This post has been republished via RSS; it originally appeared at: Microsoft Information Protection Developers articles.
Last year at the Ignite conference we delivered the Microsoft Information Protection SDK, which enabled our growing ecosystem of partners to build integrations in a truly cross-platform way. Since then several partners have joined the Microsoft Intelligent Security Association (MISA) and are in the process of releasing or already have solutions in the market that enhance and extend the value of Microsoft Information Protection capabilities. Below is a round-up highlighting some of the key Microsoft Information Protection integrations available.
Now you can use Adobe Acrobat DC and Acrobat Reader DC on Windows & MacOS desktop computers to open files protected by Microsoft Information Protection capabilities.
Acrobat Reader DC / Acrobat DC auto-detects a file protected by Microsoft Information Protection and prompts you to download the corresponding plugin from Adobe’s helpx page. Once you download and install the plug-in, the protected file open like any other PDF in Acrobat or Reader after authentication. You can also see the sensitivity label information applied to the PDF file using Acrobat Reader DC and Acrobat DC.
You can download the plugin from the following location (make sure you have the latest version of Adobe Acrobat installed: https://helpx.adobe.com/acrobat/kb/mip-plugin-download.html
Absolute, the self-healing endpoint security company, has solidified its technology partnership with Microsoft by integrating with Microsoft information Protection solutions, adding persistent visibility to enhance data protection.
The integration allows organization to detect productivity file types that contain sensitive data such as Word, Excel, PowerPoint, and PDF files. Once the rules are configured via the Absolute console, the sensitivity label and protection persists with the file even when it moves off the endpoint. Customers now have a better way to manage unwanted access to sensitive files, without restrictive policies that hamper productivity.
For more information, go to https://www.absolute.com/platform/
BigID’s integration with Microsoft Information Protection allows enterprises to automatically propagate labels to sensitive and personal data for greater accuracy, ensure consistent enforcement, and address emerging privacy regulations, including GDPR and CCPA. BigID helps identify whether or not Microsoft Information Protection labeled data contains data regulated by resident-based policy (like the CCPA or GDPR) or identity-based policy (like HIPAA or CCPA) – and can automate data protection policies based on regulation and data privacy best practices. With BigID, organizations can automate data access rights, assign data residency, and monitor & alert on cross-border data flows. For more information on their integration, visit the following link: How BigID And Microsoft Information Protection (MIP) Work Together
An integrated solution of Microsoft Information Protection capabilities with Check Point Next Generation Firewall Security Solutions helps protect organizations from data loss. It keeps sensitive business data safe, regardless of where it travels or how it is shared, including via email, web browsing or file-sharing services, which extend Microsoft Information protection capabilities outside of Microsoft Products.
Digital Guardian is integrating Microsoft Information Protection capabilities into its Linux based Digital Guardian Appliance. This will allow Digital Guardian customers to do several things:
- Inspect Microsoft Information Protection labeled and encrypted documents– this capability extends the Digital Guardian email gateway inspection process to allow it to decrypt and inspect Microsoft Information Protection labeled and encrypted documents for sensitive or regulated data. This will ensure that even encrypted documents are inspected and adhere to the regulatory stance of an organization before the email leaves the organization.
- Review content vs. label – this capability allows Digital Guardian customers to compare the content, sender and destination of an emailed document with the Microsoft Information Protection sensitivity label and controls that have been applied to the document. This will ensure documents have not been mislabeled and the appropriate controls are applied before a document is emailed out of an organization
For more information about the integration, visit Digital Guardian’s website: https://digitalguardian.com/products/technology-partners/microsoft-aip
For many years, customers have trusted Forcepoint’s DLP to satisfy compliance regulations and protect their intellectual property. With the enforcement of the GDPR regulation, the focus on classifying and protecting data, wherever it resides, has become of utmost importance. Forcepoint and Microsoft are partnering to extend protection offered by Microsoft Information Protection solutions to customers’ on-premises digital estate.
Forcepoint’s ecosystem of data classification partnerships allows for joint customers to experience the best that both solutions have to offer. When data resides in Microsoft’s cloud services, customers can take advantage of the sensitivity labeling and protection system that Microsoft provides. Forcepoint ensures that Microsoft Information Protection classification, labeling and data protection can be automatically applied to sensitive data on managed endpoints, within the customer’s datacenter infrastructure or within sanctioned cloud applications.
Forcepoint products also work to provide the appropriate visibility, access and data protection in public or hybrid cloud environments. Customers looking to protect data in Office 365 and other SaaS apps can do so thanks to this interoperability. Organizations can proactively apply policies governing the use of cloud-hosted files to help ensure compliance and deliver uniform visibility and control over cloud-hosted information assets, based on sensitivity labels applied by Microsoft Information Protection solutions. For more information about the integration go to the following site: https://www.forcepoint.com/blog/insights/forcepoint-dlp-integration-microsoft-information-protection-protecting-your-critical
Unified Intelligent Data Protection: Informatica’s integration with Microsoft Information Protection capabilities offers a unified approach to data protection, data privacy and the support of regulatory compliance across devices, the modern workplace, Azure Data Services, on-premises and other data repositories.
Offering CISOs, Privacy Officers and CDOs with a “single pane-of-glass” view into the location, risk and proliferation of personal and sensitive data throughout the enterprise and aggregate risk profiles for key regulations such as GDPR and CCPA compliance. You can find more information here: https://blogs.informatica.com/2018/09/27/unified-intelligent-data-protection
McAfee MVISION Cloud now supports integration with Microsoft Information Protection Solutions. This allows security admins to take advantage of Microsoft Information Protection encryption seamlessly across multiple cloud applications while managing policies with a single-pane-of-glass view provided by MVISION Cloud. Some of the key use cases supported by McAfee MVISION Cloud with Microsoft Information Protection solutions include monitoring sensitive documents uploaded to cloud applications and protecting/classifying these documents with Microsoft Information Protection capabilities, detecting collaboration activities on documents with given sensitivity label, and protecting documents being downloaded to unmanaged devices with Microsoft Information Protection sensitivity labels
For more information go to the following website:
Netskope’s integration with Microsoft Information Protection allows policy-based rights management to be applied to documents stored in Office 365 OneDrive for Business. Netskope continuously monitors OneDrive to uncover specific data using predefined data loss prevention (DLP) rules for common regulations (PCI, HIPAA etc), or custom rules that use advanced DLP capabilities (Regex, OCR etc). Documents discovered to contain sensitive data, and/or inappropriately shared externally, can have specific rights management policies applied by Netskope to protect the files.
For more information please go to the following website: https://resources.netskope.com/product-demos/demo-azure-rms-integration
NC Protect’s integration with Microsoft Information Protection sensitivity labels provides customers with a solution that can dynamically apply Microsoft Information Protection labels and protection at time-of-access, right down to the individual file level. This allows support for multiple protection policies for a single Microsoft Information Protection file classification to protect the data across every conceivable collaboration scenario. For more details,review the following url: https://nucleuscyber.com/nc-protect-overview/
Palo Alto Networks
Palo Alto Networks Next-Generation Firewalls, using the ContentID feature, and Prisma SaaS, can identify Microsoft Information Protection sensitivity labels in documents that are in-transit through the network or are at-rest on sanctioned SaaS applications. These capabilities allow granular auditing and tracking of sensitive documents. Security policies can be configured on Next-Generation Firewalls to alert when files with specific Microsoft Information Protection labels leave the corporate network, and sensitive data leak prevention can be achieved by preventing files with certain labels to be uploaded to non-sanctioned services. Prisma SaaS can detect labels on files and documents stored on sanctioned SaaS services to identify issues with data governance and flag abnormal behavior. For more details, checkout the following URLs:
Next-Generation Firewall: https://live.paloaltonetworks.com/t5/Blogs/Using-Azure-Information-Protection-Policies-to-Control-Document/ba-p/252652 and https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/threat-prevention/set-up-data-filtering/create-a-data-filtering-profile.html
SecuPi data-centric security and privacy protection platform applies Microsoft information Protection Labels and Protection at creation-time across every business application and analytics tool in use.
By installing the light-weight SecuPi overlays on the application servers, SecuPi monitors access to all sensitive data.
Once all reports and ad-hoc queries that include sensitive data are identified (by having SecuPi parse and identify the source SQL to the list of sensitive tables and columns).
No changes nor manual work is required to apply Microsoft Information Protection labels across millions of newly created documents.
Details on SecuPi integration with a Microsoft Information Protection Solution:
The tight integration between Microsoft Information Protection and Shieldox gives organizations a solution that finds risks in sharing. Office 365 has made sharing business information easier than ever. But while the cloud has accelerated business, but it has made it impossible for organizations to know exactly what's at risk. It can be difficult to determine if business information is being shared where it shouldn’t, like if the CFO’s files are exposed externally or if financial information is circulating around the company. Shieldox along with Microsoft Information Protection sensitivity labels makes it possible. It seamlessly integrates with Office 365and Cloud App Security to scan for sharing and automatically label business information with a high degree of accuracy. Shieldox’s Information Intelligence algorithm connects the dots between different share events and actions, labels, files, and more to make sense of sharing and separate risks from safe collaboration, works without disrupting users, and only takes 5 minutes to get started. With Shieldox and Microsoft Information Protection, organizations gain insights into risks to shared business information, so they can take action to secure their collaboration. Now you can protect just what needs protection. For more details about the platform, visit https://shieldox.ai/shieldox-and-mip/
As enterprises migrate to Microsoft Information Protection for encryption and enabling restricted access to documents and email both inside and outside the organization, protected content remains obfuscated, creating security blind spots - Trustwave Secure Email Gateway (SEG) decrypts Microsoft Information Protection encrypted messages (including protected files) and enforces corporate email policies on the decrypted content. Once the policy has been applied, the gateway can repackage the content for delivery to ensure your company data is both inspected and protected.
The gateway does multi-level extraction of the message to allow for extensive analysis of the content via multiple conditions such as DLP engines and file types. Administrators can then apply a wide range of actions to both protected and unprotected messages, like quarantine, stamping, or alerting the administrator. This integration is provided in both SEG Cloud and on-premise offerings. Get more information at the following website: https://www.trustwave.com/en-us/services/technology/secure-email-gateway/
Varonis integrates with Microsoft Information Protection capabilities to protect sensitive data across your environment regardless of where it lives - or how it’s shared. Data classification labels utilizes Varonis’ sophisticated rule capabilities to identify sensitive data, like GDPR, CCPA, or PCI, and leverages their extensive pattern repository to build even more labeling rules. By integrating with Microsoft Information Protection, customers can automatically apply sensitivity labels and encrypt files that Varonis has identified as sensitive. In addition, Varonis can find mislabeled files that contain sensitive data based on its advanced classification engine and re-apply the correct labels. CLICK HERE to watch a technical integration demonstration.
To learn more, visit Varonis online at: https://www.varonis.com/products/data-classification-labels/
Veritas Enterprise Vault is the archiving solution providing the ability to archive and index over 80 content sources. Our integration with Microsoft Information Protection allows encrypted content to be fully indexed and classified when archived while still preserving the original AIP encrypted files with full fidelity. Veritas worked closely with Microsoft in building a tool to decrypt content to facilitate text extraction prior to indexing. The original encrypted file is preserved in the archive along with the extracted text in HTML format for use in Discovery use cases. Upon export from Discovery, content can be decrypted to allow production to external counsel.
For more information: https://www.veritas.com/insights/enterprise-vault