Protect your Office 365 assets by classifying data with Azure Information Protection.
Why would you want to classify your data?
As my previous post pointed out, “Consistent use of data classification will facilitate more efficient business activities, and lower the costs of ensuring adequate information security. By classifying data, your organization can prepare to identify the risk and impact of an incident based upon what type of data is involved.”
Most recently, I have been working with Microsoft Azure Information Protection (AIP) to classify and protect data in Office 365. AIP provides classification, labeling, and protection for documents and emails stored in your organization.
Azure Rights Management service (Azure RMS) is the protection technology and is a component of Azure Information Protection.
What are Labels?
In AIP, a classification label is used to identify data based on its level of sensitivity and the impact to your business. Most common sensitivity levels are categorized as restricted, confidential, official use, and public.
AIP can apply labels (classify) to documents and emails. The current supported file types for classification according to Microsoft are listed below. Visit this page for the latest information on supported file types:
- Adobe Portable Document Format: .pdf
- Microsoft Visio: .vsdx, .vsdm, .vssx, .vssm, .vsd, .vdw, .vst
- Microsoft Project: .mpp, .mpt
- Microsoft Publisher: .pub
- Microsoft Office 97, Office 2010, Office 2003: .xls, .xlt, .doc, .dot, .ppt, .pps, .pot
- Microsoft XPS: .xps .oxps
- Images: .jpg, .jpe, .jpeg, .jif, .jfif, .jfi.png, .tif, .tiff
- Autodesk Design Review 2013: .dwfx
- Adobe Photoshop: .psd
- Digital Negative: .dng
Let’s take a look at how AIP can be used by users and administrators.
Classifying Your Documents
Users can assign predefined or customized labels manually or AIP can automatically apply a default label, depending on the version of AIP deployed with Office 365 (automatic classification requires AIP Plan 2).
This image shows the default labels from AIP that users can apply to their document from within Microsoft Word.
I added a few customized and sub-level labels to the existing default ones. You can modify the pre-existing ones as well.
You can even configure the labels to display in different languages based on your Office client. In the image below, I configured my labels to display in Spanish.
Configuring a default label to be applied to documents and emails is as simple as clicking the On or Off switch.
How are Labels Created?
From Azure Information Protection Admin Portal, you can administer how labels are published to your users. These are the default and custom labels I created.
You can also scope or target labels for users or groups. Just an example, I created a specific label for one of the users in the tenant.
As you can see from the above image, all the labels are marked as ‘Global’ with the exception of one sub-label ‘Partners’ where it’s marked as ‘Ben Walters Only’. All users will see the ‘Global’ labels, but only Ben will see the additional label. Obviously, you would want to scope your policies to target multiple users or groups.
These are some of the features in Azure Information Protection. I will cover more features in my next post.
In an earlier post, I explained what existing policies and information security risks to take into account before sharing external data with your customers.