What is Azure Information Protection


One of the security solutions I work with is called Azure Information Protection.

It is Microsoft’s solution for labeling and protecting information and it has some awesome features:

  • Super simple to use for end users, just a click away or fully automatic (based on location, recipient or content)
  • Access is based on your identity, no static passwords or keys that needs to be remembered, shared or managed
  • The information can be encrypted, which keeps the bad guys out
  • You can set policies for what users are allowed to do with the information once they have access, such as printing, copying or forwarding, which makes it easier for good guys to follow the rules and avoid mistakes
  • The information is labeled in a way so that other solutions, such as Exchange, SharePoint, Cloud App Security and even third party DLP services, can make decision based on it
  • Custom watermarking and header/footer can be added to the information
  • The protection follows the information where ever it goes
  • You can share safely with anyone
  • All file types and most platforms (including Mac, iOS and Android) are supported
  • You can track who accessed your protected information
  • You can remotely kill a document (without access to the file), making it totally unreadable for anyone from that point on. Can you current information protection solution do this?
  • Microsoft never needs to have access to your information, they only manage the authentication part
  • The team at Microsoft behind this service are not only really nice people, but also really attentive to customer’s needs and have shown remarkable agility in their development
  • I could go on, but, I’m sure most of you stopped reading this list by now and jumped to the video below 🙂

If you want to know more, see this 2 minute overview video, or contact me for further discussions:

Note that this service used to be called Rights Management Services and the RMS technology is very much still used for the encryption and policy parts, but when Microsoft added the user friendly labeling part, that can be used for so much more than just RMS protection, they renamed it to Azure Information Protection. In other word, RMS went from being the front-end solution to being one of the consequences that can be applied based on the chosen labeling. Using the RMS features without the labeling is still available and works just as great.

About Tom Aafloen

IT Security Advisor @ Onevinn
This entry was posted in AIP, information protection, Rights Management Services, RMS and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s