The first of our two articles on Azure Information Protection (AIP) looked at how you classify and label your data. In this final article we are going to look at protecting your data.
There are various ways this can be done, these include:
- Encrypting the data so that it’s protected while at rest, as well as when it’s in transit and when it’s shared with others
- Protecting data at the app level with a mobile application management (MAM) policy like Intune provides
- Configuring Data Loss Protection (DLP) rules to take action based on the sensitivity labels. This means you could setup DLP policies to block e-mails containing confidential information that are shared with external recipients
- Leverage the labels you have set up to decide retention of various types of data eg all financial confidential data should be automatically deleted within two years. The labels are acting as the common language that various systems can read and take action on based on the value of the label.
Azure Rights Management
Encryption is obviously a powerful way to protect your data and there are many ways in which you can encrypt. One of these is using Azure Rights Management, or Azure RMS. AIP can use Azure RMS to encrypt a document and allow the recipients to access it only when they are authorised and authenticated using Azure Active Directory.
Document owners can also define policies and permissions so that the recipients can perform only the actions that are granted to them by the document owners. For example, you can allow the recipients to review or identify a document, but you can block copying, printing, or forwarding of it.
As working practices evolve, securely sharing data and collaborating with people outside your immediate organisation (like customers and partners) becomes more important. Azure RMS helps with providing secure sharing of information with customers and partners. When utilised with AIP, it makes the experience even better with support for B2B collaboration.
Microsoft is also adding new capabilities where recipients with consumer e-mail addresses such as Gmail or Microsoft Account will be able to use their consumer e-mail addresses to view protected documents. This capability will make the experience of the end users extremely easy and simple when they’re trying to access documents that are protected with Azure RMS.
To find out more Azure Information Protection, please contact us.