You encounter a problem where the DLP Endpoint Agent keeps asking the system user to login to MIP as follows: 

1. Upload a MIP protected file on any website.
2. DLP blocks the upload and tells you to login.
3. Click ok and select you user in the login popup.
4. The popup disappears.
5. Try logging in again, the login popup is showed again.

You tested the problem with different users and different configurations, and it seems that login.live.com is blocked at the proxy level for most users.

You believe that the problem may be related to the proxy and the access plugin.

For this reason, you would like to understand in detail how the plugin behaves, which URLs are impacted during login.

Release : 15.8

Component : Endpoint Agent

DLP Endpoint Agent by default blocks the MIP encrypted files if it is unable to open and decrypt the file contents if "EnableData Loss Prevention to inspect files that are encrypted by MIP" setting is enabled from Endpoint Agent configuration settings tab.

When you are trying to upload the MIP encrypted file to a website, it is blocking the file upload activity. When clicking the Ok button on the MIP block pop up, the MIP authentication window is appearing and on entering the O365 account credentials it will try to reach to login.live.com URL (This is Microsoft functionality for getting MIP related data and to create the file engine by MIP SDK).

If you are using a proxy in your environment, certain Microsoft URL's needs to be whitelisted on proxy server.

So, in case of a proxy environment, if certain Microsoft URLs are not whitelisted on the proxy server, then MIP SDK fails to create the file engine.

• DLP Endpoint Agent won't be able to inspect the MIP encrypted files
• MIP suggest/enforcement of labels won't work
• The MIP block/notify pop up followed by MIP authentication window will keep on appearing.

This is the expected behavior.