Forum Discussion

Tor Marius Lillestøl's avatar
Tor Marius Lillestøl
Copper Contributor
Oct 08, 2018

Authenticated user very easy to steal

Hello,   I am testing Azure information protection and it seems like an easy to use product. My only question is it safe enough? i tried to send an email to my gmail account with full rights, but...
  • Carol Bailey's avatar
    Oct 14, 2018

    When you say "authenticatedusers permission", are you referring to the option "Add any authenticated user" option in the Azure portal?  If yes, did you read up about this option, more information here and includes:

     

    This setting doesn't restrict who can access the content that the label protects, while still encrypting the content and providing you with options to restrict how the content can be used (permissions), and accessed (expiry and offline access).

    ...

    Some typical scenarios for the any authenticated users setting:

    • You don't mind who views the content, but you want to restrict how it is used. For example, you do not want the content to be edited, copied, or printed.
    • You don't need to restrict who accesses the content, but you want to be able to track who opens it and potentially, revoke it.
    • You have a requirement that the content must be encrypted at rest and in transit, but it doesn't require access controls.

    So if you want to restrict the email to specific Gmail users, you must use a different configuration. For example, specify the Gmail accounts in the label configuration (the admin controls the user access) or use the User-defined option of Do Not Forward (the user controls the user access). For different configurations that are possible, you might find it useful to look over the examples at the end of the documentation I quoted.

Resources