A. USER EDITS CONTENT
A user in the organisation is writing a document. In this document the users add in a Social security number of a customer.
B. USER SAVES THE FILE
File is then saved in to a common department share folder on the File server.
C. FCI TASK
A FCI task runs in the background on the file server. It scans the content of all documents on all the file shares.
D. FILE CLASSIFICATION
The file that was saved in STEP B. is detected containing a Social Security Number. At this stage the FCI task classifies the file as "Sensitivity-High".
E. IRM PROTECTION
After the FCI task have classified the file a new task will run in the background. This new task scans the File Server and looks for files that are classed as "Sensitivity - High".
The file will then be protected with a preconfigured IRM template.
The File can then be consumed by authorized users within the organisation, with applied IRM rights.
DLP - File Classification Infrastructure
Each step is explained in detail below:
Microsoft FCI & DLP Explained
Data Loss Prevention Technologies allows you to protect files and content when in use, at rest or when in motion.
In this case, Microsoft FCI works activelywhen data is at rest.
Microsoft FCI can be configured to scan all documents and classify files with sensitive content with a classification tag such as "high". Afterwards a separate task can run to protect all documents classified with high to be protected with IRM.
In below example a Fileserver 2012 with FCI enabled, is configured to scan documents for social security numbers and classify the file as "Sensitivity - High". The file will then be protected with IRM.
Below Work flow explains how the process works from start to end.
Microsoft FCI Features
Microsoft FCI on server 2008 and 2012 allows you to take advantage of following features:
Classify and protect all files in a file server that contains sensitive information.
Classify and Protect files within selected folders.
Classify and Protect all files that has a specific extension or pattern.
Classify and Protect a file directly as the file has enters a file share or folder
A file server provides a central location on the network where files can be stored and shared to users across the organisation. The service allows users accessing a file directly on the server instead of having to pass the files between separate computers.
It is a location where the data rests. What better place to scan the content and classify files with Sensitive information?
Microsoft File Classification Infrastructure also called MS FCI is a role that comes with Server 2008 and upwards and is enabled directly on the file server. This role allows you to scan all files and folders and classify the files. It works seamlessly with RMS and allows to protect your files with IRM directly on the file server.