Configuring Microsoft Information Protection

Use the Microsoft Information Protection Properties page to use imported Microsoft Information Protection labels for detection (for more information about creating file labeling classifiers for detection, see File Labeling section) and for labeling (for more information about configuring labels in an action plan, see Forcepoint Data Discovery options section).

To open the Microsoft Information Protection Properties page, go to Settings > General > Services > File Labeling tab and click the Microsoft Information Protection link. The Microsoft Information Protection Properties page opens.

Important:
  • Before you import Microsoft Information Protection labels for the first time, you must obtain permission for the Forcepoint application to import the labels.

    Log into the Microsoft 365 Admin Consent page, authenticate using your Microsoft 365 admin credentials, and accept the permissions statement.

  • Forcepoint Security Manager enables import of sensitivity labels from the Microsoft 365 Security and Compliance Center. If you want to import Azure Information Protection labels, you must migrate them to Microsoft 365, as described on Microsoft’s Azure Information Protection site.
  • Files that are protected by Microsoft Information Protection can be decrypted automatically during DLP analysis (see Configuring MIP for endpoint decryption section).

To import labels:

  1. Enter your Microsoft Office 365 admin credentials and click Import Labels.

    We recommend that you enter credentials for an administrator who has visibility to all Microsoft Information Protection labels used in the organization.

    User credentials are not stored on Forcepoint servers. However, you should ensure that your web browser does not store this information.

  2. Click OK to start the import process.

    If “admin consent” has not already been established, this step generates an error message and the import does not occur. Complete the Microsoft admin consent process and try again.

  3. After a successful import, the Last Import Details section is updated with the imported labels and a message. The message lists date, time and number of imported labels.
  4. To apply labels, mark the Apply file labels check box.
    • When you enable the check box, you can define DLP action plans that use Microsoft Information Protection file labels.
    • When the check box is not marked, Microsoft Information Protection file labels are used only for detection.
      Note: The system applies Microsoft Information Protection labels to a file only if the label is a higher priority than the existing label.
  5. Click OK to save the changes.

The audit log (Main > Logs > Audit Log) is updated when the administrator imports classification labels and when Apply file labels is either checked or unchecked.

After the Apply file labels check box has been marked, administrators can configure the specific labels to use on the Discovery tab of each action plan. See Action Plans section.

If any action plans include labels that no longer exist in the labeling system, a warning is displayed, with a Show details link, leading to a list of action plans with labels that are no longer in the labeling system. Forcepoint recommends updating these action plans. See Forcepoint Data Discovery options section.