Veritas Data Insight Classification Guide
- About this guide
- Getting Started
- Managing content classification from Data Insight
- Configuring classification
- Configuring classification policies in Veritas Information Classifier
- Microsoft Purview Information Protection (MIP) Label
- Initiating classification
- Viewing classification status
- Pausing or Resuming a classification request
- Canceling a classification request
- Resubmitting paths that failed classification
- Viewing classification tags
- Sensitive and non-sensitive tags
- Pushing classification tags while archiving files into Enterprise Vault
- Appendix A. Classification best practices
- Appendix B. Classification jobs
- Appendix C. Troubleshooting classification
MIP Decryption Support
When you add MIP label, which has encryption setting enabled, the file is protected by it. If you want to classify such encrypted files, enable MIP decryption settings in classification configuration. After you edit the required settings,Data Insight will be able to read and classify those files with sensitive information.
Install .net version 4.6 or above
Check the TLS version on the collector node and classification node by referring to https://learn.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-tls-enforcement#powershell-script-to-check-tls-12
TLS version should be TLS 1.2 or above. Refer the following link for more details:https://learn.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-tls-enforcement#powershell-script-to-enable-tls-12
Create a new app registration for the MIP Decryption Support
For OneDrive and SharePoint, set the following custom attribute on the Classification server:
node.connector.classification.job.timeout and set the custom attribute value to 7200.
To create a new app registration for the MIP Decryption Support
- In a new browser window, sign in the Azure portal https://portal.azure.com with the Azure AD tenant that you use with Azure Information Protection.
- Navigate to Azure Active Directory > Manage > App registrations, and select New registration
- On the Register an application pane, specify the following values, and then click Register
Option
Value
Name
MIP-Decryption-App
Specify a different name as needed. The name must be unique per tenant.
Supported account types
Select Accounts in this organizational directory only
- On the AIP-DelegatedUser pane, copy the value for the Application, that is, Client ID. For example: 77c3c1c3-abf9-404e-8b2b-4652836c8c66. This value is used as a Client ID.
- Similarly, copy the Tenant ID
- Copy and save Client ID and Tenant ID for future reference.
- From the sidebar, navigate to Manage > Certificates & secrets
- On the AIP-DelegatedUser - Certificates & secrets pane, in the Client secrets section, select New client secret
- In the Add a client secret field, specify the following, and then click Add
Field
Value
Description
Application for MIP Decryption Support in DataInsight
Expires
Specify your choice of duration (1 year, 2 years, or never expires)
- Navigate back to the AIP-DelegatedUser - Certificates & secrets pane
- In the Client secrets section, copy the string for the VALUE. For example: OAkk+rnuYc/u+]ah2kNxVbtrDGbS47L4.
To make sure that all characters are copied, click the Copy to clipboard icon.
- To add API Permissions, select Manage > API permissions from the sidebar.
- On the AIP-DelegatedUser - API permissions pane, select Add a permission
Select Azure Rights Management Services
Select Delegated permissions
Check user_impersonation and select Add permissions at the bottom of the page
Select Add a permission
Select APIs my organization uses
In the search box, type Microsoft Information Protection Sync Service, press enter and then select the service
Select Delegated permissions
Check UnifiedPolicy.User.Read then select Add permissions
- After adding permissions specified above, add more permissions shown in the image below:
