File protection

By connecting to existing applications in your environment, you can protect and report on identified sensitive data gathered in workbooks. Once created and applied, you can view protection activity on the ACTIVITY tab of the workbook detail panel.

NOTE: Only file types supported by your selected file protection application can be protected.

File protection systems are implemented through the following connections.

  • Encrypt files using Microsoft Purview Information Protection. In Fusion, this file protection type is referred to as "Microsoft data protection". Once Microsoft data protection systems have been configured in Connect and the desired Microsoft data protection rule applied to items in a workbook in Manage, the binary file (if collected and not on hold), content, and grammar value details are removed from Fusion.

    For each Microsoft data protection system you create in Connect, Fusion reads the associated rules (policies) you have already implemented in your environment. When you manually deactivate a Micorosoft data protection system in Fusion, all rules associated with the system are deactivated. If you re-activate a system, you must manually re-activate the associated rules. When systems or rules are deleted in Microsoft, the systems or rules are automatically deactivated in Fusion.

    NOTE: You can apply Microsoft data protection labels in Fusion 24 hours after the label is created in Microsoft.

    For information about configuring the connection to Microsoft Purview Information Protection, see Microsoft Purview Information Protection connection.

  • Perform custom actions on items in workbooks by connecting to existing applications using Fusion APIs. For example, you can generate a list of sensitive items that you can handover to File Governance Suite (FGS) File Report to create a file access report.

    Once API-based systems have been configured in Connect and the corresponding action applied to items in a workbook in Manage, an API Developer, user using the included APIs, can retrieve the information about the workbook items and can mark the action status as Processing. The designated person can then apply the custom action and take any addition necessary actions.

    Permissions to access the API-based custom actions are created when the system is created. The permissions display at the bottom of the Manage and Workspace Security role permissions in Administration but are not assigned to existing roles by default. You must assign the permission for the custom action to a role. For a user to be able to execute the custom action on items in a workspace, the user must be assigned that role when you create or edit the Security for the workspace. For more information, see "Roles" in the Administration Help Center.

    The defined icon for an API-based custom action displays alongside the default action icons on the Activity tab of workbooks The workspace must have the feature enabled for the API-based action. The features display in a separate column on the Features page when creating or editing a workspace in Manage. Like the default features, you must select the custom action feature for the workspace and assign a user with the necessary role to allow that user to see the custom action icons for the workbook.

    TIP: If you have the appropriate permissions to use the APIs to manage custom actions, see Technical Note: API-based Custom Actions.

You can filter and search for protected items by metadata in Analyze and Manage, but the content of items protected with Microsoft Purview Information Protection is not viewable.

For information about applying file protection rules to items in a workbook, see "Manage workbook activity" in the Manage Help Center.