DLP does not decrypt RMS protected email messages (RPMSG files)
Last Updated April 03, 2019
You have successfully implemented the DLP RMS plug-in and tested that content detection work on RMS encrypted MS Office files.
However, you are attempting to detect Azure RMS-protected emails on your Network Monitor that are an encapsulated .rpmsg file but the content is not detected.
DLP does not currently decrypt RMS protected email messages (RPMSG files) in the versions 14.6, 15.0, 15.1, or 15.5 because this requires a MIP (Microsoft Information Protection) SDK which is not currently available yet or integrated with the DLP versions mentioned here.
There are a number of limitations with the current integration due to the functionality provided by the Microsoft RMS SDK.
First, this SDK was Windows-only hence the reason why Symantec only extended RMS-protected file inspection to Windows-based DLP detection servers.
Second, this SDK provided no native support for parsing and decrypting RMS-protected email messages (RPMSG files) – it only supported files (MS Office, PDF, and pfile) that are encrypted by AD or Azure RMS.
Symantec is currently awaiting the Microsoft MIP SDK release to incorporate it into a future DLP Version, which future version of DLP it will be included in depends on the timeliness of this release from Microsoft and the DLP release cycle.
Currently Azure RMS inspection works with Network Prevent for Email (message attachments only), Network Prevent for Web (files), Network Monitor (files and message attachments only), Network Discover (files), and Cloud Prevent for Office 365 (message attachments only). In order to provide this capability, DLP was integrated with the Microsoft RMS SDK version 2.1, the only toolkit that was available from Microsoft at the time the integration was developed.
AD and Azure RMS cracking of RPMSG files.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe