Configuring Microsoft Information Protection

You can configure the Microsoft Information Protection Properties page to decrypt and analyze Microsoft Office files encrypted by Microsoft Information Protection (MIP).

Microsoft Information Protection (MIP) can be used to protect files created using Office 2007 or later. You can configure to import MIP labels for detection (for more information about creating file labeling classifiers for detection, see File Labeling section), and for labeling (for more information about configuring labels in an action plan, see Forcepoint Data Discovery options section).

Forcepoint DLP can perform the following:

Decrypt and analyze content that was encrypted using MIP.
Detect and label content that was using MIP labels.

To configure the Microsoft Information Protection Properties page, you must first configure the MIP application by logging into the Microsoft 365 Admin Consent page. You can authenticate using your Microsoft 365 admin credentials and accept the permission requests for the Forcepoint DLP application.

The following step is a prerequisite only when credentials type Application user credentials is configured in the Microsoft Information Protection Properties page: To add a secret key for login with the application, you must set up the Azure standard configuration in Client secrets in Microsoft Azure > Home > Forcepoint DLP > Manage > Certificates & secrets.

Once the MIP application is configured, you can open the Microsoft Information Protection Properties page in FSM by navigating to Settings > General > Services > Decryption and File Labeling, and click the Microsoft Information Protection link.

In the Microsoft Information Protection Properties page, configure the following:

Microsoft admin credentials
MIP decryption
Import Labels
File Labeling