Versions Compared

Version Old Version 5 New Version Current
Changes made by

Space Sync for Confluence

Space Sync for Confluence

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagejson
{
    "GVData": "ew0KICAidGFnc2V0X2YxNGZjMWYxXzg5NTBfNDBkNV84YTI5XzQ1OTA5ZGE5NDdkNl9nZHByL3BpaSI6ICJGYWxzZSIsDQogICJ0YWdzZXRfZjE0ZmMxZjFfODk1MF80MGQ1XzhhMjlfNDU5MDlkYTk0N2Q2X3NlbnNpdGl2ZSI6ICJGYWxzZSIsDQogICJ0YWdzZXRf",
    "GVData0": "MDA0ZGVhMzNfODc1MV80Mzk5X2E3NmVfOTVmMzcxY2I0MTE5X2Rpc3RyaWJ1dGlvbiI6ICJJbnRlcm5hbCIsDQogICJ0YWdzZXRfZTE2NDA5YTdfMTcwMF80MTUzXzkwOTBfMzk1NWJjMmYwYWU4X2NsYXNzaWZpY2F0aW9uIjogIkdlbmVyYWwgQnVzaW5lc3MiDQp9",
    "GVData1": "(end)",
    "Classification": "General Business",
    "ClassificationTagSetId": "e16409a7-1700-4153-9090-3955bc2f0ae8",
    "ClassificationValue": "General Business",
    "DistributionTagSetId": "004dea33-8751-4399-a76e-95f371cb4119",
    "DistributionValue": "Internal / \u0645\u0631\u062d\u0628\u0627 \u0628\u0627\u0644\u0639\u0627\u0644\u0645",
    "FileId": "e0481ca0-a9e0-e307-07fa-6189581762a8",
    "MSIP_Label_d2ee4459-2afa-4136-9d18-4f2ebca102cf_ActionId": "95871ebc-c143-40b9-9b42-ad7bd6bc77df",
    "MSIP_Label_d2ee4459-2afa-4136-9d18-4f2ebca102cf_ContentBits": "3",
    "MSIP_Label_d2ee4459-2afa-4136-9d18-4f2ebca102cf_Enabled": "true",
    "MSIP_Label_d2ee4459-2afa-4136-9d18-4f2ebca102cf_Method": "PriviledgedPrivileged",
    "MSIP_Label_d2ee4459-2afa-4136-9d18-4f2ebca102cf_Name": "General Business",
    "MSIP_Label_d2ee4459-2afa-4136-9d18-4f2ebca102cf_SetDate": "2023-08-02T11:17:28Z",
    "MSIP_Label_d2ee4459-2afa-4136-9d18-4f2ebca102cf_SiteId": "ed86fd3a-ab24-4113-a9f8-6cb38f63c190",
    "TagDateTime": "2023-08-02T11:17:28Z",
    "UserId": "trzec"
}

This example demonstrates how the agent builds the metadata that gets attached to a classified file.

Metadata Entries

The agent is designed to write various types of metadata entries, each serving a specific purpose:

...

This design allows for a high degree of customization in how metadata is written, catering to diverse requirements and integration scenarios.

AIP Metadata Configuration

The agent is able to write metadata that aligns with AIP's standards, allowing seamless interaction with Microsoft's security framework.

Below is an example of a configuration that demonstrates how the agent can be configured to write AIP metadata.

Expand
titleExample: old agent v3 configuration (obsolete)
Code Block
languagejson

  "aip": {
    "siteId": "ed86fd3a-ab24-4113-a9f8-6cb38f63c190",
    "labels": [
      {
        "id": "734f255c-faeb-4316-b0c0-3d88dfc5bbef",
        "name": "Public",
        "method": "
Priviledged
Privileged",
        "contentBits":  3
      },
      {
        "id": "d2ee4459-2afa-4136-9d18-4f2ebca102cf",
        "name": "General Business",
        "method": "
Priviledged
Privileged",
        "contentBits": 3
      },
      {
        "id": "65650f8c-b1ca-43b3-aad5-b4fa5ffcfb95",
        "name": "Confidential",
        "method": "
Priviledged
Privileged",
        "contentBits": 3
      },
      {
        "id": "574e5463-b443-4182-9781-3fc620ed259c",
        "name": "Restricted",
        "method": "
Priviledged
Privileged",
        "contentBits": 3
      }
    ],
    "mappings": [
      {
        "classification": "Public",
        "aipLabelId": "734f255c-faeb-4316-b0c0-3d88dfc5bbef"
      },
      {
        "classification": "General Business",
        "aipLabelId": "d2ee4459-2afa-4136-9d18-4f2ebca102cf"
      },
      {
        "classification": "Confidential",
        "aipLabelId": "65650f8c-b1ca-43b3-aad5-b4fa5ffcfb95"
      },
      {
        "classification": "Restricted",
        "aipLabelId": "574e5463-b443-4182-9781-3fc620ed259c"
      }
    ]
  },

For agent v4, the syntax is slightly different, but very similar to older versions - this goes within the “global” part of the configuration:

Code Block
"aipConfiguration": {
			"siteId": "7bd98728-3093-47f4-921e-0e70b5a54fe6",
			"labels": [
				{
					"labelId": "b0426751-caad-47fa-9f7b-ab3ecdf2a453",
					"name": "Public",
					"method": "Privileged",
					"contentBits": "3"
				},
				{
					"labelId": "e8febc5f-7679-4c23-8457-a2d9c0c83853",
					"name": "General Business",
					"method": "Privileged",
					"contentBits": "3"
				},
				{
					"labelId": "cefd4509-260d-4ab3-9a12-e8e78560da3c",
					"name": "Confidential",
					"method": "Privileged",
					"contentBits": "3"
				},
				{
					"labelId": "9bc3c901-3c35-4a56-ade8-f1e58ef4ecba",
					"name": "Restricted",
					"method": "Privileged",
					"contentBits": "3"
				}
			],
			"mappings": [
				{
					"classificationTag": "Public",
					"labelId": "b0426751-caad-47fa-9f7b-ab3ecdf2a453"
				},
				{
					"classificationTag": "Internal",
					"labelId": "e8febc5f-7679-4c23-8457-a2d9c0c83853"
				},
				{
					"classificationTag": "Confidential",
					"labelId": "cefd4509-260d-4ab3-9a12-e8e78560da3c"
				},
				{
					"classificationTag": "Restricted",
					"labelId": "9bc3c901-3c35-4a56-ade8-f1e58ef4ecba"
				}
			]
		},

This configuration includes specific AIP labels and their corresponding classifications, defining how the agent translates its internal categorizations into a format that AIP can recognize.

How to get MIP labels from Azure

We can get the labels configured in customer’s Azure using the Fetch MIP labels from Azure in power tools.

...

  • Microsoft Graph → InformationProtectionPolicy.Read.All

  • Microsoft Information Protection Sync Service → UnifiedPolicy.Tenant.Read

Configurable Tags

The agent also provides the functionality to write fully customized metadata entries.

...

  • {classification} - current classification value of the document

  • {distribution} - current distribution value of the document

  • {compliance} - current compliance value of the document

  • {datetime} - current date and time

  • {email} - email of the current user (only works when outlook plugin is installed)

  • {user} - id of the current user

  • {machineid} - id of the current machine

  • {fileid} - unique file id

  • {classification_raw} - This is the tag value without the tag alias

  • {compliance_raw} - This is the tag value without the tag alias

  • {distribution_raw} - This is the tag value without the tag alias

  • {classification_guid} - This is a uniquid id generated based on tagset id and tag name

  • {classification_guid} - This is a uniquid id generated based on tagset id and tag name

  • {classification_guid} - This is a uniquid id generated based on tagset id and tag name

Writing Metadata to files

As already mentioned in the beginning of this page, the agent uses a slightly different approach for each file to write/read the metadata. This flexibility is necessitated by the diverse range of file types and their various mechanisms for storing metadata. The following outlines the approaches used for different file categories:

...