Mip Document Control
Please be informed that there are some restrictions on data access.
For detailed information about MIP document control features,nextYou can check it at.
Output Print Marking
Overview
- When printing the MIP document, document security print marking will be applied.
Applying Print Marking When Outputting MIP Documents
DS_MIP_INITItem Settings
{
"aipDoc":{
"marking":"use"
}
}
Constraints
- In MIP Label (RMS/intune), output permissions must be granted in advance.
- Marking Restrictions When Viewing MIP Documents in Teams or Web App
Right-click release
Overview
- Users can use the right-click menu to release the MIP document and convert it to a regular document.
- Right-click menu related links
In previous versions of the related module, MIP release was possible regardless of the ztcap policy, but the MIP release function has been changed to be released according to the ZTCAP policy as the standard feature.
Related Ztcap Policy
To release the Mip document, the ztcap policy is required.
- Please see the explanation of the ztcap policy settings below and add it.
- The explanation of the basic ztcap policy is omitted.
- If there is no policy, the Mip document release will fail.
- Select Mip document from the target document
- All Mip document release policy - Select all Mip documents
- When releasing a specific MIP document - After selecting the designated MIP document -> Assign label -> Select specific MIP label (multiple selections possible)\
- Document Events
- Right-click the mouse and click the [Unlink Mip Document] menu.
- Execution Policy
- Mip document release selection
After selecting a policy, you can click the corresponding icon to view and edit (modify) the policy in JSON code format.
{
"name": "[개발]Mip해제정책",
"description": "모든 Mip문서 해제하는 정책",
....
"enforcementAttributes": [
{
"order": 0,
"category": "MIPRemove" // category에 MIPRemove로 추가
}
],
"decisionFactors": [
{
"category": "document",
"targets": [
{
"type": "mip",
"use": true,
"operation": "AND"
}
]
},
{
"category": "storage",
"targets": [
{
"type": "local",
"use": true,
"operation": "OR",
"info": {
"folder": [
"*"
]
}
}
]
},
{
"category": "fileEvent",
"targets": [
{
"type": "local",
"use": true,
"operation": "OR",
"info": {
"event": [
- "RButtonClickLabelRemove" // event를 RButtonClickLabelRemove로 지정
]
}
}
]
}
]
}
MIP icon display policy on/off
Overview
- This is a custom policy that allows you to turn the display of the MIP icon on/off.
Related Custom Policies
| ID | DSICON_NOT_USE_AIP_ICON |
|---|---|
| TYPE | Check On/Off |
| Policy Value Format | Check On/Off |
| Explanation | MIP icon display usage (1: not used, 0: used) |
| Policy Value | 1 (or Check) |
| scsc | DSICON_NOT_USE_AIP_ICON.scsc |
Application Method
- Module Patch
- Custom Policy Settings and Fetching Policies
Call notification window when viewing read-only document
Notification appears when viewing read-only Mip documents
If a read-only document is accessed, display a popup after viewing to inform that this document is read-only (ex, This document is read-only. Edit the document by saving it with a different name)
Overview
- Read-only MIP documents are designed to inform users that they are non-editable, prompting them to save a copy under a different name and then edit it.
Explanation
- If the Mip document opens as a read-only document, an alert message will appear as below.
Policy
- The Mip Init policy must have the option value (NotifyReadOnlyDoc key) added as shown below to function. DS_MIP_INIT policy link
{
"s365_url": "https://devlogin.softcamp.co.kr/",
...(생략)...
"custom": {
...
"NotifyReadOnlyDoc": "use"
},
...(생략)...
}
Constraints
- For documents opened through onedrive, sharepoint, and teams, the file path is generated as a URL, so it is not possible to determine whether it is a Mip document through the Mip SDK, and therefore no notification window appears.Therefore, a feature that operates only on local files.
- This feature works when opening an attached document downloaded locally from Outlook, but it is not supported when opening directly from cloud links such as SharePoint. (For the same reason as above.)
Notification Message
Third-party Tenant MIP Document Access Confirmation Guide
Overview
A user logged in with a company accountDocuments protected with MIP (Microsoft Information Protection) labels from other companies' tenantswhen opening,**"Documents protected by other companies may have restricted access. Do you still want to proceed?"**This is a feature that first displays a confirmation dialog to allow the user to directly choose whether to open or block it.
The reason this feature is needed
MIP label protects the document**Company (Tenant)**Permissions are grouped by unit. Therefore, company employees are associated with clients and partners, etc.MIP document protected by third-party tenantIf you open it after receiving it, you will not be able to access the document normally as it cannot pass the protection policy with your company account.
The problem is**In the existing operation, the user could not identify the cause of this situation.**is the point.
- When opening third-party MIP documents, MIP authentication fails.Blank screen · Unknown errorIt has ended.
- In some paths,"The validity period has expired"sameInaccurate messagewas displayed, leading the user to misunderstand the cause.
- As a result, inquiries (VOC) such as "The document is broken / The product malfunctions" have been repeatedly received.
This feature is designed to eliminate this confusion at the time of opening the document.**"This document is identified in advance as a document protected by another company."**to provide accurate guidance, and still allows the user to choose whether to open it.
Operation Method — "Confirm and Select" Instead of Forced Blocking
This feature does not block third-party documents under any circumstances.Yes / No confirmation dialogIt leaves the judgment to the user.
- YesSelect → Proceed with document viewing as before (actual viewing may be restricted due to third-party protection).
- No / Close Window (X) / No Response→ Document ViewingBlockdoes.
Summary: If an employee of our company opens a document protected by MIP from another company's tenant, a confirmation window will first appear stating, "This document is protected by another company, and access may be restricted. Do you still want to proceed?" The access will proceed or be blocked based on the user's yes/no selection.
Application Entry Point
This feature allows users to open documents.Two PathsIt applies to.
| # | Entry Point | User Action |
|---|---|---|
| 1 | Explorer double click | When double-clicking an Office document in Windows Explorer to open it |
| 2 | Office 'Open' dialog box | When selecting and opening a document in the [File → Open → Browse] dialog box of Word / Excel / PowerPoint |
Opening methods other than the two paths above —Drag & Drop · Select from Recent Documents in Office · Acrobat (PDF)— is excluded from the scope of this feature (see the limitations below).
User Screen (Notification Confirmation Window)
If judged as a third-party tenant MIP document, the following will be:Yes / No confirmation dialogThis will be displayed.
┌─────────────────────────────────────────────┐
│ Document Security │
│ │
│ '<File Name>' is protected by an MIP label │
│ from another tenant. Do you still want to │
│ open it? │
│ │
│ [ No(N) ] [ Yes(Y) ] │
└─────────────────────────────────────────────┘
The button is on the screen.No / YesIt will be arranged in order (same as the existing product message window UI).
| User Selection | result |
|---|---|
| No (N) | Access to the document is blocked. |
| Yes(Y) | Proceeding with document viewing (actual viewing may be restricted due to third-party protection). |
| Close Window (X) / Unresponsive (Auto Close) | Safely BlockProcessing. (To ensure that 'Yes' is not automatically selected, it defaults to 'No' in case of no response.) |
- The text does not contain the full path but ratherFile name onlyThe displayed path information is not exposed.
The guidance text is provided in six languages: Korean, English, Japanese, Chinese, German, and Russian, and is displayed according to the system locale (if the language resource is not available, it will be displayed in English).
Action Scenario Summary Table
| # | situation | Operation Result |
|---|---|---|
| 1 | Third-party Tenant MIP DocumentOpen with Explorer/Office + User**'Yes'** | Display confirmation window → Proceed with viewing (Actual viewing may be restricted due to third-party protection) |
| 2 | Third-party Tenant MIP Document+ User**'No' / X / No response** | Display confirmation window →Access Blocked |
| 3 | Our MIP Document(No company permission) | Do not intervene in this function →Fallback to the existing message(Issued GUID = Company GUID, not third party) |
| 4 | General Document / Company Authority Normal Document / Non-MIP Document | Do not intervene in this function → View normally as usual |
| 5 | Products Excluding Third-Party Identification Core | Identification Core Absence →No Action, all documents open the same as before |
| 6 | Drag and Drop / Recent Documents List / Open with Acrobat (PDF) | Outside of applying this feature — Display app errors and login windows as before without a notification window (see limitations) |
This feature isOnly when it is a third-party tenant MIP documentIntervenes (Scenario 1·2). Other (Company documents·General documents) are not blocked or guided at all, so there is no impact on existing operations.
Support Document Types
This feature isEntry point of the Office 'Open' dialog for Office documentsIt operates on the target. Supported Office versions/types are Word, Excel, and PowerPoint of 2016 / 202X.
- Explorer Double Click Entry PointIt operates on the document extensions supported by the product.
- PDF is not supportedis (see the restrictions below).
Constraints
Unsupported document opening paths (Drag and drop · Recent documents · Acrobat PDF)
There are four main ways to open a document, and this feature is one of them.**Only two paths with 'blocking point before opening'**I apply.
| Opening Path | support |
|---|---|
| a. Double-click in the explorer | support |
| b. Open the Office 'Open' dialog box and select | support |
| c. Open in Office by Drag & Drop | Not supported |
| d. Open by selecting from the recent documents list in Office | Not supported |
| (Open with Acrobat (PDF)) | Not supported |
There are two supported paths (double-clicking in Explorer · Office 'Open' dialog) where a confirmation dialog can be intercepted and displayed before the document opens, but there are no such pre-blocking points in the drag-and-drop, recent documents, or Acrobat (PDF) paths, making it currently difficult to support safely.
User Impact: c·d·Acrobat If you open third-party MIP documents, the guide window for this feature will not be displayed, and the error/login window of the respective app (Office/Acrobat) will appear as before. It is a third-party document.**Detection (Recognition)**It is possible to do it itself, but for the above reason, "safely stopping before opening" is currently not possible.
Other Restrictions
- Products Excluding Third-Party Identification Core: Since there is no third-party identification core, guidance and blocking do not operate, and all documents open as before (intended no action).
- Distribution of multilingual guidance messages dependency: Guide Message Resource(
ResUI*.rc6 types, 6.0.0.33) must be distributed together as an SDK installation package. In non-distributed environments, it will be displayed with the default English text. - Safety Lockout on Identification Failure: In uncertain situations such as unresponsive pop-ups or display failures,Safely to the blocking sideProcessing.
- DS365 Certification Status Dependency: Since the tenant GUID of our company is required for determining our company/third party, the DS365 agent must be in a normal login and MIP authenticated state to make an accurate judgment.