Learn how AIP can integrate with key apps like Exchange or SharePoint.
- [Instructor] Outside of this traditional Microsoft Office applications, two of the most common integrations that people do with the Azure Information protection are integrating Microsoft Exchange server and Microsoft SharePoint. And this can be either the On-Premises versions of Exchange or SharePoint, or it could be the cloud versions of Exchange Online and SharePoint Online. With Exchange, what you can have Exchange do is automatically apply protection to email messages or even remove protection based on certain patterns that you define. Exchange can do this using what are called transport roles. And transport roles let you either search for certain patterns in messages, or match certain heuristics.
And based on that, you could apply protection that says, for example, an email message that contains a national identifier or Social Security number could automatically be encrypted so that only employees can view it. One of the interesting things about how Exchange works is it uses a special feature of Azure Information Protection called a super user that it enables it to encrypt any message in the system. And the reason Exchange does this is so that it can index messages for searching. So that if you go to search your mailbox, and you search on a specific keyword, and it happens to be in a message that's encrypted, you'll still get that in your search results.
Now, granted, you won't be able to open it, unless Azure Information Protection allows you to do so based on the processes that we discussed. But the data won't be missing from the search results. If you're using Exchange On-Premises, there's a special Azure Information Protector connector that you'll have to install on at least one server, preferably at least two, for high availability. And you'll point your On-Premises Exchange servers to that connector, which will bridge the gap between the On-Premises and the cloud. If you're working with people outside the organization, and you have Exchange Online, or Exchange Online Protection, and you have Azure Information Protection, you'll also have access to a feature called Office Message Encryption.
And what Office Message Encryption lets you do is provide a captive portal where people that receive messages can go to to work with that content, so that it's not transmitted directly in email. They'll need to authenticate to access that content, and they can actually reply to you at attachments, and access attachments, all from the portal, as you can see. The other nice thing about Office Message Encryption is that you can configure it so that when your internal users receive messages, they don't have to actually go to the web portal; they can just work with that directly in Outlook or Outlook Web App.
If you're working with SharePoint, it works a little bit differently than Exchange. First off, when you configure protection, rather than configuring it based on keywords or having the end user apply it directly in Outlook or Outlook Web Access, instead, you'll define the protection settings at the top of a document library. The protection that SharePoint applies to the document is dynamic based on the user's permissions to the document library. So, if you have some users that only have Read Access to the document library, they'll only get Read Access when they download the file. Whereas people that full access or write access will also be able to edit the document.
While Exchange lets you store the data in an encrypted or protected form, SharePoint stores the data unprotected. Instead, when the user accesses the content, SharePoint applies the protection based on the settings in the document library and the user's protection on the fly. Similar to Exchange, if you're working with SharePoint On-Premises, you'll need to configure SharePoint to talk to an AIP connector so that it can connect to the AIP service that's running in the cloud. Exchange and SharePoint are really just two examples of applications and services that can integrate with the the AIP, but they're probably two of the most common ones that you'll run into.
- Authentication options with Azure AD
- Configuring Azure AD Connect for sync and authentication
- Securing remote access with the Azure Application Proxy
- Managing apps and devices with Intune
- Building and deploying a basic Intune policy for iOS or Android
- Protecting data beyond the firewall with Azure Information Protection (AIP)
- Configuring AIP classification labels and protection
- Integrating Exchange and SharePoint with AIP
- Managing risk with Advanced Threat Analytics
- Connecting Office 365 to cloud app security