MIP Integration
Last updated
Last updated
Overview
LightBeam integrates with Microsoft Information Protection (MIP) to provide a seamless and consistent labeling experience across Microsoft and non-Microsoft environments. This integration allows organizations to leverage their existing MIP labels and policies while extending the coverage to a wider range of data sources.
To integrate Microsoft Information Protection (MIP) labels with LightBeam, ensure that your application has the following permissions:
Content.DelegatedReader: Read protected content on behalf of a user
Content.DelegatedWriter: Create protected content on behalf of a user
Content.SuperUser: Read all protected content for this tenant
Content.Writer: Create protected content
user_impersonation: Create and access protected content for users
InformationProtectionPolicy.Read.All: Read all published labels and label policies for an organization
Sites.ReadWrite.All: Read and write items in all site collections
User.Read: Sign in and read user profile
UnifiedPolicy.Tenant.Read: Read all unified policies of the tenant
UnifiedPolicy.User.Read: Read all unified policies a user has access to
Ensure these permissions are granted to your application in the Azure portal before proceeding with the MIP integration setup.
To integrate MIP labels into LightBeam:
In the LightBeam console, click on the INSIGHTS header in the top navigation menu.
In the left sidebar, click on Label Management.
On the Label Management page, click on “3rd-party Integration”.
In the dropdown, select “Microsoft Information Protection”.
In the MIP integration dialog :
Name the Connection: Provide a name for the MIP label set.
Enter the required MIP credentials (Client ID, Client Secret value, Tenant ID).
Click on Test Connection to ensure you get a Success message.
If the test is successful, click on the "Connect" button to save the connection and initiate the label synchronization process.
Once the connection is established, LightBeam synchronizes the labels from MIP. Users can review the synchronized MIP labels and their associated LightBeam labels in the Label Management interface.
To create equivalent LightBeam labels for each MIP label, follow these steps:
Click on the MIP label set card from the Label Management view to view the integrated MIP labels.
Review the integrated labels, priorities, rules, and definitions.
For each MIP label, click on the "Create LightBeam Label" button to create an equivalent LB label.
In the Create LightBeam Label dialog, enter the following information:
Name: Enter a name for the LB label.
Priority: Select the appropriate priority for the label.
.
Definition: Select the attributes and conditions that match the MIP label.
Repeat steps 3-4 to map all MIP labels to LightBeam labels, ensuring that the classification criteria match.
To apply labels to documents automatically, users can create a Labeling Policy in LightBeam Spectra. A Labeling Policy is a set of rules and conditions that determine which labels should be applied to documents based on the defined criteria.
To create a Labeling Policy:
Click on "Playbooks" in the top navigation menu.
In the "Data Lifecycle" section, locate the "Labeling" policy.
In the "Data Lifecycle: Labeling" page, you will see a list of existing Rule Sets.
Click on the "Create New Rule Set" button to start creating a new Labeling Policy.
Provide a name for the policy under "Rule Set Name".
Select the Label Set to use for the policy from the "Rule Set Criteria" dropdown. Only LightBeam label sets (e.g., "LB- Label set A") can be selected here. Currently, the system restricts the selection to only one label set per Labeling Policy.
Click on Next.
Select the desired data sources (e.g., SharePoint, OneDrive, Google Drive, Box, Dropbox) by ticking the checkboxes next to them.
Click on "Save & Close" to create the Labeling Policy.
When a Labeling Policy is executed, LightBeam Spectra performs the following steps:
Document Evaluation:
LightBeam Spectra scans each document within the selected data sources and evaluates its content against the label definitions specified in the associated Label Set.
The system analyzes the document's attributes, keywords, and other relevant information to determine if it matches any of the conditions defined in the label definitions.
Label Application:
If a document meets the conditions of a label definition, LightBeam Spectra automatically applies the corresponding label to the document.
In cases where multiple label definitions match the document, LightBeam Spectra selects and applies the label with the highest priority, as determined by the order in which the labels are defined within the Label Set.
MIP Label Integration:
If the selected Label Set is linked to an MIP label set, LightBeam Spectra leverages the third-party integration feature to apply the corresponding MIP labels to the documents in the MIP system (e.g., SharePoint or OneDrive).
When a document meets the conditions specified in the Labeling Policy, LightBeam Spectra communicates with the MIP system and instructs it to apply the appropriate MIP label to the document.
This integration ensures that the document is consistently labeled across both LightBeam Spectra and the third-party MIP system, maintaining label synchronization and accuracy.
Label Precedence:
It is important to note that the label ultimately applied to the document is the MIP label, rather than the LightBeam label created within LightBeam Spectra.
This behavior occurs because the labeling framework primarily utilizes MIP for the actual label application process, while LightBeam labels serve as a mapping mechanism to facilitate the application of the corresponding MIP labels to the documents.
For documents that have been labeled using MIP through the LightBeam Spectra integration, notifications are sent to the document owners and relevant stakeholders. These notifications provide important information about the labeling activity and include the following details:
The specific MIP label that was applied to the document and its associated priority level.
The conditions or attributes of the document that triggered the application of the label, helping users understand why the document was classified in a particular way.
Links to view the labeled document and access its metadata, enabling users to review the document and its label-related information directly.
Instructions on how to contest or request an update to the applied label if the user believes it was assigned incorrectly or if the document's content has changed, ensuring a mechanism for label review and refinement.
Currently, MIP labeling with LightBeam Spectra is supported for the following data sources:
Microsoft SMB (Server Message Block)
O365 OneDrive
O365 SharePoint
Support for additional data sources will be added in future releases.
LightBeam automates Privacy, Security, and AI Governance, so businesses can accelerate their growth in new markets. Leveraging generative AI, LightBeam has rapidly gained customers’ trust by pioneering a unique privacy-centric and automation-first approach to security. Unlike siloed solutions, LightBeam ties together sensitive data cataloging, control, and compliance across structured and unstructured data applications providing 360-visibility, redaction, self-service DSRs, and automated ROPA reporting ensuring ultimate protection against ransomware and accidental exposures while meeting data privacy obligations efficiently. LightBeam is on a mission to create a secure privacy-first world helping customers automate compliance against a patchwork of existing and emerging regulations.
To review the labels applied to a specific document or file, follow the steps listed in
For any questions or suggestions, please get in touch with us at: .
