Obfuscate the DLP AIP automation rules stored on the clients so users can't see them / leak then / work around them
Currently the policy.msip file is a plain text JSON file that can be viewed and edited locally. Customers have asked for this to be encrypted so it is not readable by users and other applications.
This functionality (Exact Match, which uses a list of keyword hashes as an input) is currently being built as part of the Unified Labeling platform.
Keith Adley commented
Will this solution be available in AIP in Office 2013? We must have some protection of the policy file.
This Azure policy file (*.msip) is in clear that can be viewed and easily edited by any end user on his\her PC. This can a big security risk if someone send it outside. What if we put some content base policies then any user can easily view it here. We need to have any mechanism to encrypt this file or at least apply some temper protection.
More than a good idea, it's a real need to protect this kind of information. On our side, detection patterns include really sensitive data and algorithms which must not be divulged outside a short circle of insider to avoid risk of attempts to circumvent our data leakage controls