Using Microsoft Flow in combination with IRM & Sharepoint to address DLP scenarios
Background:-
=============================
- Customer leverages legacy BI/Visualization/Reporting tool to share key insights with the their leadership team over email.
- "PDF” is the chosen format and into which the team has invested considerable time and effort.
- Automated using business logic built "over-the-years" and not so agile tool, making changes at the source level is a No-GO.
- Includes scenarios across:-
- Single user + Single attachment
- Multiple users + Single attachment
- Multiple Users + Multiple attachments
Challenge
==============================
- Data was getting leaked with the PDFs/excerpts getting shared outside the organization.
- No central repository of these reports for auditing / e-discovery
Tech Challenge
==============================
- A simplistic way to ensure that all attachments (PDF) in the email originating from the legacy reporting publishing engine were encrypted.
- We could have leveraged office365 Message Encryption, but we do not yet protect a PDF embedded as an attachment.
- Un-willingness/In-ability to leverage Word / Excel based templates over PDF.
Possibilities
==============================
- Microsoft Flow.
- A high-level flow is as below:-
- Legacy system generates the email AS-IS the current process.
- Transport Rule on Exchange Online intercepts the email and “Redirects” it to the generic Mailbox.
- Microsoft Flow is triggered on the arrival of a new email into their generic Mailbox.
- It creates a copy of these attachments onto the IRM enabled document library within SharePoint Online.
- Fetches the attachments into an Array @ runtime
- Composes and sends out the email to the intended recipients.
- NOTE: from an end-user POV, nothing changes, except that the attachment is now encrypted and accessible ONLY via the Azure Information Protection viewer and subject to all IRM policies.
Key references
====================
- https://flow.microsoft.com/en-us/blog/multiple-attachments-single-email/
- https://blog.portiva.nl/2018/03/07/send-email-with-multiple-attachments-using-microsoft-flow-in-offi...
- https://flow.microsoft.com/en-us/blog/use-expressions-in-actions/
- https://powerusers.microsoft.com/t5/Flow-Ideas/More-advanced-options-when-Composing-variables/idi-p/...
- https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-workflow-definition-language
- https://powerusers.microsoft.com/t5/Building-Flows/split-string-and-apply-for-each/m-p/40774?lightbo...
- https://docs.microsoft.com/en-us/azure/azure-functions/functions-compare-logic-apps-ms-flow-webjobs
- https://blog.kloud.com.au/2017/01/27/integrating-microsoft-flow-with-azure-functions-for-non-it-peop...
- https://powerusers.microsoft.com/t5/Building-Flows/Referencing-variables-in-Flow-expressions/m-p/637...
*This post is locked for comments