What are the differences in functionality between a MIP “Classification Profile” and a MIP “Decryption Profile” in Symantec Data Loss Prevention (DLP)?
Can you create "Decryption Profiles" for multiple independent O365/Email tenants?
Used by the Enforce Server and DLP Agents to synchronize classification labels with the MIP service. You can configure only one MIP classification credential profile.
Used by detection servers to inspect documents and emails that have been encrypted by MIP. You can configure multiple MIP decryption credential profiles.
You can configure a MIP classification credential profile and one or more MIP decryption credential profiles on the System > Settings > MIP Credential Profiles screen of the Enforce Server administration console.
The Enforce Server uses the classification credentials to import the classification labels from the MIP portal. After classification synchronization is completed, you can use the available labels and sub-labels to configure response actions to recommend labels to endpoint users or automatically apply labels to supported file types. You can configure only one MIP classification credential profile.
You can configure more than one MIP decryption credential profile.
We support multiple unrelated decryption credentials of completely independent tenants.
The decryption credentials that you configure must have sufficient privileges to decrypt all documents and emails that flow through a specific control point.