Skip to main content
Skip table of contents

Installation and Configuration Manual

Introduction

Secude's HaloSHARE is a best-of-breed solution that monitors the configured local or network folders within the organization. HaloSHARE monitors only the folder that the user defines within it. When a file is placed in the configured folder, HaloSHARE encrypts it by effortlessly applying Microsoft Purview Information Protection (MPIP) labels, providing persistent access controls regardless of where it is moved.

What distinguishes HaloSHARE?

In a multiuser environment, where multiple users share access to a system or network, there are several potential file access and security issues. Here are a few common issues:

  1. Users may maliciously or unintentionally access other users' files.

  2. There is a risk in a shared environment that one user will overwrite or modify files belonging to another user.

  3. Inadequate access control systems might let users access files for which they don't have the right authorization.

  4. Unauthorized users gain access to sensitive files.

HaloSHARE, a labeling solution, can easily overcome the challenge by encrypting the files without user intervention with a simple drag-and-drop into a specific local folder on a HaloSHARE-installed machine. This means that any file moved within the HaloSHARE's radius (configured folder) is encrypted and protected from accidental file sharing and unauthorized access. As a result, this labeling solution protects your data as it travels within and outside of your organization.

Implementing this solution in your environment reduces the risk of a data breach and guarantees data protection regulations are always followed without the need for security personnel to perform any additional manual procedures.

About this Manual

This guide will walk you through the installation, configuration, and workflow of HaloSHARE.

Features

  1. Supports folder-based bulk file protection.

  2. Supports both MPIP-based label protection and user-defined custom permissions.

  3. Support for easily removing protection as needed and relabeling an already-existing label on a protected file.

  4. It supports a variety of CAD file types, as well as PDF and Office files.

General FAQs

This section provides answers to the most frequently asked questions (FAQ). If you have any further inquiries, please get in touch with our sales representative or our support team.

  1. What does HaloSHARE provide for an organization?
    This labeling solution protects your files and enforces security throughout their full life cycle.

  2. Does it protect all native Computer-Aided Design (CAD) file types?
    Yes, HaloSHARE supports all CAD native file types.

  3. What happens if an unauthorized person attempts to open a HaloSHARE-labeled file?
    At first, user authentication takes place. It is a process of verifying the identity of the user. If the user fails during the authentication, he/she will be prompted with an error message and access will be denied.

  4. Who decides what labels should be used for various supplier folders and how it is managed in the background?
    In an organization, a MPIP administrator is responsible for creating and managing labels (user rights) in the Microsoft Purview portal. The choice of label can be made by engineers or designers who create drawings for a specific supplier.

  5. What if I don't want a certain file type to be protected?
    HaloSHARE encrypts any file based on the extension specified in the configuration. As a result, you can whitelist file types to be encrypted and blacklist file types by not defining them in configuration.

  6. Is it possible to apply custom permissions to protect a file?
    Yes, HaloSHARE allows users to apply custom permissions without using Azure labels.

  7. How to open a protected CAD file?

    You can view a Protected CAD file using a HaloCAD Add-on for CAD applications.

  8. How to open a protected PDF file?
    You can view a Protected PDF file using the Acrobat Reader DC / Acrobat DC application. Additionally, it can be viewed with the Microsoft Purview Information Protection unified labeling client.

Quick Start Installation Summary

The following image shows the high-level idea of setting up HaloSHARE.

HaloSHARE_Quick start implementation steps.png

Quick start implementation steps

Architecture

HaloSHARE is a service that runs on a Windows Server that communicates with the Microsoft Rights Management Service (RMS) to encrypt files in a specific folder using predefined MPIP labels or user-defined custom permissions. When any unprotected design files are placed inside the shared folder that HaloSHARE constantly monitors, the files are screened and automatically protected without user intervention based on how the configuration is defined in the service.

Note: When a CAD file is protected by HaloSHARE and shared with partners/suppliers, they can view the file by installing the HaloCAD Add-on for CAD applications on their machines.

HaloSHARE_New Arch.png

Architecture

At a high level, the HaloSHARE workflow consists of these steps:

  1. In an enterprise landscape, different teams create and share files with specific names such as "supplier 1-Prestin Engineering" and "supplier 1-United Engineering" in a locally shared folder on a HaloSHARE-installed machine.

  2. HaloSHARE scans the folder and subfolders for new file arrivals determines whether to encrypt or not, and then applies the appropriate MPIP label or custom permission.

  3. If HaloSHARE is configured to move a file to a destination folder, the labeled file is copied to the destination location, which is typically a shared folder for your specific supplier, after applying the encryption. The destination folder can be a OneDrive directory. As a result, each supplier gets its own destination folder for sharing business information. In contrast, if moving the file to the destination folder is not enabled, the protected files remain in the source folder.

  4. Third parties, such as suppliers, vendors, or external consultants, can only access their folders and consume MPIP-labeled files through HaloCAD Add-ons. Please refer to HaloCAD manuals for more information.

Microsoft documentation

This manual assumes that you already have a complete setup of Microsoft Purview Information Protection and you are familiar with using the Azure portal and related concepts. If you are new to Azure, you can refer to Microsoft online documentation regarding setup and configuration.

System Requirements

The following system requirements table specifies the minimum and recommended technical specifications, such as software and network resources, necessary to run the product.

Components

Details

Operating System

  1. Supported in Microsoft Windows Server: 2016 and above. Note: HaloSHARE can also run on a Windows client machine, but it is recommended to run it on a server system.

  2. Requires .NET Framework 4.6.2 and above.

  3. Latest Windows system updates installed.

Office 365 Subscription

  1. An Azure subscription is required to use Azure RMS and the MPIP functionality.

  2. A working Microsoft Entra ID service must be available.  

  3. Microsoft Purview Information Protection must be fully configured.

  4. HaloSHARE creates an outbound network communication with Microsoft Azure Services.

  5. TLS 1.2 or higher must be enabled to ensure the use of cryptographically secure protocols.

  6. Register an application to get the Application (client) ID and Tenant ID in the Azure portal.

Requirements

Recommended URLs, Addresses, and Ports for MPIP

MIP SDK doesn't support the use of authenticated proxies. So, make sure you set the Microsoft 365 service endpoints to bypass the proxy. View a list of endpoints at Microsoft Online Documentation. However, Microsoft recommends the following:

Addresses

Ports

*.protection.outlook.com

40.92.0.0/15, 40.107.0.0/16, 52.100.0.0/14, 52.238.78.88/32, 104.47.0.0/17, 2a01:111:f403::/48 

TCP 443

*.aadrm.com, *.azurerms.com, *.informationprotection.azure.com, ecn.dev.virtualearth.net, informationprotection.hosting.portal.azure.net,*.office.com (add substrate.office.com if you don't want to add all sub-domains), crl3.digicert.com, crl4.digicert.com.

TCP 443

For event logging

*.events.data.microsoft.com

TCP 443

National Cloud

Microsoft Entra ID authentication endpoint

Microsoft Entra ID for the US Government

https://login.microsoftonline.us

Microsoft Entra ID (global service)

https://login.microsoftonline.com

Recommended endpoints

Secude License Manager

To communicate with Secude License Manager, the following URL and port must be whitelisted in the customer's proxy:

Address

Port

License API - api.licensespring.com

TCP 443

Recommended license manager endpoint

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close