Skip to main content

Conditional Policy - Endpoint Menu Guide (Under Revision)

※ Last updated: 2025-05-21

The endpoint conditional policy is a feature that allows you to set conditional policies in Document Security 6 installed on a local PC and control the security processing of documents.

It is possible to convert general documents to AIP documents or DRM documents, or to convert between AIP documents and DRM documents.

This guide explains the components and configuration methods of Endpoint Conditional Policies.

Endpoint Conditional Policy Components

Click on the Conditional Policy menu in the SHIELD DRM admin page to access the Endpoint screen.

Endpointmain

Policy List Table Structure

  • **Priority:**It indicates the order of execution of the policy.
  • **Policy Name:**This is the unique name of the policy.
  • **Description:**The purpose of the policy or a brief description.
  • **Members:**Specifies the users, groups, or policy groups to which the policy applies.
  • **Target document:**Types of documents to which the policy applies (General Documents, DRM, AIP)
  • **Document Path:**Specify the file path where the policy is applied.
  • **Event Trigger:**Event Types Where Policies Are Executed (e.g., File Save, Move, etc.)
  • Document Encryption Policy: This is the document encryption policy applied in the policy.
  • Last modified date: This is the date when the policy was last modified.

How to Register Endpoint Conditional Policies

Endpoint등록

1. Policy Registration

Click the [Register Policy] button to enter the policy creation screen.

2. Enter Basic Policy Information

  • Policy Name *(required)*Enter the unique name of the policy.

  • Policy DescriptionYou can enter the purpose of the policy or a brief description.

  • Member Designation (required) :

    • Select the user or group to which the policy will be applied.
    • Can be specified as [All Users], specific users, groups, or policy groups.

  • Specify the target document type (required) :

    • Select the document type to which the conditional policy will be applied.
    • Multiple selection available(e.g., general document + DRM document)
    • The selectable document types and supported extensions are as follows:
Document TypeDescriptionSupported Extensions
General DocumentUnencrypted plaintext documentdoc, docx, xls, xlsx, xlsb, xlsm, ppt, pptx, pps, ppsx, pptm, pdf
DRM DocumentDocument Security (DS) based DRM applied documentdoc, docx, xls, xlsx, xlsb, xlsm, ppt, pptx, pps, ppsx, pptm, pdf
AIP DocumentDocuments based on Microsoft Azure Information Protectiondoc, docx, xls, xlsx, xlsb, xlsm, ppt, pptx, pps, ppsx, pptm, pdf

(+) Additional settings when selecting the specified DRM document:

  1. Check Constructor Information
    • Check if the document creator is the same as the logged-in user
    • Option: Same / Not the same
  2. DRM Document Encryption Types
    • Select from DAC(ACL), MAC(Category), GRADE(Rating)
    • You can enter the relevant ID depending on the selected type.
  3. DRM Document Permission Assignment
    • Check document permissions for logged-in users, creators, and added groups
    • Types of permissions: Read, Edit, Output, Export, Release, Change Permission, Print Marking, Validity Period
  4. File Extension Specification
    • Specifying the Extension of the Target DRM Document

  • Document Path Specification (Required):

    • You can specify the document path or set it to target the entire path.

      • Example:C:\Users\Documents, %TEMP%

  • Document Event Specification (Required):

    • Set the event for the policy to be executed.
      • Right-click the mouse and click on the [Encrypt Document] menu.
      • Right-click the mouse and click the [Document Conversion] menu.
      • Document Viewing/Editing and Closing (or Saving)
      • Document Viewing
      • Moving / Copying Files in OneDrive
      • Moving / Copying Files to OneDrive
      • Moving / Copying Files in SharePoint
      • Moving / Copying Files in SharePoint
      • Downloading Files from the Cloud

3. Setting Conditions

  • **Location (IP):**You can specify the range of IP addresses to which the policy will be applied.
    • 등록된 모든 위치Selecting this will apply the policy to the entire network.
    • 등록된 위치에서 선택You can specify a specific IP range through __PH_0__.
    • You can set up exception IPs so that policies are not applied to specific IPs.
  • **Time:**You can specify the time zone in which the policy will be applied.
    • 시간 제한 없음If you select it, the policy will always be applied.
    • 등록된 시간에서 선택You can specify a specific time zone through __PH_0__.
    • You can set exception times so that policies do not apply during specific time zones.

4. Document Policy Enforcement Settings

  • The document enforcement policies that can be set in the endpoint policy are as follows:

    • **Encryption with DRM:**Encrypt the document in DRM format to enhance security.
      • You can select the DRM encryption types (DAC, MAC, GRADE).
        • DAC permission settings: You can specify read, edit, release, export, marking, permission changes, etc.
    • **Encryption with AIP:**You can encrypt documents and apply labels through Microsoft AIP.
      • Select the AIP label to assign a label to the document.
      • You can select labels from a predefined list of AIP labels.
    • **Maintain State:**The encryption status of the existing document is maintained as is, and no transformation work is performed.

5. Enable Policy

  • You can set the usage and validity period of the policy.
  • Usage statusYou can set the activation or deactivation of the policy through the toggle button.
  • Expiration Date: You can specify a start date and an expiration date, and the expiration date will무기한You can also set it to.

6. Save and Complete

  • Once all settings are complete저장Click the button.
  • Registered in the policy list, and thereafterEdit/DeleteIt is possible.

Editing Endpoint Conditional Policies

  • You can click on the policy you want to edit from the policy list to change the detailed settings.
  • When changing the order of policies, the priority is reset.

Cautions

  • The policy name must be unique and cannot be duplicated.
  • Fields marked with an asterisk (*) are required to save the policy.
  • For DRM and AIP documents, you need to check and set the list of convertible file extensions.
  • Items with higher priority in the policy will be executed first.
  • When editing the policy, the changes will be applied by clicking the save button.