We encountered the problem where the DLP Endpoint Agent keeps asking the system user to login to MIP as follows: 

1. User uploads a MIP protected file on any website.
2. DLP blocks the upload and tells the user to login.
3. The user click ok and select his/her user in the login popup.
4. The popup disappears.
5. The user tries again the login and the login popup is showed again.

We tested the problem with different users and different configurations and it seems that login.live.com is blocked at the proxy level for most users.

We believe that the problem may be related to the proxy and the access plugin.

For this reason we would like to understand in detail how the plugin behaves, which URLs are impacted during login.

Release : 15.8

Component : Endpoint Agent

DLP Endpoint Agent by default blocks the MIP encrypted files if it is unable to open and decrypt the file contents if “EnableData Loss Prevention to inspect files that are encrypted by MIP” setting is enabled from Endpoint Agent configuration settings tab.

When a user is trying to upload the MIP encrypted file to a website it is blocking the file upload activity and on clicking the Ok button on the MIP block pop up, MIP authentication window is appearing and on entering the O365 account credentials it will try to reach to login.live.com URL (This is Microsoft functionality for getting MIP related data and to create the file engine by MIP SDK).

If customers are using a proxy in their environment then certain Microsoft URL’s needs to be whitelisted on proxy server.

So in case of proxy environment if certain Microsoft URLs are not whitelisted at proxy server then MIP SDK fails to create the file engine and DLP Endpoint Agent won’t be able to inspect the MIP encrypted files as well as MIP suggest/enforcement of labels won’t work and the MIP block/notify pop up followed by MIP authentication window will keep on appearing. This is the expected behaviour.