Azure Information Protection – Manual and Automatic File Classification

April 11, 2017   //   Cloud Microsoft Security

In our previous blog posts, we discussed securing users and securing devices, but documents are often sent or stored outside the organization and so a solution also needs to be available to protect your data no matter where it might be.

Azure Information Protection provides this security by integrating a number of tools, including Microsoft’s Rights Management, to tag documents and emails with the necessary security.

How do I protect documents and emails?

In the past, the process to protect documents and emails could be complicated or difficult, but with the new Azure Information Protection plugin it is a very simple process.  The plugin is available for all Microsoft Office products and also integrates with Windows Explorer.  Once installed, a new menu bar will appear in your Office products.  To protect a document or email. Simply select the proper sensitivity and the associated security policies will be applied.  If one of the

Once installed, a new menu bar will appear in your Office products.  To protect a document or email. Simply select the proper sensitivity and the associated security policies will be applied.  If one of the built-in policies is not appropriate, administrators can easily create their own custom policies and make them available to the plugin.

Azure Sensitivity

Is this only a manual process or can data be protected automatically?

Automatic classification is absolutely available and is a feature of EMS E5.  In this model, the security policies remain the same but the policies are then linked to keyword searches or content matches, such as social security numbers or credit card numbers.  The system will then automatically scan data in SharePoint Online, Exchange Online, and other cloud and on-premises systems and classify documents based on the search results.  In addition, if you have the Azure Information Protection plugin, it will scan any documents you are working on and classify them as needed automatically.

When I protect a document or email, what does that mean?

When you create a security policy to protect documents, you can select a number of different policies to restrict access and the redistribution of data.  There are many options but some of the most common include:

  • Block printing or re-saving to alternate location
  • Block the copy command
  • Block forwarding and replying to an email
  • Restrict viewing and editing of the data

What types of files can I protect with Azure?

The list of file types that can be protected by Azure Information Protection continues to grow.  Currently, the main file types are any Microsoft Office files, image files, and Adobe PDFs.  For more information, here is a list of the updated file types.

Now that we have our data protected, in our next blog we will review tools that are available in Azure Information Protection to track the data and ensure that the right people are accessing the data and that the security is being properly enforced.