MIP : Azure Information Protection Concepts

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email
Table of Contents

introduction

Azure Information Protection (AIP) is a cloud-based solution that enables companies to:

  • Discover
  • Classify ,
  • label ,
  • Monitor 
  • and Protect   documents and emails by applying labels to content.

AIP is part of the Microsoft Information Protection (MIP) solution, and extends the labeling and classification functionality provided by Microsoft 365.

actually : AIP provide second layer of security 

if your data in your local network (on premise ) >> then encryption will be on cloud 

so in most worst case that your network has been hacked >> still data encryption in cloud 🙂 

AIP features

  • AIP is based on RMS Right Management Services 
  • AIP can be used to restrict some actions like printing document and forwarding emails 
  •  encrypt file  >> so users require to identify him self to authorize access to file 
  • protection travel with file or email 
  • AIP provide second layer of security in case local network has been hacked >> so encryption key in cloud 

AIP licensing

AIP come with many edition : 

  • AIP for Office 365 as part of office365 E3
  • AIP Premium 1 : require EMS E3
  • AIP Premium  2: require EMS E5

any how : you can have an overview about AIP prices list through http://bit.ly/AzureIPFeatures

or using link

https://azure.microsoft.com/en-us/pricing/details/information-protection/ 

which supposed to lead to same result 🙂 

who can take decision of AIP

Information protection is business driven NOT technical driven  decision

In other word : IT admin can’t make decision to use AIP >>  just make recommendation to company management to take that decision 

information protection lifecycle

  • File is created
  • Regardless of where the file is created, sensitivity labeling in Office apps can enforce information protection based on the labels attached to the data.
  • User edits the file
  • The label is updated based on the user’s changes and the content’s sensitivity. This ensure the file has the right protection.
  • User shares the file with another user in the organization
  • As an additional layer of protection, Data Loss Prevention (DLP) policies help prevent the accidental or inadvertent sharing of sensitive documents and emails.
  • User opens the file on their phone
  • If a user receives and opens the data on a mobile device, Intune enforces protection of the data.
  • User uploads the file to another cloud service such as Dropbox
  • If a user uploads the data to other clouds for external sharing, services such as Microsoft Cloud App Security can apply policies based on the data’s labels.

AIP vs MIP

Unlike Azure Information Protection >> Microsoft Information Protection isn’t a subscription or product that you can buy. ,

MIP is a suite for products  that help you protect your organization’s sensitive information.

Microsoft Information Protection products include:

  • AIP Azure Information Protection 
  • DLP Data Loss Prevention 
  • WIP  Windows Information Protection 
  • MCAS  Microsoft Cloud App Security 
please note : Each product above has it’s own unique functionalities 
 

Microsoft Information Protection capabilities include:

  • Unified label management
  • End-user labeling experiences built into Office apps
  • The ability for Windows to understand unified labels and apply protection to data
  • The Microsoft Information Protection SDK
  • Functionality in Adobe Acrobat Reader to view labeled and protected PDFs

AIP classic vs unified labeling clients

in OLD technique 

The original client, referred to as the Azure Information client or the classic client, downloads labels and policy settings from Azure and enables you to configure the AIP policy from the Azure portal.

in new technique 

The unified labeling client is a more recent addition and supports the unified labeling store used by multiple applications and services.

The unified labeling client downloads sensitivity labels and policy settings from the following admin centers:

anyhow 

 To provide a unified and streamlined customer experience, Azure Information Protection client (classic) and Label Management in the Azure Portal are being deprecated as of March 31, 2021

conclusion

AIP is on of MIP products that used to add extra layer to secure your information 

next article : we will see how to configure and test AIP 

thank you 

Share this post
Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

About Me

Our Power in Numbers

 17 

Courses

321

Articles

3,882

Images
and All configurations images are proudly made in Pioneers Lab

Articles By Course

Recent Articles

Subscribe

Contact us

have a challenge ? don’t hesitate to contact us