Donnerstag, 10. Mai 2018

Azure Information Protection Part I – Overview

Azure Information Protection also known as AIP is an Azure solution that helps an organization to classify, label, and protect its content and emails. This can be done automatically by administrators who define rules and conditions, manually by users, or as a combination where users are given recommendations.
The following picture shows the overall solution and components:
  1. Azure Information Protection is a service in Azure
  2. You can download 3 different clients:
    • AzInfoProtection.exe: The client installer
    • AzInfoProtectionScanner: Can be used to classify and protecting documents stored on File Shares and On-Premises SharePoint servers
    • AzInfoProtectionViewer: Is used to open and view protected files
  3. Policies are configured in Azure management portal or with PowerShell. A Policy is assigned to a user or group
  4. PowerShell can be also used work with AIP
  5. Some Office clients and servers offers a native support for AIP
    • Clients: Word, Excel, PowerPoint, Outlook
    • Server: Exchange, SharePoint
  6. Labels are applied to documents and files. A label can contain different permission levels or specify individual usage rights
A very good starting point is the quick start tutorial for Azure Information Protection. In this tutorial you get a perfect overview about the configuration and settings in AIP.
More details can be found on the official Microsoft websites:
The missing piece in the quick start tutorial for Azure Information Protection is an overview about how Policies and Labels work together.


Policies are hosting administrative setting like for example:
A Policies must be applied to a user or a group and did not contain any permissions.


A Label contains different permission levels or specify individual usage rights based on this list:
  • View, Open, Read (VIEW)
  • View Rights (VIEWRIGHTSDATA)
  • Edit Content, Edit (DOCEDIT)
  • Save (EDIT)
  • Print (PRINT)
  • Copy (EXTRACT)
  • Reply (REPLY)
  • Reply All (REPLY ALL)
  • Forward (FORWARD)
  • Change Rights (EDITRIGHTSDATA)
  • Save As, Export (EXPORT)
  • Allow Macros (OBJMODEL)
  • Full Control (OWNER)

Protecting content

Depending on his assigned Policies a user can choose between different Labels to protect a document or files.

Related posts

Keine Kommentare:

Kommentar veröffentlichen