How to create a data category based on existing classification

Safetica ONE can search the properties of Microsoft Office documents for a data classification applied to the document by another software.

Information in this article applies to Safetica ONE 10 or older.

 

You can learn more about data categories in general here.

Supported third-party tools

Safetica is universally compatible with third-party classification tools that store classification information (tags) in document properties. We have specifically confirmed compatibility with the following classification tools:

  • Microsoft Azure Information Protection
  • Boldon James
  • Titus
  • Tukan GREENmod

 

In this article, you will learn to:

 

Create a data category based on existing classification

1. Open Safetica Management Console and go to the Protection > Data categories section.

2. Click New data category, select Existing classification (metadata) with the slider, and enter the name and description for the category.

3.  In the Advanced section, you can adjust Clipboard behavior:

  • Moderate – the clipboard is restricted only if it’s used to transmit potentially sensitive content.
  • Strict – the clipboard is always restricted based on DLP policies.

The Strict mode may result in unexpected propagation of data categories and limitations. Learn more here.

4. Click OK. The new category will be displayed in the list on the left.
5. Click in the upper right corner to save the category.

 

Configure a data category based on existing classification

1. Select the newly created data category in the list on the left.

2. On the right, you will see its name and description as well as further management options. Click Configure data category.


1546427953d963550af4c660275c9ce8d385d5efef4e768542

  • The Classification identifier column is for specifying the classification type in general.
  • The Tag identifier column can be used for specifying the classification’s more specific parameter.

You can specify both fields, or leave one of them empty for more general detection of classified documents.

  • The Regex checkbox is an optional setting for cases when you would like to search for regular expressions instead of a specific string.

You can obtain the Classification identifier and the Tag identifier either from sample classified documents or from Azure Information Protection.

 

Configuration using sample documents

In case you have access to sample classified documents from your company, you can use them to find the classification identifiers:

1. Open the document(s) in the Office suite.

2. Click File > Info > Properties > Advanced properties.

3. Under the Custom tab, you will find various properties.

4. Identify the one which is common for your classified files. Then simply copy its name (or a part of it) into the Classification identifier column. Optionally, copy its “value” into the Tag identifier column.
TPC2EN

Here are examples of the final configuration parameters:

Third-party technology

Classification identifier

Tag identifier

Microsoft Azure Information Protection

0034f115-2835-4348-b421-de66a63e347f

 

Boldon James

DLPTRIGGER

[*{Internal}*]

Tukan GREENmod

TukanITGREENmodCATEGORY

RESTRICTED

In case of AIP classification, the Tag identifier column may be left empty.

 

Configuration using Azure Information Protection

If you’re using Azure Information Protection classification capabilities, you can easily obtain the required information from the Azure AD admin center.

1. In the admin center, go to the Azure Information Protection section.

2. There, in the Policies section, you will find all existing policies:
TPC3EN

3. Choose the policy you need detected by Safetica and open it. On the very bottom of the configuration window, you will find your Label ID:
TPC4EN

4. For Safetica to register your Azure AIP-labeled files, you need to enter the following information into the Third-Party Classification window:

Classification identifier

Tag identifier

What will Safetica detect

MSIP_Label_

 

All files classified by AIP, regardless of label ID

cf8068d2-8761-4163-baee-5442b203479c

 

Files classified by AIP as “Confidential”
(as per the example above)

In case of AIP classification, the tag identifier field may be left empty.

 

How to edit or remove a data category

You can remove an existing data category or edit its name and description by clicking the Edit or Remove links next to the relevant data category in the list on the left.