What is Azure Information Protection and Its Benefits? | Microbyte

What is Azure Information Protection and Its Benefits?

Azure Information Protection

Protecting proprietary information and managing company communications present challenges to modern organisations. Sensitive data shouldn’t be shared outside of departments, and great care must be taken to allow only authorised personnel either to

Azure Information Protection is designed to augment and improve upon current protections for documents and emails within an organisation, both internally and in the cloud. It works directly within Microsoft 365 and related apps to help ensure unauthorised sharing or access is prohibited.

What is Azure Information Protection?

Azure Information Protection (AIP) is a cloud-based solution to add another layer of primarily file-level controls to prevent unauthorised access, sharing, or distribution. It’s designed to work under the Microsoft Purview Information Protection system, which includes AIP and other advanced features for data security protection.

AIP brings new opportunities to create security taxonomies and added controls by tagging files using sensitivity labels. Labels are assigned explicit permissions, depending on what’s required within the department and business.

The Microsoft 365 suite of Office apps and the latest retail version of Microsoft Office include the ability to assign labels to files. Other implementations allow either manual assignment, file repository scanning, or automated label assignment to existing files.

Directory/Folder-Level and User-Level Controls

Previously, companies mainly relied on various implementations of folder-level and user-level access controls for file systems. These had various names, including Windows Rights Management Services, and Active Directory Rights Management Services, amongst others.

Broadly speaking, these ensured that files in certain folders – for instance, relating to a specific department – could only be accessed by that team alone. Also, user-level protocols permitted senior managers to access files for the departments or smaller teams they’re responsible for too.

Potential Limitations of Active Directory and Previous Solutions

While active directory and user-level controls perform well, they have limitations.

For instance, new documents attached to an incoming email, or the introduction of a new cloud storage repository of files for users, create new problems.

What labels and permissions should they have? When thousands of incoming files are received daily, how can they be manually assigned rights and folders?

Azure Information Protection meets this need by adding an extra layer of security. This primarily works inside the Microsoft 365 apps, Microsoft Teams, SharePoint, and Microsoft 365 groups.

Labelling, Customisation, and Confidentiality

A standard collection of default sensitivity labels exists for AIP. However, these can be extensively modified depending on the organisational needs for which Microbyte can access and implement for you.

Standard labels may include:

  • Personal
  • Private
  • Internal
  • Confidential
  • Highly Confidential

Publishing Sensitive Labels

Once labels are set, classified, and grouped, they can be published internally as an established label policy.

From that point, they’re enforced on all relevant users and user groups.

Confidential Labels

The pre-existing Confidential label has specific restrictions and controls in place.

Files tagged with this label aren’t allowed to be sent outside of the organisation over email or by any other method. Confidential information such as credit card numbers, passwords, or the source code from software under development is restricted too.

Attempts to contravene these limitations, once the labels have been published to all relevant users and groups they pertain to, produce immediate warnings and are actively prevented. Activity logs are also generated for each occurrence.

Highly Confidential Labels

Files tagged using the pre-existing Highly Confidential label have additional elevated limitations.

These almost always include encryption of all files with this label applied, preventing third-party access, and preventing confidential financial data from being exposed. Taking screengrabs of open files is also blocked due to their confidential nature.

Some files may be emailed using a cloud-based email solution, such as Gmail. However, active rights management policies, labelling controls, and file encryption processes ensure that the document or file isn’t accessible to outsiders.

Microsoft 365 Built-in Labelling vs. AIP Add-In

Users of the Microsoft 365 suite now have a Sensitivity option where a currently open file is labelled.

This also applies to the newer standalone versions of Microsoft Office too. Forcing users to label every document they produce is possible to avoid categorisation gaps from occurring.

Built-in Labelling Support – In the future, newer versions of the Office suite of apps will include labelling options by default. These receive the latest features and upgrades.

AIP Add-In – For older Office suite versions, an Add-In file from Microsoft is installable. Add-Ins are sometimes temperamental. Therefore, the preferred tag labelling is performed via the built-in feature.

Automatic Labelling of Files

Automatic labelling of files is supported for Office apps. This is currently available via a Unified Labelling Client.

Auto-labelling is beneficial with files containing sensitive information. Users and users within appropriate groups are prompted to add an appropriate label to their file, or the system does it for them.

 

Manual Labelling Methods

Azure Information Protection uses its unified labelling client to allow for the labelling, file classification, and permission features.

The AIP Unified Labelling Client adds new features to File Explorer and PowerShell to allow an appropriate user to apply labels to relevant files. This adds a right-click context menu option for Classify and protect for easy access.

The AIP on-premises scanner is another labelling method. Administrators can use it to scan file repositories for unlabelled and unclassified files and to tag files that need a label applied. Additionally, files found to contain sensitive information (credit card numbers, etc.) are highlighted to ensure they have appropriate permissions used there too.

There is also an SDK to allow third-party apps, used internally, to apply relevant labels using established labelling policies before the exportation of the file.

In the future, some of these features will be accessible directly within the Microsoft Purview Information Protection system for centralised control by administrators.

Enhanced Email Security

Email security is paramount today. Many email attachments arrive from third parties that not only must be scanned for potential malware and viruses but also require tagging with the most relevant sensitivity label.

AIP ensures that files reaching email servers, including Outlook users, get labelled once received. This ensures that appropriate file security policies are applied in real-time.

Let Microbyte Improve Your File Security Today

Microbyte is highly experienced in setting up improved file security via the features within Azure Information Protection. Let our team better protect your files, email usage, and confidentiality of propriety information.

Get in touch today.

Similar blogs

The hidden cost of poor IT Support

The hidden cost of poor IT Support

Quality IT support is as much about top-notch security measures and cybersecurity as it is about technical assistance. As you will learn in this article, the tall grass obscures the hidden cost of poor IT support if you are not careful. Inferior IT support means you are paying for it directly and indirectly. Repeated IT…

Read More

Avatar photo

Digital Transformation for Dummies

Digital Transformation for Dummies

No matter what industry you work in, you have probably heard the phrase ‘digital transformation’ more and more frequently over recent years. While it might sound like another unnecessary buzzword to throw around the boardroom, it is a crucial process that might dictate your business’s future. We have put together this short guide to demystify…

Read More

Avatar photo

The Benefits of VoIP

The Benefits of VoIP

Business Voice over Internet Protocol (VoIP) is now used by approximately two-thirds of organisations globally. It represents the digitisation of phone calls and other communications. Along with replacing traditional phone lines, VoIP often supports video calls, private messaging, and add-on features.  There are now over 3 billion people using VoIP technologies. Learn about the excellent…

Read More

Avatar photo

Vulnerability Testing for Cyber Essentials

Vulnerability Testing for Cyber Essentials

Cyber Essentials (CE) certification assists UK companies in improving their cyber security posture. Using advanced National Cyber Security Centre (NCSC) approved methodologies, businesses can protect themselves from common cyber threats. Cyber Essentials and Cyber Essentials Plus (CE Plus) are part of the certification process. Conducting vulnerability scans and reviewing security controls are required for Cyber…

Read More

Avatar photo

Transforming Oregon's Construction Industry with IT Support

Transforming Oregon’s Construction Industry with IT Support

In Oregon, one industry stands out as the backbone of the state’s economy: construction. Contributing $16.22 billion to the state’s GDP in 2023, up from $5.41 billion in 2021, the construction sector continues to grow and remains a vital part of the economy.  From housing estates and renovation projects to commercial spaces and urban redevelopment,…

Read More

Avatar photo

Why is IT support in Dubai so bad?

Why is IT Support in Dubai so bad?

With its impressive skyline, reputation for innovation and being at the forefront of tourism and international business, Dubai seems like the kind of place to have some of the best IT support in the world. Internationally connected and popular with businesses that are increasingly reliant on technology, the city is a tax-free, global expat dream….

Read More

Avatar photo