Forum Discussion

James Vink's avatar
James Vink
Copper Contributor
Jun 26, 2018
Solved

On-Prem AIP for DLP

I am looking into introducing DLP policies and during the learning process i have come to learn about AIP. The AIP integration with Office is really slick and love the labeling feature. I'm looking ...
information protection and governance
microsoft information protection
Rights Management
  • Carol Bailey's avatar
    Carol Bailey
    Jun 27, 2018

    Yes, for users to be authenticated so they can then download the labels that you configure, install and configure AD Connect.  You configure the labels from the Azure portal, using any number of labels (create scoped policies if you want users to have specific labels), using your choice of classification names, any color, specifying whatever header/footer/watermark you want etc.

     

    You can configure clients to be offline, but it's not a sustainable solution and won't offer the best user experience: https://docs.microsoft.com/en-us/azure/information-protection/rms-client/client-admin-guide-customizations#support-for-disconnected-computers

     

    Only if you need documents and emails to be protected (as well as classified) do you need the RMS connector for your on-premises servers - for example so users can apply a label in Outlook that classifies and protects right from the client.  You can always add the protection piece later.

James Vink's avatar
James Vink
Copper Contributor
Jun 27, 2018

ahhh, ok. that's a little more clearer.

Yes. i am using the default test policy and thought that the labels were all distributed via GPO.

 

So, hypothetically speaking we'd be looking at configuring this with AD Connect along with the rights management connector?

 

Carol Bailey's avatar
Carol Bailey
Icon for Microsoft rankMicrosoft
Jun 27, 2018

Yes, for users to be authenticated so they can then download the labels that you configure, install and configure AD Connect.  You configure the labels from the Azure portal, using any number of labels (create scoped policies if you want users to have specific labels), using your choice of classification names, any color, specifying whatever header/footer/watermark you want etc.

 

You can configure clients to be offline, but it's not a sustainable solution and won't offer the best user experience: https://docs.microsoft.com/en-us/azure/information-protection/rms-client/client-admin-guide-customizations#support-for-disconnected-computers

 

Only if you need documents and emails to be protected (as well as classified) do you need the RMS connector for your on-premises servers - for example so users can apply a label in Outlook that classifies and protects right from the client.  You can always add the protection piece later.