Walk through an AIP solution and learn how an end user classifies and/or protects corporate data.
- [Instructor] To use Azure Information Protection as an end user, I need to have the Azure Information Protection client installed. Once the client's been installed on my machine, a new toolbar will appear on all the Office applications, where I get to set the classification and labeling of my data. All the configuration settings for this toolbar are downloaded on the fly from the cloud, and we'll take a look in a few minutes about how to set that up. But first off, let's see what the experience looks like, where as an end user, I'm going to go ahead and classify my document. As you can see, I have a standard Word document on the screen here, and it appears to contain some very important content that I want to make sure is marked as confidential for the company.
You'll see across the top, my organization has defined five classifications ranging from personal all the way to private. The confidential classification actually has another capability that you can see here, called Subclassifications. I'm going to go ahead and classify this as being confidential, and really for the eyes only of employees. Once I apply that, it shows the label that's been applied, and I've also configured this classification to add a red footer at the bottom of my document that also marks it as confidential.
While the footer obviously marks it as confidential, this classification will travel with the document, and if another user opens this in my organization, they'll also see what classification has been applied. The way this travels is through the use of custom document properties. To access these, we can look at the properties of the document by clicking on, Advanced Properties, and then looking under Custom. You'll see a whole number of properties that start with MSIP and Label have been added to the list.
MSIP being Microsoft Information Protection, the label being the classification, and this long identifier is the unique identifier for the label that's been applied. All these different properties here are what Azure Information Protection uses to tag the document and make sure that that travels along with it. If you are applying a classification to an email rather than being Document Properties, these would be headers of the email message. So I have this document that's been marked as confidential, and it's simply labeled. But we also talk about how Azure Information Protection can be used to protect data as well.
The protection that comes along with the label is something that you define as the administrator. This confidential label doesn't happen to actually apply protection, but I'm going to change the classification of this document to be marked as Private. So to do this, I'm going to go ahead and click the Edit icon, and then change the classification to Private. And you're going to notice a couple of things are going to change about this document. First, a watermark was applied. We want to make this a little bit more obvious that this is really a sensitive document. So a footer's not really going to cut it anymore.
If we looked at the properties, we would see the classification has changed as well. But we're going to go ahead and save this. And one of the other things that's going to happen here is it now has Azure Information Protection applied to it. And that means this document is encrypted, and it can only be opened by people that are defined in the protection settings. To show you what this means, I'm going to open this document as another user who has less access than I do, based on the protection settings. So now I've opened this on another machine as another user, you'll notice that it still has that sensitivity of private attached to it, but it also says that it has permissions.
And if you click, View Permissions, you notice that I no longer have permissions to copy, print, or export this data. And in fact, you'll notice that if I try to highlight text, Word has disabled the Copy function because of the permissions in the document, and it's disabled the Print function as well because the permissions in the document see that I don't have this access, and the Azure Information Protection client works with Word and the operating system to make sure that this actually is the case. In fact, if I set even more restrictive permissions on this, it would block things like screen recording or sharing my screen in an application like Skype.
- Authentication options with Azure AD
- Configuring Azure AD Connect for sync and authentication
- Securing remote access with the Azure Application Proxy
- Managing apps and devices with Intune
- Building and deploying a basic Intune policy for iOS or Android
- Protecting data beyond the firewall with Azure Information Protection (AIP)
- Configuring AIP classification labels and protection
- Integrating Exchange and SharePoint with AIP
- Managing risk with Advanced Threat Analytics
- Connecting Office 365 to cloud app security