Azure Information Protection Generally Available
After a three-month test period, Microsoft released the final Azure Information Protection (AIP) version. The new Azure Cloud Service is based on Microsoft Azure Rights Management (RMS). AIP allows access control on files and their protection, regardless of where they are stored or with whom they are shared. Microsoft is convinced that AIP is best suitable for enterprises that have to make their confidential and business critical information available to third parties, whereby the service itself does not distinguish between staff members or customers.
Azure Information Protection includes three core functions: Classification, encryption and tracking. The classification of data is happening during creation or modification, and is based on the data source, the context, and the content of the information. It can either be set manually by the author himself or automatically, based on pre-defined policies. AIP-protected data will stay encrypted all the time: in the datacenter, in the cloud, on a local desktop, or on a smartphone. Additionally, both administrators and owners can track activities on shared data and, if required, revoke access rights.
In combination with Azure Rights Management, the definition of access rights for users or groups is able to prevent that files are being forwarded, printed, or saved. AIP protected files are supported by devices running Windows, iOS, or Android. Microsoft has already released a downloadable Windows client that allows the classification of data from Office 2010, 2013, and 2016. The respective counterparts supporting macOS, iOS, and Android will be coming soon.
Azure Information Protection is available as AIP P1 and AIP P2, standalone or as a bundle with Enterprise Mobility Suite and Security E3 and E5 plans. Unlike the P1 version, the P2 version provides - in addition to automatic classifying and labeling - also the key management option “Hold-Your-Own-Key (HYOK)”.