cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure Information Protection retroactive protection - AIP

ThatsSecurity
Copper Contributor

‎Jul 13 2019 07:23 AM

‎Jul 13 2019 07:23 AM

Azure Information Protection retroactive protection - AIP

 

Hello all,

 

I need a clarification for a use scenario of AIP.

 

hypothesis, using a label called"highly confidential" that at the end of the implementation will protect documents with the protection flag of AIP configuration.

 

What I need to understand is in the following scenario:

1. We start to use the label without the protection flag for example for three months.

2. During this time period a total of 100 documents has been labeled as "highly confidential" and obviously only labeled without protection.

3. After this three month we will edit the label enabling the flag of protection.

 

The question is about what will happen to the 100 documents labeled before the edit of the label, will be retroactive protected ?

 

thanks for helping

if something is not clear please ask for clarification

1,251 Views
1 Like
3 Replies
Reply
3 Replies
Bryan Haslip

‎Jul 18 2019 06:40 PM

‎Jul 18 2019 06:40 PM

Re: Azure Information Protection retroactive protection - AIP

From my understanding you would need AIP plan 2. This includes the scanner which is installed on a local server or run in Azure. Please see the quote below from the Microsoft docs page. I’ll include the full link as well.

“In addition, all files are inspected when the scanner downloads an Azure Information Protection policy that has new or changed conditions. The scanner refreshes the policy every hour, and when the service starts and the policy is older than one hour.”

https://docs.microsoft.com/en-us/azure/information-protection/infoprotect-quick-start-tutorial
0 Likes
Reply
ThatsSecurity

‎Jul 23 2019 07:20 AM

‎Jul 23 2019 07:20 AM

Re: Azure Information Protection retroactive protection - AIP

Hi @Bryan Haslip thanks for answering but my question si more complexed than that.

 

Imagine that few files that have a label were sent to external recipients or cloud spaces.

 

I want that the files start to be protected because of business reasons, i change the label that i know is the same of the document in the case.

 

I can be sure that all the document with that label will be protected. obviously also out from my systems where i can use tha aip scanner eventually (is not in the case btw) ?

 

The purpose is to protect documenta also (and especially i think) out from the home environment

0 Likes
Reply
Bryan Haslip

‎Jul 24 2019 08:48 AM

‎Jul 24 2019 08:48 AM

Re: Azure Information Protection retroactive protection - AIP

I think I understand now. From my experience once the document has left your environment and control the only option you have is to revoke access to the document. I have not been able to apply the updated policy on a document that say I sent via email. I certainly can revoke access and send the updated document with the updated policy. Hopefully that gives you the information you are looking for. 

@ThatsSecurity 

0 Likes
Reply