Can a DLP detection server decrypt AD/Azure RMS and MPIP encrypted content at the same time?
search cancel

Can a DLP detection server decrypt AD/Azure RMS and MPIP encrypted content at the same time?

book

Article ID: 417715

calendar_today

Updated On:

Products

Data Loss Prevention Enterprise Suite Data Loss Prevention Data Loss Prevention Network Protect Data Loss Prevention Network Discover

Issue/Introduction

You want your DLP environment to be able to decrypt AD/Azure RMS and MPIP encrypted content via MicrosoftRightsManagementPlugin and MicrosoftInformationProtectionPlugin plugins.

Environment

DLP 16.X

DLP 25.1

Resolution

With the current product design, the first plugin to touch a defined document type for the subfile extraction is the sole plugin that will touch that file. If you have both MicrosoftRightsManagementPlugin and MicrosoftInformationProtectionPlugin plugins enabled, AD/Azure RMS plugin will take precedence in subfile extraction causing that files will be not processed by MPIP plugin.

If you need to decrypt such content for Network Discover scans, as a workaround you can run a first scan with MicrosoftRightsManagementPlugin plugin enabled only and repeat it again with only MicrosoftInformationProtectionPlugin plugin enabled.

 

Powered by Wolken Software