Three Cool Things To Do With Azure Information Protection

Three Cool Things To Do With Azure Information Protection

In my last blog, I wrote about three considerations for your Azure Information Protection deployments and commented on often overlooked potential downsides, or at least areas with which to be cautious. In hindsight, it all feels a bit negative.  I am, for the record, an advocate of Microsoft 365 customers using AIP (sensitivity labels) in basically any circumstance it's appropriate to do so.  So in this blog, I'll counter the earlier post with three…
Three Considerations for Azure Information Protection Deployments

Three Considerations for Azure Information Protection Deployments

Azure Information Protection (AIP) - more accurately exposed to Microsoft 365 now as sensitivity labels - is close to the top of my favourite wins for securing your data in a Microsoft ecosystem.  While designing a detailed labelling and classification system is far from quick, it is quick to get up and running with baseline policies that protect your confidential company data from getting read outside the company.  Simply by applying a sensitivity label…
Revoke Access to Office Files with Sensitivity Labels and Azure Information Protection

Revoke Access to Office Files with Sensitivity Labels and Azure Information Protection

Most of us have had that "oh <blank>" moment where we have given someone access to someone only to immediately or later need to undo that access.  Azure Information Protection has historically been able to help us there.  AIP allowed us to create protected (encrypted) documents and also let us remove access.  However, in the move from 'classic' AIP to the new unified labelling with sensitivity labels, the ability to revoke was lost in the…
Microsoft Information Protection Sensitivity Labels – Custom User Permissions and Do Not Forward

Microsoft Information Protection Sensitivity Labels – Custom User Permissions and Do Not Forward

With Microsoft Information Protection, you can apply sensitivity labels to files, emails, and containers such as SharePoint Libraries.  These labels apply protection which, in the context of files and emails, really means encryption using AES-128 or 256 (key size depends on file type).  The great thing about Information Protection is that you control an access control list of who is allowed to access the content and it's managed as a cloud service by Microsoft. …
Using Intune to Deploy the Azure Information Protection (AIP) Unified Labeling Client (Win32 MSI)

Using Intune to Deploy the Azure Information Protection (AIP) Unified Labeling Client (Win32 MSI)

Unified labels refer to a movement whereby Azure Information Protection (AIP) labels are now being replaced by sensitivity labels.  Sensitivity labels offer encryption, watermarks, etc as AIP labels did before them, but are now managed in the new Microsoft 365 Security Centre, with several other benefits beyond the scope of this post. With this change comes a new AIP client, called the unified labeling client, that replaces the old one, now called the classic…