Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Create and Configure AIP in Data Classification

  1. Last updated
  2. Save as PDF

Data Classification enables you to categorize and label sensitive data based on its significance and sensitivity. By adopting Data Classification, you can connect with a Classification Provider that offers predefined labels or allows you to create custom labels that fit your organization's policy. Once you set up a Classification instance, you can enable API access through OAuth for secure communication.

With the API, you can classify data and assign labels to files or documents, which can then be used in Data Loss Prevention (DLP) policies. For example, a DLP policy can prevent the emailing of data labeled as "Confidential" outside the organization.

Create and Configure AIP instance in Data Classification

Azure Information Protection (AIP) allows organizations to classify and optionally protect sensitive documents using default and custom labels. Once you create and configure AIP instance, use AIP labels in Skyhigh DLP policies for supported CSPs.

NOTE: Before enabling API for Microsoft AIP in Skyhigh CASB, you need to configure the AIP sensitivity labels in the security portal and create label policies and publish them. For configuring AIP sensitivity labels and policies, refer to the Microsoft Help topic.

To create and configure a Data Classification instance for AIP:

  1. Sign in to  Skyhigh CASB.
  2. Go to Settings > Integration > Data Classification.
  3. Click Add Classification Instance.
  4. Select Microsoft AIP and provide an instance name. Click Save.
  5. Select the AIP instance you just created.
  6. Click Enable to the right of the Enable API.
    clipboard_e8539601757cd990911bd9f5282dc76f3.png
  7. Enter Office 365 global admin credentials and accept the permissions requested. The permissions include the ability to read protected content for the office 365 and on behalf of the user to perform scans on encrypted data.
    clipboard_e4f3d80ca4e8bd86256f08b7fbcf9a7b0.png

NOTE: Skyhigh CASB does not decrypt encrypted emails (Exchange Online) via AIP.

  1. Click Select Services.

IMPORTANT: You will not be allowed to save DLP policies using an AIP instance without mapping the AIP instance to the appropriate service instances attached to the policy. Be careful while selecting service instances. Selecting the wrong service instance could result in documents in the organization or division being encrypted with the AIP labels of another organization or division.

  1. Select a Service Instance and click Done to complete the integration. 
    clipboard_e23fc76c5315506c123f2ab1d9bea34ea.png
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    1. Topic ID 401