In our previous blog here, we talked about what Azure Information Protection means and what it can do for your organization. Today’s blog, will dive in into the requirements, policies, Labeling and more functionalities for your to learn.
Azure Information Protection Requirements
The requirements for individuals within your company who need to configure rights on a document are higher than the requirements for those consuming protected content. Microsoft provides an Azure Information Protection license which can be bought via the following options:
- As part of an Enterprise Mobility + Security (EMS) suite
- or as part of a Microsoft 365 Enterprise E3 license.
You will also need an Office application version that supports the Azure Information Protection features, and that means either Office 365 Enterprise E3 or Office 365 Enterprise E5
To see the complete list of requirements click here.
Adding Azure Information Protection in the Azure Portal
Even if you have a subscription that includes Azure Information Protection Plan 1 or Plan 2, AIP is not automatically available in the Azure portal.
In order to add AIP to the Azure portal, you can follow the next steps:
- Sign into the Azure portal by using the global admin account for your tenant.
If you are not the global admin, use the following link for alternative roles: Sign in to the Azure portal by:
- Select + Create a resource. From the search box for the Marketplace, type and then select Azure Information Protection. On the Azure Information Protection page, select Create, and then Create again.
Confirm that the protection service is activated
The protection service is now automatically activated for new customers. However, I’d recomment to confirm that it’s activated sooner than later by following the next steps:
- Go to the Azure Information Protection panel, select Manage > Protection activation.
- Then, proceed to confirm whether protection is activated for your tenant.
Create Policies and Publish Labels
If you still have the Global policy open, click the X at the top-right to close the pane. Under Classifications, select Labels.
The default Azure Information Protection classification labels are:
- Highly Confidential
Keep in mind that some labels have visual markings configured already by default. These visual markings might be a footer, header, and/or watermark. Other labels also have protection configured as well.
For you to proceed, select a label and browse around to see the detailed configuration for that label.
Labeling, and Protection in Action
The policy changes you made and the new label you created applies to Word, Excel, PowerPoint, and Outlook. But for this tutorial, we’ll use Word to see them in action as folllows:
- Open a new document in Microsoft Word. Because the Azure Information Protection client is installed, you will see the following:
Don’t forget, you can manually change our default label!
- On the Information Protection bar, select the last label and you see how the Sub-Labels display or remove the classification completely
- On the Information Protection bar, click the Edit Label icon again. But instead of choosing one of the labels, click the Delete Label icon:
Remember, you can create some policies that automatically identify and classify documents based on some patterns. For example, a valid credit card number: 4242-4242-4242-4242.
Clearly, Azure Information Protection requires an organizational investment not only from a licensing investment standpoint, but also in terms of planning and document governance. You can find quick-start tutorial here to get more details in terms of implementation steps covered in this blog post.
For those planning a rollout of a rights management solution, the Azure Information Protection deployment roadmap here is a good guide towards successful implementation.