Skip to main content
Skip table of contents

Installation and Configuration Manual

Introduction

Secude's HaloSHARE streamlines and secures your internal and external business operations by simplifying bulk file management with classification, labeling, encryption, and digital watermarking. HaloSHARE extends Microsoft Purview Information Protection (MPIP) to CAD, MS Office files, and non-office formats, such as text and PDF files stored in shared folders, encrypting sensitive data with customizable sensitivity labels that can be tracked, revoked, and set to expire.

What distinguishes HaloSHARE?

Digitization has improved supply chain efficiency but has also contributed to increased vulnerabilities. Sharing unprotected files with supply chain partners puts you at risk for various problems, including operational disruption and financial loss. In a multiuser scenario, when numerous users share access to a system or network, there are several potential file access and security risks. To secure your business operations from harmful attacks along the supply chain while not disturbing workflows, protect all shared project files by default.
HaloSHARE, a labeling solution, can effortlessly overcome the difficulty by automatically encrypting hundreds of sensitive files with a single drag-and-drop into a specified local folder (e.g., OneDrive or SharePoint) on a HaloSHARE-installed machine. Any file moved within the HaloSHARE radius (specified folder) is encrypted and protected against accidental file sharing and illegal access. As a result, this labeling solution protects your data within and outside your organization. Furthermore, HaloSHARE can watermark files while protecting them, allowing you to share and track project files without slowing down workflows.

Implementing this solution in your environment reduces the risk of a data breach and guarantees data protection regulations are always followed without the need for security personnel to perform any additional manual procedures.

About this Manual

This guide will walk you through the installation, configuration, and workflow of HaloSHARE.

Features

  1. Supports the protection of bulk files in folders.

  2. Supports label protection that is based on MPIP and custom permissions that are defined by the user.

  3. Allows you to customize the protection for specific file types.

  4. Support for removing protection easily and re-labeling protected files with an already existing label.

  5. Provides bulk watermarking of sensitive information with visible and unique indications of who has been shared with the files and when (date stamped), offering enhanced security and ownership recognition customized for your needs.

  6. Supports adding custom properties to improve file security and contextual awareness.

  7. Signing the document in the background smoothly while maintaining the custom properties and watermark.

Feature Setup and Licensing Details

Feature Name

Description

Setup Requirements

HaloSHARE File protection

Sensitivity labeling, encryption, and decryption of files.

A license key is required with the protection feature enabled.

Note:

  1. MPIP labels are required from the Entra ID portal.

  2. HaloCAD Add-on for CAD application is required to view the HaloSHARE-protected CAD files.

HaloSHARE watermark

Watermark text as a visual indication. Ensure your license has the following features activated based on your business needs, which can be utilized together or separately.

  1. Watermarking PDF files

  2. Watermarking CAD files

  3. Watermarking office files

A license key is required with the watermark feature enabled.

Note:

  1. HaloCAD Add-on for CAD application is required to view the HaloSHARE watermarked CAD files.

  2. If you use HaloSHARE to watermark files, MPIP labels are not necessary.

HaloSHARE protection with watermark

Both of the above, combined.

A license key is necessary to use the protection and watermark features.

Note:

  1. MPIP labels are required from the Entra ID portal.

  2. To view the CAD file with watermark and protection, install the HaloCAD Add-on for CAD.

Feature set up

General FAQs

This section provides answers to the most frequently asked questions (FAQ). If you have any further inquiries, please get in touch with our sales representative or our support team.

  1. What does HaloSHARE provide for an organization?
    This labeling solution protects your files and enforces security throughout their full life cycle.

  2. Does it protect all native Computer-Aided Design (CAD) file types?
    Yes, HaloSHARE supports all CAD native file types.

  3. What happens if an unauthorized person attempts to open a HaloSHARE-labeled file?
    At first, user authentication takes place. It is a process of verifying the identity of the user. If the user fails during the authentication, he/she will be prompted with an error message and access will be denied.

  4. Who decides what labels should be used for various supplier folders and how it is managed in the background?
    In an organization, a MPIP administrator is responsible for creating and managing labels (user rights) in the Microsoft Purview portal. The choice of label can be made by engineers or designers who create drawings for a specific supplier.

  5. What if I don't want a certain file type to be protected?
    HaloSHARE encrypts any file based on the extension specified in the configuration. As a result, you can whitelist file types to be encrypted and blacklist file types by not defining them in configuration.

  6. Is it possible to apply custom permissions to protect a file?
    Yes, HaloSHARE allows users to apply custom permissions without using Azure labels.

  7. How to open a protected CAD file?

    You can view a Protected CAD file using a HaloCAD Add-on for CAD applications.

  8. How to open a protected PDF file?
    You can view a Protected PDF file using the Acrobat Reader DC / Acrobat DC application. Additionally, it can be viewed with the Microsoft Purview Information Protection unified labeling client.

  9. Is there another way to protect a PDF file without MPIP labels?
    Yes, HaloSHARE adds a watermark on a PDF and signs it. Signing a PDF with a certificate makes it read-only for others, resulting in a protected PDF file.

  10. How do I view the watermark on a CAD file?
    When a HaloSHARE-watermarked CAD file is shared with external partners, they can view it by installing the HaloCAD add-on for CAD applications.

Quick Start Installation Summary

The following image shows the high-level idea of setting up HaloSHARE.

HaloSHARE_Quick start implementation steps.png

Quick start implementation steps

Architecture

HaloSHARE is a service that runs on a Windows Server and communicates with the Microsoft Rights Management Service (RMS) to encrypt files in a specific folder using predefined MPIP labels or user-defined custom permissions. Through the HaloSHARE configuration screen, HaloSHARE users can map their suppliers and their associated folders.

HaloSHARE Protection

When unprotected sensitive files are added to the shared folder that HaloSHARE is constantly monitoring, they are screened, and the HaloSHARE Service communicates with the Microsoft Rights Management Service (RMS) to automatically encrypt the files using predefined MPIP labels or user-defined custom permissions.

HaloSHARE Watermark

When files are placed in the shared folder that HaloSHARE is constantly monitoring, they are automatically screened, watermarked (e.g., confidential), and signed with a digital certificate. As a result, the files are secure and cannot be edited by any user. These secured files will include metadata that has been set up by the administrator in the HaloSHARE service.

HaloSHARE_New Arch.png

Architecture

At a high level, the HaloSHARE workflow consists of these steps:

Assume that in a corporate landscape, different teams produce and share files with designated folder names, such as "Supplier 1-Prestin Engineering" and "Supplier 2-United Engineering", in a locally shared folder on a HaloSHARE-installed machine. Additionally, HaloSHARE is configured to move files to a destination folder, as illustrated below.

Source Folders

Destination Folders

Supplier 1-Prestin Engineering

C:\SharePoint\Supplier 1

Supplier 2-United Engineering

C:\Onedrive\Supplier 2

Source and destination Folders

Based on the feature selection, the following process takes place:

HaloSHARE for protection: HaloSHARE scans the folder and subfolders for new files, determines whether to encrypt them and then applies the appropriate MPIP label or custom permission. The labeled files are transferred to the destination folders, usually a shared folder specific to your supplier. The destination folder can be a OneDrive\SharePoint directory. As a result, every supplier gets their destination folder for sharing business information.

HaloSHARE for watermark: HaloSHARE scans the folder and subfolders for new files. When a new file arrives, it is watermarked and signed with a digital certificate. The watermarked files are transferred to the destination folders, usually a shared folder specific to your supplier. The destination folder can be a OneDrive\SharePoint directory. As a result, every supplier gets their destination folder for sharing business information.

Third parties, including suppliers, vendors, and external consultants, can only access HaloSHARE-protected and watermarked files through the HaloCAD Add-on. Please refer to HaloCAD manuals for more information.

System Requirements

The following system requirements table specifies the minimum and recommended technical specifications, such as software and network resources, necessary to run the product.

Components

Details

Operating System

  1. Supported in Microsoft Windows Server 2022 and above. Note: HaloSHARE can also run on a Windows client machine, but it is recommended to run it on a server system.

  2. Requires .NET Framework 4.6.2 and above.

  3. Latest Windows system updates installed.

MPIP Label protection-specific requirements

Office 365 Subscription

  1. An Azure subscription is required to use Azure RMS and the MPIP functionality.

  2. A working Microsoft Entra ID service must be available.  

  3. Microsoft Purview Information Protection must be fully configured.

  4. HaloSHARE creates an outbound network communication with Microsoft Azure Services.

  5. TLS 1.2 or higher must be enabled to ensure the use of cryptographically secure protocols.

  6. Register an application to get the Application (client) ID and Tenant ID in the Azure portal.

  7. Refer to the below table “Recommended URLs, Addresses, and Ports for MPIP” to know about the service endpoints.

Supported file types

  1. File types that will be included when adding asterisk symbol (*) are .dwg, .dxf, .ipt, .iam, .idw, .ipn, .rvt, .rfa, .prt, .asm, .drw, .frm, .mfg, .sec, .lay, .par, .dft, .eps, .emn, .emp, .psm, .jt, .sldprt, .sldasm, .slddrw, .slddrt, .dgn, .step, .ige, .iges, .neu, .log, .3dm, .3ds, .acis, .amf, .catpart, .catproduct, .cgr, .dae, .dwf, .easm, .fcstd, .g, .gcode, .gltf, .glb, .icd, .igs, .iv, .model, .obj, .pic, .plmxml, .sat, .smt, .stl, .stp, .ste, .stpz, .tcw, .u3d, .unv, .usdz, .vda, .pvz, .qif, .wrl, .x_b, .x_t, .xaml, .z3, and .zip.

  2. Creo file formats with iteration: .prt, .asm, .sec, .frm, .drw, .lay, .cem, .mfg, .neu, .log, and .pvz.

  3. Microsoft Office and non-office file formats.

Watermark specific requirements

Files supported for watermarking

.pdf, .docx, .xlsx, .pptx, .dwg, .rvt, and .ifc.

Supported CAD application for watermark

  1. AutoCAD 2023, 2024, 2025

  2. Revit 2023, 2024, 2025

Application for viewing protected and watermarked files

  1. HaloCAD Add-on for CAD application.

  2. To view metadata in a Revit application, you need to install the RevitLookup tool.

Requirements

Recommended URLs, Addresses, and Ports for MPIP

MIP SDK doesn't support the use of authenticated proxies. So, make sure you set the Microsoft 365 service endpoints to bypass the proxy. View a list of endpoints at Microsoft Online Documentation. However, Microsoft recommends the following:

Addresses

Ports

*.protection.outlook.com

40.92.0.0/15, 40.107.0.0/16, 52.100.0.0/14, 52.238.78.88/32, 104.47.0.0/17, 2a01:111:f403::/48 

TCP 443

*.aadrm.com, *.azurerms.com, *.informationprotection.azure.com, ecn.dev.virtualearth.net, informationprotection.hosting.portal.azure.net,*.office.com (add substrate.office.com if you don't want to add all sub-domains), crl3.digicert.com, crl4.digicert.com.

TCP 443, 80

For event logging

*.events.data.microsoft.com

TCP 443

National Cloud

Microsoft Entra ID authentication endpoint

Microsoft Entra ID for the US Government

https://login.microsoftonline.us

Microsoft Entra ID (global service)

https://login.microsoftonline.com

Recommended endpoints

Secude License Manager

To communicate with Secude License Manager, the following URL and port must be whitelisted in the customer's proxy:

Address

Port

License API - api.licensespring.com

TCP 443

Recommended license manager endpoint

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close