Skip to main content

Notifications

Using Microsoft Flow in combination with IRM & Sharepoint to address DLP scenarios

Background:-

=============================

  • Customer leverages legacy BI/Visualization/Reporting tool to share key insights with the their leadership team over email. 
  • "PDF” is the chosen format and into which the team has invested considerable time and effort.
  • Automated using business logic built "over-the-years" and not so agile tool, making changes at the source level is a No-GO. 
  • Includes scenarios across:-
    • Single user + Single attachment
    • Multiple users + Single attachment
    • Multiple Users + Multiple attachments

 

Challenge

==============================

  • Data was getting leaked with the PDFs/excerpts getting shared outside the organization.
  • No central repository of these reports for auditing / e-discovery

 

Tech Challenge

==============================

  • A simplistic way to ensure that all attachments (PDF) in the email originating from the legacy reporting publishing engine were encrypted.
  • We could have leveraged office365 Message Encryption, but we do not yet protect a PDF embedded as an attachment.
  • Un-willingness/In-ability to leverage Word / Excel based templates over PDF.  

Possibilities

==============================

  • Microsoft Flow.
  • A high-level flow is as below:-
    • Legacy system generates the email AS-IS the current process.
    • Transport Rule on Exchange Online intercepts the email and “Redirects” it to the generic Mailbox.
    • Microsoft Flow is triggered on the arrival of a new email into their generic Mailbox.
    • It creates a copy of these attachments onto the IRM enabled document library within SharePoint Online.
    • Fetches the attachments into an Array @ runtime
    • Composes and sends out the email to the intended recipients.  
    • NOTE: from an end-user POV, nothing changes, except that the attachment is now encrypted and accessible ONLY via the Azure Information Protection viewer and subject to all IRM policies.  

 Key references

====================

  1. https://flow.microsoft.com/en-us/blog/multiple-attachments-single-email/
  2. https://blog.portiva.nl/2018/03/07/send-email-with-multiple-attachments-using-microsoft-flow-in-offi...
  3. https://flow.microsoft.com/en-us/blog/use-expressions-in-actions/ 
  4. https://powerusers.microsoft.com/t5/Flow-Ideas/More-advanced-options-when-Composing-variables/idi-p/... 
  5. https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-workflow-definition-language 
  6. https://powerusers.microsoft.com/t5/Building-Flows/split-string-and-apply-for-each/m-p/40774?lightbo... 
  7. https://docs.microsoft.com/en-us/azure/azure-functions/functions-compare-logic-apps-ms-flow-webjobs 
  8. https://blog.kloud.com.au/2017/01/27/integrating-microsoft-flow-with-azure-functions-for-non-it-peop... 
  9. https://powerusers.microsoft.com/t5/Building-Flows/Referencing-variables-in-Flow-expressions/m-p/637... 

Comments

*This post is locked for comments