Azure Information Protection

Data is traveling between users, devices, apps, and services more than ever before. Businesses are working with customers, partners, and remote or outsourced employees and sharing sensitive information inside and outside of organizational parameters. How do you know organizational data is safe? The first step in overcoming these concerns about information protection is to classify the information’s need for protection and implement policies and labels. Microsoft Azure Information Protection, a cloud-based solution, ensures persistent classification and protection of sensitive data no matter where it’s stored or who it’s shared with. (Read:- What is Azure Active Directory?)

It also provides end-to-end protection and control for sensitive data, including data classification and labeling, data protection, data usage monitoring, and responding to malicious data usage activities.

With Azure Information Protection, you get:

• Simplified and intuitive controlsIt helps you make the right decisions and stay productive. Data classification and protection controls are integrated into Microsoft Office and common applications. One-click options make it easy to classify data.
• Persistent protectionIt follows sensitive data to ensure it’s always protected—regardless of where it’s stored or with whom it’s shared.
• More visibility and controlIt over shared data through tracking of shared data usage with powerful logging and reporting that allows you to monitor and analyze this data. Access to data can be revoked if required.
• Safer sharingSafer sharing with customers and partners through definitions of who can access data and what they can do with it based on a use rights policy. For example, some users might be able to view and edit certain files but not print or forward them.
• Deployment and management flexibility•Deployment and management flexibility to protect data whether it’s stored in the cloud or on-premises. You can choose how encryption keys are managed, including Bring Your Own Key (BYOK) options.

Azure Information Protection provides classification, labeling, and protection to track and control how information is used. The following process enables your organization to identify sensitive information and define security and controls on data.

• Classification and labelingData can be classified based on content, context, and source, either automatically based on defined policies or manually by users.
• Protect dataDocuments can be encrypted. Authentication requirements and definitions of use rights can be added to data.
• Monitor and respondUsers can track activities on shared files and revoke access in cases of unexpected activity

AZURE INFORMATION PROTECTION CLIENT

Azure Information Protection client helps keep important documents and emails safe from people who shouldn’t see them, even if email is forwarded or documents are saved to another location. Azure Information Protection client is used to classify documents and open documents that other people have protected by using the Rights Management protection technology from Azure Information Protection.

After the Azure Information Protection client is installed, a new Azure Information Protection bar will appear across Microsoft Office applications. This is used to classify and label sensitive documents.

PERSISTENT INFORMATION PROTECTION

Protection can be applied to sensitive data once it has been classified or labelled. Protected files are potentially safe to share even outside the organization because recipients can view protected documents and emails but they can’t copy, print, or forward them.

• Define access controlsWhen information is shared externally, organizational policies automatically enforce appropriate information classification and labelling to ensure information protection. You can then share the file by using your standard sharing mechanism—for example, as an attachment to an email or an invitation to a Microsoft SharePoint Online document.
• Ensure persistent protectionEnsure persistent protection that travels with your data. Azure Information Protection provides persistent protection even when sensitive information travels, either as an email attachment or through SharePoint.
• Access Protected Information•You can access a rights protected file from File Explorer or as an attachment in an email message by simply double-clicking it. Enter your credentials if prompted by Azure Information Protection client to do so. The file opens in the application that’s associated with the original file name extension, and a restriction banner is displayed at the top of the file.

MONITOR AND RESPOND

After you share protected information, Azure Information Protection allows you to track activities on shared files. Rich logs and reporting tools are also available to help IT monitor and analyse data for compliance and regulatory purposes. If needed, you can easily revoke access to shared data. To ensure a timely response to suspicious activity, access to business data can be revoked either by end-users who want to revoke their own documents or by an administrator on behalf of any user.

• Document usage trackingDocument usage tracking To track document usage for protected and shared documents, you can use a document tracking site that can be accessible from Windows computers, Mac computers, and even from tablets and phones. This dashboard gives you visibility into:
  • Number of views on shared documents.
  • Unauthorized access attempts.
  • Last activity on your shared document.
  • Usage tracking based on geo-location.

   You can export this data to CSV.

• Respond to suspicious activityIf you detect suspicious activity on a shared document, like invalid login attempts or the same user account accessing shared information from different geolocations, you can immediately revoke user access for the shared document

PRICING DETAILS

Microsoft Azure Information Protection can be purchased either standalone or through one of the following Microsoft licensing suites:

• Enterprise Mobility + Security
• Microsoft 365 Enterprise

SUMMARY

Azure Information Protection provides a comprehensive solution for protecting your organization’s sensitive data, from identifying the sensitivity of business data to protecting and tracking information usage. It helps you comply with organizational requirements for security and compliance. Protection can be enforced on sensitive information when a document is being created or modified, and users have the flexibility to reclassify information sensitivity when they have a justified reason. Users can define their own access controls when sharing information outside the organization and always track and revoke access even after a document has left the organizational perimeter.