Setting Sensitive Content Manager End Points and Managing Scanning Preferences
ControlPoint Application Administrators use the ControlPoint Sensitive Content Manager Configuration dialog to set EndPoints to point to the server(s) on which Sensitive Content Manager is configured. Members of the Compliance Administrators group can also test the availability of each EndPoint and change default preferences for scanning content.
NOTE: ControlPoint Application Administrators can also configure EndPoints individually and update other configuration settings via ControlPoint Configuration Settings - Compliance settings.
To launch the ControlPoint Sensitive Content Manager Configuration dialog:
From the left navigation Manage tab, choose Compliance > Sensitive Content Configuration Maintenance.
Setting EndPoints
The Value of each Sensitive Content Manager EndPoint must be set to point to the server(s) on which Sensitive Content Manager is configured your environment. Use the information in the following table for guidance.
|
Endpoint |
Description |
Value |
|---|---|---|
|
Sensitive Content Manager Upload EndPoint |
The URL for the Sensitive Content Manager for sending files. This corresponds to the File Upload URL specified at the time Sensitive Content Manager was installed. |
http://<server.domain> (or if installed on multiple servers: |
|
Sensitive Content Manager Results EndPoint |
The URL for the Sensitive Content Manager service for retrieving files job results. This corresponds to the Results Service URL specified at the time Sensitive Content Manager was installed. |
http://<server.domain> (or if installed on multiple servers: |
|
Sensitive Content Manager Profile EndPoint |
The URL for the Sensitive Manager service for retrieving profiles. This corresponds to the Profile Service URL specified at the time Sensitive Content Manager was installed. |
http://<server.domain> (or if installed on multiple servers: |
|
Sensitive Content Manager Search Terms |
The URL for the Sensitive Content Manager service for retrieving rules used to identify a specific kind of sensitive content. This corresponds to the Subquestion Service URL specified at the time Sensitive Content Manager was installed. |
http://<server.domain> (or if installed on multiple servers: |
When you have finished setting EndPoints, click [Update].
Testing Availability of EndPoints, File Upload, and Results
From the EndPoint Testing tab, you can test the availability of each endpoint that you set, as well as whether files can be uploaded to/received from Metalogix Sensitive Content Manager.
If you click a [Test EndPoint] button and the status returns as Unavailable, make sure that the URL is correct and that the service is available on the Metalogix Sensitive Content Manager server side.
If you click [Test File Upload], ControlPoint will send a sample file to Metalogix Sensitive Content Manager, and will display a log of the action. If you then click [Test File Results], ControlPoint will log the progress of the file's return.
Managing Scanning Preferences
ControlPoint can create columns called Scan Results and/or Terms Detected. Each time a scan is performed, the Severity Level is populated for the scanned item.
ControlPoint Application Administrators can allow this column to be created/populated by changing the value(s) of Automatically add Scan File Results column and update with severity level in SharePoint Lists and/or Automatically Add Terms Detected column and update with severity level in SharePoint Lists from false to true.
Registering and Re-registering the ControlPoint Online App for Modern Authentication
As the last stage of the ControlPoint Online configuration process, the ControlPoint Online app must be registered in the Azure Active Directory to allow Modern Authentication.
The app can also be registered after the installation, as a separate action, if you launch ControlPoint Online Configuration. However, ControlPoint Online cannot be run until the app is registered.
If you do choose to perform this action at later time, you will be prompted to complete the SharePoint online account validation dialog and authenticate using the Office 365 account used at the time ControlPoint was installed (which must be a Global Administrator for the tenant).
NOTE: Once the ControlPoint Online app is registered, it is only necessary to re-register it to change the tenant administrator and/or SSL certificate. Re-registering essentially deletes the existing registration and replaces it with a new one.
To register the ControlPoint Online app in Azure Active Directory:
1.Select the SSL certificate that will allow ControlPoint users to authenticate with Microsoft, using one of the options described in the following table.
NOTE: To allow Microsoft Modern Authentication to be used by all users, the certificate must be located in the Trusted Root store. The Personal store of the ControlPoint installation account cannot be used. You can use the same certificate that you used for IIS Configuration, but a copy must be located in the Root store.
|
If you want to ... |
Then ... |
|---|---|
|
use an existing certificate |
·For the Store Name, make sure Root is selected from the drop-down. The Use Existing Certificate drop-down will be populated with available certificates in the selected store. ·Make sure Use Existing Certificate is selected, then select a certificate from the drop-down. NOTE: If the ControlPoint Installer cannot find a Certificate in the Store, this option will be disabled. |
|
create a new self-signed certificate (default option) |
Select Create new Self Signed Certificate, and enter a Certificate Name. The ControlPoint installer will create a .crt certificate file in the local machine Root store. IMPORTANT: Unlike a .pfx certificate file, which contains a private key, a .crt certificate file is less secure and will not be listed in the Certificate Manager in IIS. |
3Click [Register].
You will be prompted to accept Terms of Use, which grants ControlPoint Online permissions to access and operate on SharePoint Online data. When registration is complete, you can close the browser. The ControlPoint Installer will close automatically.
To re-register the ControlPoint Online app:
1.On the Azure AD Application Registration dialog, click [Registration].
2.Check the Re-Register Application box.
3.Specify a different tenant administrator and/or certificate as described in the procedure "To register the controlPoint Online app in Azure Active Directory."
Running ControlPoint Online Operations Using PowerShell
For any ControlPoint Online operation that includes the Save As option, which generates an xml file with instructions, you can run that operation using PowerShell.
NOTE: Currently, you can only run instructions for analyses using real-time (not cached) data.
Account Login Requirements
You can run ControlPoint Online actions in PowerShell from the server on which ControlPoint Online is installed. The account you use to log into the server machine must be a Site Collection Administrator for the site collections for the scope of the operation being performed.
Before You Begin: Update the App.config File
1Open the file App.config (by default, located in the folder \\Program Files\Metalogix\ControlPoint Online\Powershell).
2Locate the <endpoint address = line, and change http://SMALLTEMPLATE:2828 to the path to the ControlPoint Online application in your environment.
Loading the ControlPoint Online cmdlets
The ControlPoint snap-in contains the cmdlets needed to run a ControlPoint action.
You can either:
·load the snap-in every time you open PowerShell, or
·add the snap-in to your PowerShell profile so it will automatically load the cmdlets whenever PowerShell opens.
Refer to the msdn article on Windows PowerShell Profiles for details on creating a PowerShell profile.
Loading the ControlPoint Online snap-in
NOTE: These are the Windows default directories. The location of files may be different in your environment.
|
Line |
Command |
Description |
|---|---|---|
|
1 |
Set-Alias install util C:Windows\Microsoft.NET\Framework64\ |
Maps an alias to an install utility that ships with the .NET Framework. |
|
2 |
Change to the following directory: C:\Program Files\Metalogix\ControlPoint Online\Powershell\
then add the snap-in by adding Add-PSSnapin xcsnapin; |
Navigates to the directory containing the xcPowerShell.dll file that contains the ControlPoint Online cmdlets. |
|
3 |
installutil xcPowerShell.dll |
Uses the install utility to load xcPowerShell.dll into Powershell |
|
4 |
Add-PSSnapin xcSnapin |
Adds the snap-in containing all of the ControlPoint Online cmdlets. |
Below is an example of the lines of text above in the PowerShell profile.
Below is an example of a PowerShell session with the ControlPoint Cmdlets successfully loaded.
