Forum Discussion
SharePoint and AIP
AIP and SharePoint don't mix well, still. Yes, you can apply labels to documents and even libraries, but the problem is that any file that is protected by AIP label directly will be rendered inaccessible for any server-side SPO processing. So in effect, you will loose search, co-authoring, Delve, even eDiscovery. Until the two teams sit together and do a proper integration, you're better off using the 10y old IRM implementation instead.
More info here: https://docs.microsoft.com/en-us/office365/securitycompliance/protect-sharepoint-online-files-with-azure-information-protection
Couple of points:
1. IRM for SharePoint only applies protection when documents are downloaded from a protected library.
2. Rights Management templates are the way to protect information because you can assign rights to individual users (and now to "Any authenticated users" https://office365foritpros.com/2018/11/02/any-authenticated-users-permission/).
3. Office 365 users can access templates as Azure Information Protection (AIP) labels or as templates published in a protection policy.
4. Office 365 and AIP are "unifying" labels. What this means is that you can create a new form of sensitivity label in the Security and Compliance Center that is tied to a rights management template and therefore can protect messages and documents through encryption. The unification only refers to being able to manage the labels in one place (the classifications section of the SCC). This work is still in early days and while you can migrate AIP labels to the SCC, some restrictions exist. It's really just suitable for a test tenant today.
Encrypted documents protected with rights management have some restrictions too, like no preview or co-authoring.
When Office 365 sensitivity labels are fully operational and generally available, you might be able to use auto-label policies to apply them to documents on the basis of:
Keyword search
DLP sensitive data type
You will also be able to apply sensitivity labels via a DLP policy.
All of this is a long way of saying that the old rights management template technology is being brought into Office 365 in an integrated manner. It's not there yet, but it is coming.
You can sugarcoat it as much as you like, the simple truth is that integration between AIP and SPO is nowhere near where it should've been, considering the number of years both have been available separately, as part of the Microsoft cloud portfolio. I remember talking to some of the AIP folks two years back, they were throwing excuses along the lines of "the SPO folks should contact us". Obviously that can take a while in an organization the size of Microsoft :)
Really Vasil, the "simple truth" is simply "your opinion"...
I merely report what's happening and choose not to speculate what might have happened in the past and the discussions that might have occurred between different engineering teams.
Let's run a poll, see if it's just my opinion :)