Wednesday, 30 May 2018

Azure Information Protection - Protect your companies documents

Azure Information Protection (AIP) can be used to protect documents owned by your organisation to ensure they are retractable, encrypted, visible to the correct people.

Technical High Level Overview:  
1. When AIP is used to label a document, the document is encrypted and the permissions saved within the document, the document needs to interact with the Azure RMS (AIG) Service.  
2. When the document is opened, the end user needs to authenticate, get their permissions and if they have permission, the document is decrypted and opened.

Pre-Steps to get AIP working on a Word Document:
1.> On your Azure Portal go to Azure Information Protection to Activate AIP and add labels to the global policy.
2.> On a client machine with Word/Office, install the  Azure Information Protection Client add-in (AzInfoProtection.exe).  5 min video on setting up AIP on a client and introductory information.

3.> Open a word document, and set the label on the document, this shall encrypt the docx file.





Admin Demos:
1.> Creating Labels in Azure Information Protection - 2 min (3MB)
2.> Adding Labels to AIP Policies - 2 min (2MB)



Notes:
Event Driven Protection
Auto classify 
Office document labels (Azure retention labels)
E-Discovery relook
Joanne-cklein.com data 

AIP works doc-centric: pdf and office docs anywhere
O365 DLP is SPO, OD4B, application level controlled

Azure Information Protection scanner for automated classification requires the AIP Premium P2 licence.
Document tracking and revocation requires either the P1 or P2 AIP licence.  The O365 E3 does not have the revocation and tracking included.



Common Issues:

Problem:  Added a new label and it is showing on Office, when I try set the new lable I receice the error "Azure Information Protection cannot apply the label because the client isn't fully configured..."



Resolution: Give it time to propagate the update made tot he labels in Azure or use the Azure RmsAnalyzer tool to fix the client machine.

Problem:  Can't view on OWA.  
Resolution:  Protected encrypted documents are not available in Office Web Apps, use the Office products such as Word.

Problem:  I can't track or revoke a file with my O365 E3 account.

Resolution:  Only people that need to track need this capability so you can get away with far fewer licences than the number of users. 


AIP Folks to follow 
Bram de Jager

Jethro Seghers
https://jethroseghers.com/category/azure/azure-information-protection/
Albert Hoitingh

0 comments:

Post a Comment