Wednesday, 30 May 2018

Azure Information Protection - Protect your companies documents

Azure Information Protection (AIP) can be used to protect documents owned by your organisation to ensure they are retractable, encrypted, visible to the correct people.

Technical High Level Overview:  
1. When AIP is used to label a document, the document is encrypted and the permissions saved within the document, the document needs to interact with the Azure RMS (AIG) Service.  
2. When the document is opened, the end user needs to authenticate, get their permissions and if they have permission, the document is decrypted and opened.

Pre-Steps to get AIP working on a Word Document:
1.> On your Azure Portal go to Azure Information Protection to Activate AIP and add labels to the global policy.
2.> On a client machine with Word/Office, install the  Azure Information Protection Client add-in (AzInfoProtection.exe)
3.> Open a word document, and set the label on the document, this shall encrypt the docx file.





Notes:
Event Driven Protection
Auto classify 
Office document labels (Azure retention labels)
E-Discovery relook
Joanne-cklein.com data 

AIP works doc-centric: pdf and office docs anywhere
O365 DLP is SPO, OD4B, application level controlled


Common Issues:

Problem:  Added a new label and it is showing on Office, when I try set the new lable I receice the error "Azure Information Protection cannot apply the label because the client isn't fully configured..."



Resolution: Give it time to propagate the update made tot he labels in Azure or use the Azure RmsAnalyzer tool to fix the client machine.

Problem:  Can't view on OWA.  
Resolution:  Protected encrypted documents are not available in Office Web Apps, use the Office products such as Word.

0 comments:

Post a Comment