Learn the steps to creating labels that protect your data in Office 365.
In a previous post, I introduced how to classify data with Azure Information Protection (AIP).
Now, I’ll introduce how to create a policy or label and additional data classification features you can use to enhance and protect your data in Office 365.
Creating Azure Information Protection Policy (Label)
You can access Azure Information Portal from the Microsoft Azure Portal. With each AIP label, you can further protect your data by applying any or all of these additional features:
- Create visual markings (header, footer watermark). Watermarks are applied to Word, Excel, and PowerPoint only.
- Identify Azure Rights Management (RMS) policies.
- Define conditions that could detect data patterns for automatic classification. Custom conditions can be words, phrases, patterns, and even regular expressions.
Create New Label
The process of creating a new label is pretty straight forward. You will need to provide a label name and description.
Optionally, you can change the color of the label, and add visual markings such as a header, footer, and watermark to the documents.
In this example, I created a label called ‘Confidential Project’, a footer text of ‘Sensitivity: Confidential’, and added ‘Contoso Confidential’ as its watermark. After the label is saved and published, when the user selects the above label, the document displays as shown in the following image:
Note that visual markings do not appear in documents when the label is applied using File Explorer and a right-click action, nor when a document is classified by using PowerShell.
Associate Azure Rights Management (RMS) Policy
Azure RMS is the protection technology used by Azure Information Protection. Azure RMS allows you to set permissions and automatically applies protection for documents and emails.
You can protect your data within AIP by selecting one of the available options:
- Do not forward – allows recipients to read the message, but cannot forward, print, or copy content
- Select a predefined template – must use PowerShell (New-AadrmRightsDefinition) to create templates for the entire organization
- Set (custom) permissions
By selecting ‘Set permissions’, you can select users or groups from your tenant. You also choose to select users or domains from outside your organization, applying different permissions as necessary.
Define Conditions
In AIP, you can define one or more conditions within a label. You can select from one of the default conditions or create custom conditions.
When a document or email matches the condition associated with the label, you can automatically apply the label to the document or email, or visually show the user a recommendation.
In Conclusion
These are just a few examples of how you can extend AIP and RMS features to protect your documents and email.
Establishing and maintaining an effective security and information management program involves people, process and technologies working in concert.
