Forum Discussion

Michael Whitaker's avatar
Michael Whitaker
Copper Contributor
Oct 26, 2018
Solved

Force AIP labelling/protection

I am new to AIP (Azure Information protection). My question is how do I enforce the protection of documents.   What I want: any document/email should be assumed to be for internal company only and ...
information protection and governance
microsoft information protection
Rights Management
  • Peter Bing Simmons's avatar
    Peter Bing Simmons
    Nov 01, 2018

    Soon enough the Azure Information Protection client will be build into the Office Pro Plus clients, effectively solving one of your issues. Until then I think your best bet is to utilize Azure Information Protection in conjunction with Data Loss Prevention for sensitive data types.

     

    In AIP you could enforce that all documents must have a label and ensure that all documents starts with a default label. It won't solve all you headaches, but It's a start I guess.

     

    Also you can enforce transport rules through the Exchange Admin center, that will add protection to content that is being sent externally, even if that content is sent from devices or applications that does not support adding labels or protection to content.

    https://docs.microsoft.com/en-us/azure/information-protection/configure-exo-rules

     

    You can also enforce Information Rights Management in selected or all SharePoint/OneDrive document library locations, to ensure protection for files located there.

    https://docs.microsoft.com/en-us/office365/securitycompliance/set-up-irm-in-sp-admin-center 

Jakob Schaefer's avatar
Jakob Schaefer
Brass Contributor
Nov 01, 2018

Hi Michael Whitaker,

have you seen the AIP Scanner? If you use OnPremise Data this tool can help you for automatic labeling and protection for documents.

You should think about combining AIP/Azure RMS with DLP where you can also protect shared documents or block sharing.

Jakob

Resources