MIP Account

Microsoft Information Protection (MIP) is a stack of capabilities that helps you discover, classify, protect, and govern sensitive information wherever it lives or travels. By integrating with Microsoft Information Protection, Cloud App Security secures files and email messages in your cloud.

  • For files in SharePoint Online, OneDrive, and Microsoft Teams (Teams):

    Cloud App Security can decrypt MIP-protected files for scanning, and apply sensitivity labels to or remove sensitivity labels from files.

    Cloud App Security supports scanning and applying Microsoft Information Protection sensitivity labels to the following file types:

    • Microsoft Word: docm, docx, dotm, and dotx

    • Microsoft Excel: xlam, xlsm, xlsx, and xltx

    • Microsoft PowerPoint: potm, potx, ppsx, ppsm, pptm, and pptx

    • PDF: pdf

    • Text: txt

  • For Exchange Online email messages:

    Cloud App Security can decrypt any MIP-protected content (the whole message or only the attachments) of an email message for scanning.

A Microsoft Information Protection (MIP) account grants Cloud App Security the following permissions:

  • Access encrypted files and email messages in Office 365 services if your Microsoft license includes a Microsoft Information Protection service plan

  • Synchronize sensitivity labels from Microsoft and apply them to files


If you have provisioned both a MIP account and an RMS account for the same organization, Cloud App Security uses the MIP account to decrypt files.