Azure Information Protection is a cloud-based solution that helps your business classify, label, and protect its documents and emails. This can be set automatically by the administrators based on defined rules and conditions, or manually by users, or a combination with recommended suggestions.
With Azure Information Protection, once content has been classified (and optionally protected by Azure RMS), users (and IT) can then track and control how it is used, accessed, and shared. With the ease of analyzing data flows to gain insight into your business, detect risky behaviors, and take corrective measures, track access to documents, prevent data leakage or misuse, and so on.
Data is protected and encrypted using Azure Rights Management (Azure RMS). This protection technology uses encryption, identity, and authorization policies. Similarly, to the labels that are applied, protection that is applied by using Rights Management stays with the documents and emails, independently of the location—inside or outside your organization, networks, file servers, and applications. This information protection solution keeps you in control of your data, even when it is shared with other people.
How do I protect documents and emails?
In the past, the process to protect documents and emails could be complicated or difficult, but with the new Azure Information Protection plugin, it is a very simple process. The plugin is available for all Microsoft Office products and integrates with Windows Explorer. Once installed, a new menu bar will appear in your Office products. To protect a document or email, simply select the proper sensitivity and the associated security policies will be applied.
Is this only a manual process or can data be protected automatically?
Automatic classification is available and is a feature of EMS E5. In this model, the security policies remain the same, but the policies are then linked to keyword searches or content matches, such as social security numbers or credit card numbers. The system will then automatically scan data in SharePoint Online, Exchange Online, and other cloud and on-premises systems and classify documents based on the search results. Also, if you have the Azure Information Protection plugin, it will scan any documents you are working on and classify them as needed automatically.
When I protect a document or email, what does that mean?
When you create a security policy to protect documents, you can select several different policies to restrict access and the redistribution of data. There are many options but some of the most common include:
- Block printing or re-saving to alternate location
- Block the copy command
- Block forwarding and replying to an email
- Restrict viewing and editing of the data
What types of files can I protect with Azure?
The list of file types that can be protected by Azure Information Protection continues to grow. Currently, the main file types are any Microsoft Office files, image files, and Adobe PDFs.