MIP Labeling

The Microsoft Information Protection Unified Labeling platform (MIP labeling) is a file labeling platform used by Microsoft tenants.

Proofpoint CASB can recognize and use MIP labels.

Overview

MIP labels are also referred to as sensitivity labels. Like Data Loss Prevention (DLP), sensitivity labels allow organizations to classify, track, and protect sensitive information. Organizations create and configure MIP labels in their Microsoft tenants.

If you are using MIP labeling, you can:

  • Enrich compliance reporting by extracting labels in files from all API-connected cloud applications

  • Discover data violations by reporting and alerting on files with confidential labels

  • Prevent data exfiltration by using labels in automated policies

  • Secure files by automatically writing labels to files based on file content

Scope of Feature

If you are using MIP labels, Proofpoint CASB incorporates the MIP labels as part of your DLP program. You can see which files have labels and what these labels are, use the labels as additional criteria in Data rules, as well as apply MIP labels:

  • Extract labels and enrich DLP Incidents in the Proofpoint CASB admin console

  • DLP Incidents display labels in the expander

  • You can filter for labels

  • Extract labels and enrich files in the Proofpoint CASB admin console

  • Files on the Files page display labels in the expander

  • You can filter for labels

  • Configure Data rules to watch for and trigger on labels

  • MIP labels are available as a condition in Data rules including Content Download, Content Sharing, Content Updates, Content Updates and Sharing, File Deletion, and Suspicious File Activity rules

  • Data rules contain an attribute for labels that can be selected; rules trigger if files have labels as part of the rule evaluation

  • Enrich alerts with MIP Labels in the Proofpoint CASB admin console

  • Apply MIP labels to files

    • You can manually add a MIP label to a file from the Files page (see Files)

    • You can manually add a MIP label to a file in the incident listing in the DLP Discover page (see Manually Applying MIP Labels)

    • You can also use the Bulk Change feature in the DLP Discover page to manually add a specific MIP label to the relevant files in all selected incidents (see To apply MIP labels in bulk:)

    • You can define a rule to automatically apply an MIP label as one of the Remediation options

Defining a Rule to Automatically Apply an MIP Label

In the Rule editor, when you select a Data | Content Updates and Sharing rule type, you can define Apply MIP Label as an additional Remediation action.

In the rule editor Response > Remediation Actions section, select from the MIP Label drop down menu the label you would like to use.

As with applying a MIP label manually, when it is applied automatically via a rule, the remediation information appears in the status bar of the expanded information of the relevant file.

Important Information

  • Microsoft licensing requirements to enable this feature in Proofpoint CASB:

    • You must have an Azure Information Protection P1 or P2 license (included in Enterprise Mobility + Security (EMS) E3 and E5, and in Microsoft 365 (M365) E3 and E5 bundles).

  • To enable the MIP feature in Proofpoint CASB, you must authenticate using the new Proofpoint CASB Office 365 MIP authorization app (refer to the How to Onboard Your Microsoft Office 365 with Proofpoint Deployment Guide v2.8 or higher).

  • Labels are collected from files on a day forward basis.

  • Supported files types from all API connected cloud applications are monitored for label extraction.