Azure Information Protection labels or AIP labels can be created and applied to documents and emails. These labels can be used to classify content based on what the data is and how sensitive it is. This approach is extremely powerful when properly implemented as it provides security on your data even after it leaves your environment (if the label allows it to). In this post, I’ll walk through setting up Azure Information protection to use labels to classify and protect your content.
Below is a list of file types supported by AIP:
1. You must have an Azure Information Protection license in order to use the service. Different AIP licenses will give you access to different features underneath the AIP umbrella. AIP can be purchased either standalone or through or through one of the several O365 license suites/programs.
A brief overview of the plans-
2. You must install the Azure Information Protection client on your desktop as well as any endpoints you wish to protect. Link to downloads: Link
With AIP, a classification label is leveraged to identify and protect sensitive content that matters to your business. Admins and users may use out of the box or customized labels to either manually or automatically apply a label to a document. (Automated labeling requires AIP plan 2) For this example, I will walk through the process of setting up AIP to label documents containing credit card information.
Navigate to the Azure Information pane from within the Azure Portal. Underneath ‘Classifications’ select Label -> Add a new label.
3. Name your label and give it an appropriate description.
4. Protection: Configure access and protection options for the label.
5. Set visual marking (optional)
6. Configure conditions for automatically applying this label (requires AIP plan 2 or greater).
Here I’ve got a word document which contains some fake credit card numbers, notice that there is a recommendation that we label the document as ‘Credit Cards’.
AIP is flexible in that you can choose to have these labels automatically applied or automatically make a recommendation to apply. Without automation, users must manually choose the label which applies to the content of the document. Although it leaves room for human error, this may be preferred to avoid false positives.
If you have some labels which are responsible for classifying highly sensitive information, you may want to have those automatically apply labels but be weary as labels prone to false positives may cause frustration to end-users.
While there are some gaps which cannot be ignored, Azure Information Protection is a powerful tool that can really help you protect your data.
Pros:
Cons:
Learn more about how STEALTHbits can help with the discovery and classification of your data, including the collection and reporting of AIP labels here.
Chris studied Information Systems at Hofstra University before joining Stealthbits – now part of Netwrix where he took on the role as the Technical Product Manager of SharePoint, Dropbox, and Box solution sets. His focus is primarily on SharePoint security, but data security, in general, is a passion. Aside from technical interests, he enjoys the outdoors and hopes to one day start an animal rescue and rehabilitation center for injured, disabled, and orphaned animals.
Proper data security begins with a strong foundation. Find out what you're standing on with a free deep-dive into the security of your Structured and Unstructured Data, Active Directory, and Windows infrastructure.
Read more© 2022 Stealthbits Technologies, Inc.
Leave a Reply