All ideas that relate to Azure Information Protection (AIP)

Obfuscate the DLP AIP automation rules stored on the clients so users can't see them / leak then / work around them

Currently the policy.msip file is a plain text JSON file that can be viewed and edited locally. Customers have asked for this to be encrypted so it is not readable by users and other applications.

11 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Tom Moser [MSFT]AdminTom Moser [MSFT] (Sr. Program Manager, Microsoft - Azure - Msip) shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    2 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Sherif TalaatSherif Talaat commented  ·   ·  Flag as inappropriate

        This Azure policy file (*.msip) is in clear that can be viewed and easily edited by any end user on his\her PC. This can a big security risk if someone send it outside. What if we put some content base policies then any user can easily view it here. We need to have any mechanism to encrypt this file or at least apply some temper protection.

      • MartialMartial commented  ·   ·  Flag as inappropriate

        More than a good idea, it's a real need to protect this kind of information. On our side, detection patterns include really sensitive data and algorithms which must not be divulged outside a short circle of insider to avoid risk of attempts to circumvent our data leakage controls

      Feedback and Knowledge Base