What is Azure Information Protection and Its Benefits? | Microbyte

What is Azure Information Protection and Its Benefits?

Azure Information Protection

Protecting proprietary information and managing company communications present challenges to modern organisations. Sensitive data shouldn’t be shared outside of departments, and great care must be taken to allow only authorised personnel either to

Azure Information Protection is designed to augment and improve upon current protections for documents and emails within an organisation, both internally and in the cloud. It works directly within Microsoft 365 and related apps to help ensure unauthorised sharing or access is prohibited.

What is Azure Information Protection?

Azure Information Protection (AIP) is a cloud-based solution to add another layer of primarily file-level controls to prevent unauthorised access, sharing, or distribution. It’s designed to work under the Microsoft Purview Information Protection system, which includes AIP and other advanced features for data security protection.

AIP brings new opportunities to create security taxonomies and added controls by tagging files using sensitivity labels. Labels are assigned explicit permissions, depending on what’s required within the department and business.

The Microsoft 365 suite of Office apps and the latest retail version of Microsoft Office include the ability to assign labels to files. Other implementations allow either manual assignment, file repository scanning, or automated label assignment to existing files.

Directory/Folder-Level and User-Level Controls

Previously, companies mainly relied on various implementations of folder-level and user-level access controls for file systems. These had various names, including Windows Rights Management Services, and Active Directory Rights Management Services, amongst others.

Broadly speaking, these ensured that files in certain folders – for instance, relating to a specific department – could only be accessed by that team alone. Also, user-level protocols permitted senior managers to access files for the departments or smaller teams they’re responsible for too.

Potential Limitations of Active Directory and Previous Solutions

While active directory and user-level controls perform well, they have limitations.

For instance, new documents attached to an incoming email, or the introduction of a new cloud storage repository of files for users, create new problems.

What labels and permissions should they have? When thousands of incoming files are received daily, how can they be manually assigned rights and folders?

Azure Information Protection meets this need by adding an extra layer of security. This primarily works inside the Microsoft 365 apps, Microsoft Teams, SharePoint, and Microsoft 365 groups.

Labelling, Customisation, and Confidentiality

A standard collection of default sensitivity labels exists for AIP. However, these can be extensively modified depending on the organisational needs for which Microbyte can access and implement for you.

Standard labels may include:

  • Personal
  • Private
  • Internal
  • Confidential
  • Highly Confidential

Publishing Sensitive Labels

Once labels are set, classified, and grouped, they can be published internally as an established label policy.

From that point, they’re enforced on all relevant users and user groups.

Confidential Labels

The pre-existing Confidential label has specific restrictions and controls in place.

Files tagged with this label aren’t allowed to be sent outside of the organisation over email or by any other method. Confidential information such as credit card numbers, passwords, or the source code from software under development is restricted too.

Attempts to contravene these limitations, once the labels have been published to all relevant users and groups they pertain to, produce immediate warnings and are actively prevented. Activity logs are also generated for each occurrence.

Highly Confidential Labels

Files tagged using the pre-existing Highly Confidential label have additional elevated limitations.

These almost always include encryption of all files with this label applied, preventing third-party access, and preventing confidential financial data from being exposed. Taking screengrabs of open files is also blocked due to their confidential nature.

Some files may be emailed using a cloud-based email solution, such as Gmail. However, active rights management policies, labelling controls, and file encryption processes ensure that the document or file isn’t accessible to outsiders.

Microsoft 365 Built-in Labelling vs. AIP Add-In

Users of the Microsoft 365 suite now have a Sensitivity option where a currently open file is labelled.

This also applies to the newer standalone versions of Microsoft Office too. Forcing users to label every document they produce is possible to avoid categorisation gaps from occurring.

Built-in Labelling Support – In the future, newer versions of the Office suite of apps will include labelling options by default. These receive the latest features and upgrades.

AIP Add-In – For older Office suite versions, an Add-In file from Microsoft is installable. Add-Ins are sometimes temperamental. Therefore, the preferred tag labelling is performed via the built-in feature.

Automatic Labelling of Files

Automatic labelling of files is supported for Office apps. This is currently available via a Unified Labelling Client.

Auto-labelling is beneficial with files containing sensitive information. Users and users within appropriate groups are prompted to add an appropriate label to their file, or the system does it for them.


Manual Labelling Methods

Azure Information Protection uses its unified labelling client to allow for the labelling, file classification, and permission features.

The AIP Unified Labelling Client adds new features to File Explorer and PowerShell to allow an appropriate user to apply labels to relevant files. This adds a right-click context menu option for Classify and protect for easy access.

The AIP on-premises scanner is another labelling method. Administrators can use it to scan file repositories for unlabelled and unclassified files and to tag files that need a label applied. Additionally, files found to contain sensitive information (credit card numbers, etc.) are highlighted to ensure they have appropriate permissions used there too.

There is also an SDK to allow third-party apps, used internally, to apply relevant labels using established labelling policies before the exportation of the file.

In the future, some of these features will be accessible directly within the Microsoft Purview Information Protection system for centralised control by administrators.

Enhanced Email Security

Email security is paramount today. Many email attachments arrive from third parties that not only must be scanned for potential malware and viruses but also require tagging with the most relevant sensitivity label.

AIP ensures that files reaching email servers, including Outlook users, get labelled once received. This ensures that appropriate file security policies are applied in real-time.

Let Microbyte Improve Your File Security Today

Microbyte is highly experienced in setting up improved file security via the features within Azure Information Protection. Let our team better protect your files, email usage, and confidentiality of propriety information.

Get in touch today.

Similar blogs

BAU IT Support

Business As Usual (BAU) IT Support

Business as usual (BAU) support represents regular work tasks within an IT department. They reflect tasks that key IT personnel perform to maintain technology systems with minimal potential disruption to business operations. BAU tasks may include routine tasks such as infrastructure management, network monitoring, software patching, hardware driver updates, and other responsibilities. Troubleshooting – working…

Read More

Avatar photo

What is EOSL and How to Manage it for Your Business

What is EOSL and How to Manage it for Your Business?

Technology-related products have an expected lifecycle: they do not last forever. The End of Service Life (EOSL), a technical term, applies somewhere between 6 to 12 years after the initial release date. At the EOSL stage, the Original Equipment Manufacturer (OEM) typically discontinues maintenance support, releasing software fixes, or new firmware updates. Occasionally, they offer…

Read More

Avatar photo

On-Premises vs Cloud Which is Best

On-Premises vs Cloud: Which is Best?

Small businesses and larger enterprises wrestle with managing their IT infrastructure, current requirements, and future demands. Choosing between on-premises and cloud computing is pivotal as it significantly changes the underlying approach to IT infrastructure and operations. Why Local Technology Was Previously Attractive? Previously, IT departments saw all technology-related operations as coming under their purview. As…

Read More

Avatar photo

Microsoft Authenticator vs Google Authenticator

Microsoft Authenticator vs Google Authenticator

Our digital lives in 2024 are increasingly complex. Effective security is essential to ensure nothing nefarious occurs. Manual password entry creates the risk of ‘shoulder surfing’ or other surreptitious methods used to discover your security information. Using two-factor authentication (2FA) or multi-factor authentication tools (MFA), such as Google Authenticator or Microsoft Authenticator mobile apps, substantially…

Read More

Avatar photo

Benefits of Copilot for Microsoft 365

Benefits of Copilot for Microsoft 365

Copilot is an Artificial intelligence (AI)-based tool to enhance creativity and time efficiency. Benefits of using this ChatGPT AI technology – Microsoft is an investor in the business – do not stop there. Depending on the version used, the interface generates useful responses based on meaningful inputs. Microsoft announced Copilot for Microsoft 365 and first…

Read More

Avatar photo

The Business Benefits of Cyber Essentials Certification

The Business Benefits of Cyber Essentials Certification

As IT continues to dominate and dictate international business, fortifying digital defences is paramount. Protecting your business from the devastating consequences of a cyber security breach should be a number one priority for every business.  The good news is that obtaining a Cyber Essentials certification is a simple and easy step to help protect against…

Read More

Avatar photo