Glossary
Product-related Terms
| Terminology | Description |
|---|---|
| SHIELD DRM | A cloud-native DRM service that provides document security optimized for the Microsoft 365 environment. Automatically converts DRM documents to AIP documents. |
| Document Security (DS) | A solution for managing and protecting DRM encrypted documents on a local PC. Based on DS6 (version 6). |
| Document Security 365 (DS365) | Service integrated with Document Security in the Microsoft 365 environment |
| Security365 Portal | Integrated Management Portal for SHIELD DRM Usage |
| SHIELDrive | Services that support file upload/download related to SHIELD DRM |
Terms Related to Microsoft 365
| Terminology | Description |
|---|---|
| MIP (Microsoft Information Protection) | Microsoft's information protection solutions. Protect organizational data through labels, classification, and security policies. |
| AIP (Azure Information Protection) | Azure-based information protection service. SHIELD DRM automatically converts DRM documents to AIP documents. |
| Sensitivity Label | Information classification and protection labels created in Microsoft Compliance Center |
| Microsoft Entra ID | Old Azure AD. SHIELD DRM is the authentication system used in the MSAL authentication flow. |
| Compliance Center | Microsoft 365 Information Protection and Label Management Center |
| Tenant | Unique identifier unit of a Microsoft 365 organization..onmicrosoft.comDomain Criteria |
| Multi-GEO | Multi-region configuration of SharePoint supports site management for each region. |
| Microsoft Graph | Microsoft 365 Data Access API. Throttling limits applied to API requests |
| E3, E5 | Types of Microsoft 365 Subscription Licenses. E3 or higher is recommended when using SHIELD DRM. |
Authentication and Authorization Terms
| Terminology | Description |
|---|---|
| Global Administrator | Global Administrator of Microsoft 365 Tenant |
| Compliance Manager | Role with AIP label creation and publishing permissions |
| MSAL (Microsoft Authentication Library) | Authentication Library Based on Microsoft Entra ID |
| Client Credential Flow | Authentication method to obtain a token using the app's Client ID/Client Secret |
| App ID / App Secret | Security Token Pair for SHIELD DRM Service Authentication |
| ACS (Azure Access Control Service) | Legacy app authentication service. Scheduled to end in April 2026. |
Terms Related to DRM Encryption
| Terminology | Description |
|---|---|
| DAC (Document Access Control) | DRM Document Permission Control Method. Fine-grained control of permissions by user. |
| MAC (Mandatory Access Control) | Document Classification-Based Mandatory Access Control Method |
| GRADE | Access Control Methods Based on Document Classification (Confidential, Internal, etc.) |
| BYOK (Bring Your Own Key) | A method where the client provides their own encryption key to protect the document. |
| HYOK (Hold Your Own Key) | How the customer’s key management server holds encryption keys |
| SCI Server | External server managing encryption keys and permission policies |
| DRM Document Conversion | Process of converting DRM encrypted documents to AIP labeled documents |
Policy-related terms
| Terminology | Description |
|---|---|
| Conditional Policy | A policy that automatically applies encryption based on conditions such as user, location, time, and document type. |
| Endpoint Policy | Conditional policies set in Document Security of Local PC |
| Cloud Storage Policy | Conditional policies applied to documents created/uploaded in OneDrive, SharePoint, and Teams |
| SDF (Sensitive Docs Flow) | A framework that provides fine-grained control for document security (encryption, decryption, export, and application of hidden information) |
| Policy Priorities | Determining the execution order when multiple policies conflict. Higher priority policies are executed first. |
| Non-Retry Keywords | Specific Keywords and Phrases Exempted During AIP Conversion/Release |
Event Handling and Synchronization Terms
| Terminology | Description |
|---|---|
| Event Receiver | A mechanism to detect and receive file events in SharePoint/OneDrive. Replacing the existing Add-In method. |
| Add-In | Individual installation required for each site with the existing SharePoint integration method. Scheduled for deprecation with the end of ACS. |
| Webhook | Asynchronous method where SharePoint sends an HTTP POST request to a server endpoint when an event occurs. |
| Subscription | Registering a Webhook or Event Receiver to a specific resource |
Performance-related terms
| Terminology | Description |
|---|---|
| Throttling | The mechanism by which Microsoft applies rate limits to API requests |
| Rate Limiting | Technology to limit the number of API requests within a specific time frame |
| Token Bucket | Rate Limiting method that issues tokens at a steady rate and consumes tokens during request processing. |
| Retry Logic | A mechanism that automatically retries tasks in case of temporary errors |
| Queue | A structure that manages documents waiting for conversion to be processed in order. |
Storage-related Terms
| Terminology | Description |
|---|---|
| OneDrive | Personal cloud storage of Microsoft 365. SHIELD DRM event detection target |
| SharePoint | Document library and collaboration platform of Microsoft 365. Event Receiver installation target |
| Teams | Microsoft 365's team collaboration platform. Supports document uploads within the Files tab. |
| Site Collection | A top-level unit of SharePoint that includes multiple sites. |
| Document Library | Library for managing documents in SharePoint |
Logging and Monitoring Terms
| Terminology | Description |
|---|---|
| Dashboard | Admin screen for real-time monitoring of conditional policy operation status and document status |
| User Log | User's document conversion status record |
| Admin Log | Activity Log in the Admin Page |
| Audit Log | Detailed Activity Log for Security Auditing |
| Integrated Log | Integrating and managing logs for file conversion, decryption, and blocking senders. |
Infrastructure Terms
| Terminology | Description |
|---|---|
| Kubernetes (K8s) | Container orchestration platform. SHIELD DRM deployment environment |
| RabbitMQ | Message Broker. Used for event reception and asynchronous processing. |
| ConfigMap | Object for managing application configuration in Kubernetes |
| Event Hub | Central Receiving and Processing System of Event-Driven Architecture |
Security-related Terms
| Terminology | Description |
|---|---|
| Document-Centric Security | Document-centric security approach that applies encryption and policies to the document itself |
| Permission Rights | Access permissions for the document. Reading, editing, output, export, release, permission changes, print marking, expiration, etc. |
| Print Marking | A security feature that marks specific marks on a document during printing to ensure traceability. |
| DLP (Data Loss Prevention) | Policy to Prevent Sensitive Data from Being Leaked Outside the Organization |