Aip on Ru Campbell MVP

Three Cool Things To Do With Azure Information Protection

Sun, 13 Jun 2021 17:38:11 +0000

In my last blog, I wrote about three considerations for your Azure Information Protection deployments and commented on often overlooked potential downsides, or at least areas with which to be cautious. In hindsight, it all feels a bit negative. I am, for the record, an advocate of Microsoft 365 customers using AIP (sensitivity labels) in basically any circumstance it’s appropriate to do so. So in this blog, I’ll counter the earlier post with three often overlooked useful things you can do with it.

Three Considerations for Azure Information Protection Deployments

Sat, 15 May 2021 08:25:46 +0000

Azure Information Protection (AIP) - more accurately exposed to Microsoft 365 now as sensitivity labels- is close to the top of my favourite wins for securing your data in a Microsoft ecosystem. While designing a detailed labelling and classification system is far from quick, it is quick to get up and running with baseline policies that protect your confidential company data from getting read outside the company. Simply by applying a sensitivity label that limits access to confidential data to users in your domain, you’ve covered a massive chunk of data loss scenarios.

Revoke Access to Office Files with Sensitivity Labels and Azure Information Protection

Thu, 08 Apr 2021 06:16:40 +0000

Most of us have had that “oh < blank >” moment where we have given someone access to someone only to immediately or later need to undo that access. Azure Information Protection has historically been able to help us there. AIP allowed us to create protected (encrypted) documents and also let us remove access. However, in the move from ‘classic’ AIP to the new unified labelling with sensitivity labels, the ability to revoke was lost in the transition. Now it’s back in preview, but unlike the classic version, it’s managed on the client and not a web portal.

Microsoft Information Protection Sensitivity Labels - Custom User Permissions and Do Not Forward

Thu, 25 Feb 2021 15:02:30 +0000

With Microsoft Information Protection, you can apply sensitivity labels to files, emails, and containers such as SharePoint Libraries. These labels apply protection which, in the context of files and emails, really means encryption using AES-128 or 256 (key size depends on file type). The great thing about Information Protection is that you control an access control list of who is allowed to access the content and it’s managed as a cloud service by Microsoft. The document or message, when opened, checks who is authenticated (who is signed to Outlook or the Office 365 app, for example) and only allows access if they have permission.

Using Intune to Deploy the Azure Information Protection (AIP) Unified Labeling Client (Win32 MSI)

Sat, 18 Jan 2020 22:47:50 +0000

Unified labels refer to a movement whereby Azure Information Protection (AIP) labels are now being replaced by sensitivity labels. Sensitivity labels offer encryption, watermarks, etc as AIP labels did before them, but are now managed in the new Microsoft 365 Security Centre, with several other benefits beyond the scope of this post.

With this change comes a new AIP client, called the unified labeling client, that replaces the old one, now called the classic client. The AIP unified labeling client will refer to the M365 Security Centre to download labels, but note that (and ‘unified’ gives this away) labels created on either the old Azure AIP dashboard or new M365 Security Centre will sync to each other after you have enabled unified labeling. Current guidelines from Microsoft are that, unless you have a use case that isn’t a feature of the unified labeling client, this is what you should be installing. This post holds your hand through a deployment of the client using Intune.