Versions Compared

Version Old Version 1 New Version Current
Changes made by

Space Sync for Confluence

Space Sync for Confluence

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagejson
{
    "GVData": "ew0KICAidGFnc2V0X2YxNGZjMWYxXzg5NTBfNDBkNV84YTI5XzQ1OTA5ZGE5NDdkNl9nZHByL3BpaSI6ICJGYWxzZSIsDQogICJ0YWdzZXRfZjE0ZmMxZjFfODk1MF80MGQ1XzhhMjlfNDU5MDlkYTk0N2Q2X3NlbnNpdGl2ZSI6ICJGYWxzZSIsDQogICJ0YWdzZXRf",
    "GVData0": "MDA0ZGVhMzNfODc1MV80Mzk5X2E3NmVfOTVmMzcxY2I0MTE5X2Rpc3RyaWJ1dGlvbiI6ICJJbnRlcm5hbCIsDQogICJ0YWdzZXRfZTE2NDA5YTdfMTcwMF80MTUzXzkwOTBfMzk1NWJjMmYwYWU4X2NsYXNzaWZpY2F0aW9uIjogIkdlbmVyYWwgQnVzaW5lc3MiDQp9",
    "GVData1": "(end)",
    "Classification": "General Business",
    "ClassificationTagSetId": "e16409a7-1700-4153-9090-3955bc2f0ae8",
    "ClassificationValue": "General Business",
    "DistributionTagSetId": "004dea33-8751-4399-a76e-95f371cb4119",
    "DistributionValue": "Internal / \u0645\u0631\u062d\u0628\u0627 \u0628\u0627\u0644\u0639\u0627\u0644\u0645",
    "FileId": "e0481ca0-a9e0-e307-07fa-6189581762a8",
    "MSIP_Label_d2ee4459-2afa-4136-9d18-4f2ebca102cf_ActionId": "95871ebc-c143-40b9-9b42-ad7bd6bc77df",
    "MSIP_Label_d2ee4459-2afa-4136-9d18-4f2ebca102cf_ContentBits": "3",
    "MSIP_Label_d2ee4459-2afa-4136-9d18-4f2ebca102cf_Enabled": "true",
    "MSIP_Label_d2ee4459-2afa-4136-9d18-4f2ebca102cf_Method": "PriviledgedPrivileged",
    "MSIP_Label_d2ee4459-2afa-4136-9d18-4f2ebca102cf_Name": "General Business",
    "MSIP_Label_d2ee4459-2afa-4136-9d18-4f2ebca102cf_SetDate": "2023-08-02T11:17:28Z",
    "MSIP_Label_d2ee4459-2afa-4136-9d18-4f2ebca102cf_SiteId": "ed86fd3a-ab24-4113-a9f8-6cb38f63c190",
    "TagDateTime": "2023-08-02T11:17:28Z",
    "UserId": "trzec"
}

...

Below is an example of a configuration that demonstrates how the agent can be configured to write AIP metadata.

Expand
titleExample: old agent v3 configuration (obsolete)
Code Block
languagejson
{

  "
id": "8e808d02-fdc4-4fc9-8938-853b0a4a5d3d", ... "aipConfiguration
aip": {
    "siteId": "ed86fd3a-ab24-4113-a9f8-6cb38f63c190",
    "labels": [
      {
        "id": "734f255c-faeb-4316-b0c0-3d88dfc5bbef",
        "name": "Public",
        "method": "Privileged",
        "contentBits":  3
      },
      {
        "id": "d2ee4459-2afa-4136-9d18-4f2ebca102cf",
        "name": "General Business",
        "method": "Privileged",
        "contentBits": 3
      },
      {
        "id": "65650f8c-b1ca-43b3-aad5-b4fa5ffcfb95",
        "name": "Confidential",
        "method": "Privileged",
        "contentBits": 3
      },
      {
        "id": "574e5463-b443-4182-9781-3fc620ed259c",
        "name": "Restricted",
        "method": "Privileged",
        "contentBits": 3
      }
    ],
    "mappings": [
      {
        "classification": "Public",
        "aipLabelId": "734f255c-faeb-4316-b0c0-3d88dfc5bbef"
      },
      {
        "classification": "General Business",
        "aipLabelId": "d2ee4459-2afa-4136-9d18-4f2ebca102cf"
      },
      {
        "classification": "Confidential",
        "aipLabelId": "65650f8c-b1ca-43b3-aad5-b4fa5ffcfb95"
      },
      {
        "classification": "Restricted",
        "aipLabelId": "574e5463-b443-4182-9781-3fc620ed259c"
      }
    ]
  },

For agent v4, the syntax is slightly different, but very similar to older versions - this goes within the “global” part of the configuration:

Code Block
"aipConfiguration": {
			"siteId": "7bd98728-3093-47f4-921e-0e70b5a54fe6",
			"labels": [
				{
					"labelId": "b0426751-caad-47fa-9f7b-ab3ecdf2a453",
					"name": "Public",
					"method": "Privileged",
					"contentBits": "3"
				},
				{
					"labelId": "e8febc5f-7679-4c23-8457-a2d9c0c83853",
					"name": "General Business",
					"method": "Privileged",
					"contentBits": "3"
				},
				{
					"labelId": "cefd4509-260d-4ab3-9a12-e8e78560da3c",
					"name": "Confidential",
					"method": "Privileged",
					"contentBits": "3"
				},
				{
					"labelId": "9bc3c901-3c35-4a56-ade8-f1e58ef4ecba",
					"name": "Restricted",
					"method": "Privileged",
					"contentBits": "3"
				}
			],
			"mappings": [
				{
					"classificationTag": "Public",
					"labelId": "b0426751-caad-47fa-9f7b-ab3ecdf2a453"
				},
				{
					"classificationTag":  ...
}
"Internal",
					"labelId": "e8febc5f-7679-4c23-8457-a2d9c0c83853"
				},
				{
					"classificationTag": "Confidential",
					"labelId": "cefd4509-260d-4ab3-9a12-e8e78560da3c"
				},
				{
					"classificationTag": "Restricted",
					"labelId": "9bc3c901-3c35-4a56-ade8-f1e58ef4ecba"
				}
			]
		},

This configuration includes specific AIP labels and their corresponding classifications, defining how the agent translates its internal categorizations into a format that AIP can recognize.

How to get MIP labels from Azure

We can get the labels configured in customer’s Azure using the Fetch MIP labels from Azure in power tools.

...

It accepts all the required details from the user (tenantId, appName, clinetId, clientSecret, emailId) as inputs and prints out the available MIP labels as output.

...

The output format:

Code Block
{
  "siteId": "tenant_id",
  "labels": [
    {
      "id": "label_id",
      "name": "label_name",
      "method": "label_assignment_method", // always Priviledged
      "contentBits": type of content marking applied // always 3
    }
  ]
}
Info

Reference: https://learn.microsoft.com/en-us/information-protection/develop/concept-mip-metadata

This utility will use application permissions in azure app and the following API permissions need to be provided to it (with admin consent):

  • Microsoft Graph → InformationProtectionPolicy.Read.All

  • Microsoft Information Protection Sync Service → UnifiedPolicy.Tenant.Read

Configurable Tags

The agent also provides the functionality to write fully customized metadata entries.

...

Code Block
{
  "id": "8e808d02-fdc4-4fc9-8938-853b0a4a5d3d",
  ...
  "defaultSettings": {
    ....
    "writeMetadataTags": [
      {
        "tagName": "ClassificationTagSetId",
        "tagHandle": "e16409a7-1700-4153-9090-3955bc2f0ae8"
      },
      {
        "tagName": "ClassificationValue",
        "tagHandle": "{classification}"
      },
      {
        "tagName": "DistributionTagSetId",
        "tagHandle": "004dea33-8751-4399-a76e-95f371cb4119"
      },
      {
        "tagName": "DistributionValue",
        "tagHandle": "{distribution}"
      },
      {
        "tagName": "FileId",
        "tagHandle": "{fileid}"
      },
      {
        "tagName": "UserId",
        "tagHandle": "{user}"
      },
      {
        "tagName": "TagDateTime",
        "tagHandle": "{datetime}"
      },
      {
        "tagName": "{name:e16409a7-1700-4153-9090-3955bc2f0ae8:0}",
        "tagHandle": "{value:e16409a7-1700-4153-9090-3955bc2f0ae8:0}"
      },
       {
      "tagName": "classification_guid",
      "tagHandle": "{classification_guid}"
  },
  {
      "tagName": "compliance_guid",
      "tagHandle": "{compliance_guid}"
  },
  {
      "tagName": "distribution_guid",
      "tagHandle": "{distribution_guid}"
  }
    ]
  },
  ...
}

The tagHandle field within this configuration supports various placeholders that facilitate dynamic tagging:

  • {classification} - current classification value of the document

  • {distribution} - current distribution value of the document

  • {compliance} - current compliance value of the document

  • {datetime} - current date and time

  • {email} - email of the current user (only works when outlook plugin is installed)

  • {user} - id of the current user

  • {machineid} - id of the current machine

  • {fileid} - unique file id

  • {classification_raw} - This is the tag value without the tag alias

  • {compliance_raw} - This is the tag value without the tag alias

  • {distribution_raw} - This is the tag value without the tag alias

  • {classification_guid} - This is a uniquid id generated based on tagset id and tag name

  • {classification_guid} - This is a uniquid id generated based on tagset id and tag name

  • {classification_guid} - This is a uniquid id generated based on tagset id and tag name

Writing Metadata to files

...