manager.
- Go to Settings > General > Services and select the Decryption and File Labeling tab.
- Click the Microsoft Information Protection link.
- On the Microsoft Information Protection Properties page, in the Microsoft admin Credentials section, select Application credentials or System admin credentials from Credentials type drop-down.
-
If you select Application credentials, follow the instructions below:
- Enter the following information for activating
the MIP server decryption or import lables.
- Tenant ID
- Client ID
- Client secret
If you select System admin credentials, follow the instructions below:- Enter the following information for activating
the MIP server decryption or import lables.
- User name
- Password
- Enter the following information for activating
the MIP server decryption or import lables.
- In the Import Labels section, click Import Labels button. Note: We recommend that you enter credentials for an administrator who has visibility to all Microsoft Information Protection labels used in the organization. User credentials are not stored on Forcepoint servers. You should also ensure that your web browser does not store this information.
- Click OK to start the import process. Note that if the consent process was not completed, this step generates an error. Complete the consent process, and then try again.
- When the importation is successfully completed, the time and date of the process and a list of imported labels appear in the Last import field.
- Select the Apply file labels check box. You can now define DLP action plans that use Microsoft Information Protection file labels.
When this box is unchecked, Microsoft Information Protection labels are used only for detection. Configuring Labels
- Click OK to save the changes.
Note: Files that are protected by Microsoft Information Protection can be decrypted
automatically during DLP analysis (see “Configuring MIP for endpoint
decryption” in the Forcepoint DLP Administrator
Guide).