Label and Secure your Files in SharePoint Online with Muhimbi

Today, it has become easier than ever to make almost any internal document or PDF available to anyone, anywhere- even if they’re outside of your organization.

This is usually a good thing, but the risk is that someone could send something somewhere, without understanding the consequences until it’s too late, or perhaps just not caring about the consequences to begin with. Many organizations have set specific policies or guidelines in place regarding the protection of documents with proper classification, labeling and access control. This helps with the accidental dissemination of confidential documents, but does little to address the malicious spread of them.

So, what are you to do to stop both the accidental and the malicious spread of confidential documents, while still making them available for people to do their jobs? In this blog post, we’ll answer that question by configuring our SharePoint Online Library with Custom labels and create our own Power Automate solution to copy the label associated with a file, watermark the file with that label, and then use the label to secure the file. All by using the capabilities native to Muhimbi’s PDF Converter Services Online.

Prerequisites –

Before we begin, please make sure the following prerequisites are in place:

• An Office 365 subscription with access to Power Automate (Flow).
• Muhimbi PDF Converter Services Online Full or Trial subscription (Start trial).
• Appropriate privileges to create Flows.
• Working knowledge of Power Automate (Flow).

Let’s start by setting-up our SharePoint Online library with Labels as follows:

Prompt the User to Select a Label every time a File is being uploaded

Navigate to the Settings page of the Document library and in the page that opens up, move to the section where all the Columns present in the Document library are displayed.

Click on Create Column and then configure a column named Label as shown below-

Please note that the Column has been configured as a Mandatory column meaning whenever a File is being uploaded to the Library, it becomes compulsory to choose a Label for that file.

Step 1 – Trigger (When a File is Created in a Folder)

• We use the SharePoint trigger ‘When a File is Created in Folder’.
• For the ‘Site Address’ in the image below, choose the correct site address from the drop down menu.
• For the ‘Folder Id’ in the image below, select the source folder.

Step 2 – Get file Metadata

• For the ‘Site Address’ in the image below, specify the same address as used in the Trigger in Step 1.
• In the ‘File Identifier’ field, navigate to the ‘Add Dynamic content’ line and choose the x-ms-file-id option inside the ‘When a file is created in a folder’ trigger.

Step 3 – Get File Properties

• For the ‘Site Address’ in the image below, choose the correct site address from the drop down menu.
• For the ‘Library Name’ in the image below, select the correct source folder.
• In the ‘Id’ field, navigate to the ‘Add Dynamic content’ line and choose the ‘ItemId’ option inside the ‘When a file is created in a folder’ trigger.

Step 4 – Get file content using Path

• For the ‘Site Address’ in the image below, choose the correct site address from the drop down menu.
• For the ‘File Path’ as shown in the image below, navigate to the ‘Add Dynamic content’ line and choose the ‘Full Path’ option inside the ‘Get File Properties’ action.

Step 5 – Compose action (Grab the Label Value)

• For the ‘Inputs’ as shown in the image below, navigate to the ‘Add Dynamic content’ line and choose the ‘Label Value’ option inside the ‘Get File properties’ action.

Step 6 – Condition to check the Label Value

• Here we are going to check the Label configured for the source file and based on the Label value, we will decide whether the Source file needs to be Secured or not.
• If a file has been configured with a Draft label then this indicates that the file is still in the process of being written and approved.
• This also means that the Stakeholders have not yet reviewed the file and given it the go ahead to be used in business processes.
• We do not need to SECURE such a file or apply restrictions to it, because the file is a work in progress and so does not hold much significance as compared to a file that has been reviewed and has a Label such as Final configured for it.

• So here is how you configure the Condition action.

Outputs  is not equal to  Draft

• On the left hand side of the Condition, navigate to ‘Add Dynamic content’ line and choose ‘Outputs’ (output of the compose action), then choose the parameter is not equal to and on the right hand side of the condition enter the Value ‘Draft’.

• So, if the source file has a label value other than ‘Draft’, the condition will be satisfied and return a response of True. 

Step 6.1 – Condition satisfies to True

As stated earlier, if the condition satisfies to True, that means the label value configured for the source file is not equal to ‘Draft’ and it is either Sensitive or Final. In either of these cases, we should first watermark the source file with the correct Label value and then secure it.

Step 6.1.1 – Add Text watermark

• For the ‘Source File content’, navigate to ‘Add Dynamic content’ line and choose ‘File Content’ option inside the ‘Get File content using path’ action.
• For the ‘Watermark content’ as shown in the image below, navigate to ‘Add Dynamic content’ line and select ‘Outputs’ of the Compose action that holds the value of the Label.
• For the ‘Font family name’, enter Times New Roman (you can choose between Arial, Times New Roman, Calibri)
• For the ‘Font size’ enter 36 (size of font in Pt)
• For the ‘Font color’ enter the hex color code for red i.e #FF0000
• For the ‘Text alignment’, choose Middle center from the options present in drop down menu
• For the ‘Word wrap’ choose None from the options present in drop down menu
• For the ‘Position’ choose Middle Center from the options present in drop down menu
• Enter the ‘Width’ as 400 (In Pt) and ‘Height’ as 400 (In Pt).
• For the ‘Source file name’ as shown in the image below, navigate to ‘Add Dynamic content’ line and choose ‘File Name with extension’ option from the Get file properties action.
• For the ‘Layer’, choose Foreground from the drop down menu
• For the ‘Rotation’ enter the value -45 which implies that the watermark will be rotated in anti clockwise direction to a degree of 45.

Step 6.1.2 – Secure Document

• For the ‘Source File content’, navigate to ‘Add Dynamic content’ line and choose ‘Processed file content’ option from the ‘Add text watermark’ action.
• For the ‘Source file name’ as shown in the image below, navigate to ‘Add Dynamic content’ line and choose File Name with extension option from the ‘Get file properties’ action.
• For the ‘Open Password’ as shown in the image below, enter the Open password. Please note that any password entered here is displayed in clear text.

 Open Password – When specified, anyone who wants to open the file will need to enter this password.

• Similarly for the ‘Owner Password’ as shown in the image below, enter the Owner password. Please note that any password entered here is displayed in clear text.

Owner Password – When specified, anyone who wants to change the security settings on the file will need to enter this password.

• Note that the PDF restrictions can only be applied to PDF’s and not to the Office file formats (.Docx, .Xlsx, .PPTx). If you want you can use the Muhimbi’s Convert to PDF action to first convert the Office files to PDF and then apply PDF restrictions.

• You will see that we are still configuring the action with the PDF restrictions below because we do not know if the Source file will be an Office file or a PDF file. 

• If the Source file is already PDF then the Secure document action will automatically apply the PDF restrictions to the original file and if the source file is an Office file format then these restrictions will get bypassed.

• Here we are configuring following as PDF restrictions- Print|ContentCopy|FormFields|ContentAccessibility

PDF restrictions – One or more restrictions to apply to the PDF file, separated by a pipe ‘|’ character .

By default it applies all restrictions (Print|HighResolutionPrint|ContentCopy|Annotations|FormFields|ContentAccessibility|DocumentAssembly), but any combination is allowed.

Enter the word Nothing to not apply any restrictions. In order to activate these settings you must supply an owner password.

IMPORTANT NOTE – 

If you do not want the Open or Owner Password to be entered in clear text you can configure a Secret in Azure key vault and pass that Secret in the Open Password and Owner Password fields.

Please check my Blog post on Using Azure Key Vault to avoid passing Credentials in Power Automate

Step 6.1.3 – Create file

• For the ‘Site Address’ in the image below, choose the correct site address from the drop down menu.
• Select the correct ‘Folder Path’ where the Watermarked and Secured file should be created.
• For the ‘File name’ as shown in the image below, navigate to ‘Add Dynamic content’ line and choose File Name with extension option from the ‘Get file properties’ action.
• For the ‘File content’ as shown in the image below, navigate to ‘Add Dynamic content’ line option and choose Processed file content from the ‘Secure Document’ action.

Step 6.2 – Condition satisfies to False

As stated earlier if the Condition satisfies to FALSE, then that means that the Label value configured for the Source file is equal to DRAFT, which means we do not need to Secure it, we only need to add a Text watermark.

Step 6.2.1 – Add Text watermark

• For the ‘Source File content’, navigate to ‘Add Dynamic content’ line and choose ‘File Content’ option inside the ‘Get File content using path’ action.
• For the ‘Watermark content’ as shown in the image below, navigate to ‘Add Dynamic content’ line and select ‘Outputs’ of the Compose action that holds the value of the Label.
• For the ‘Font family name’, enter Times New Roman (you can choose between Arial, Times New Roman, Calibri)
• For the ‘Font size’ enter 36 (size of font in Pt)
• For the ‘Font color’ enter the hex color code for red i.e #FF0000
• For the ‘Text alignment’, choose Middle center from the options present in drop down menu
• For the ‘Word wrap’ choose None from the options present in drop down menu
• For the ‘Position’ choose Middle Center from the options present in drop down menu
• Enter the ‘Width’ as 400 (In Pt) and ‘Height’ as 400 (In Pt).
• For the ‘Source file name’ as shown in the image below, navigate to ‘Add Dynamic content’ line and choose ‘File Name with extension’ option from the Get file properties action.
• For the ‘Layer’, choose Foreground from the drop down menu
• For the ‘Rotation’ enter the value -45 which implies that the watermark will be rotated in anti clockwise direction to a degree of 45.

Step 6.2.3 – Create File

• For the ‘Site Address’ in the image below, choose the correct site address from the drop down menu.
• Select the correct ‘Folder Path’ where the Watermarked and Secured file should be created.
• For the ‘File name’ as shown in the image below, navigate to ‘Add Dynamic content’ line and choose File Name with extension option from the ‘Get file properties’ action.
• For the ‘File content’ as shown in the image below, navigate to ‘Add Dynamic content’ line option and choose Processed file content from the ‘Add Text watermark’ action.

Perfect, let’s run our Power Automate solution now and check the outputs.

Let us consider a .DOCX file with a Label FINAL configured for it.

SCENARIO – A .DOCX file with FINAL as a LABEL

Source file –

Flow run –

Watermarked and Secured .DOCX File – 

Keep checking this blog for exciting new articles about Power Automate, SharePoint Online, Power Apps, as well as document conversion and manipulation using The Muhimbi PDF Converter.

Advertisement