Azure Information Protection – Overview


with the acquisition of Secure Islands in November 2015, Microsoft announced (June, 2016) a new product called Azure Information Protection. This new service builds on the new adoption for document and file labeling and the already existing server Azure Rights Management (Azure RMS). With AIP you can classify, protect and encrypt content from the beginning and within its lifecycle. Furthermore you can define by whom mails or files can be opened, can set an expiration date and you can revoke file access from already sent files. But more on the details later. Since October, 4 2016 Azure Information Protection is GA and it’s time for us to have a look on what’s behind.

As an introduction I will try to explain why Microsoft invests on this.

Within enterprise environments you have these entities – users, devices, apps and data. Where data is being shared with employees, customers and business partners. While we already have the opportunity to manage and secure devices and applications the possibility to grant or revoke access based on the content within a file or the classification is still missing.


First up let’s start with a general overview. There’s one slide I like a lot. It explains the evolution of RMS. It all started in the past with the requirement to protect files. That means encryption, access control meaning who can open it and share it and of course we want this centrally managed. Within the last four years the possibility to monitor became a strong requirement. So Microsoft added the possiblity to track and revoce access over shared data. And with the secure islands a market leader for classification, protection and loss prevention technologies you now have the classification and labeling capabilities so that you can identify what data needs protection.


The evolution of Azure RMS


From my experience and point of view this is an immense step which is really needed within the discussion of data security. With the tools and knowledge we have these days, it’s just an illusion to think that you can protect everything and everybody in your company and every partner is aware of the classification policies you defined for your content. Thats why an automatic labeling/classifcation is so important.


Within this series I will split the two products Azure RMS and the service coming from Secure Island. We will in detail have a look on what can be configured and how. As a good overview I always show this slide to my costumers when it comes to AIP. It’s a good low level overview that explains the whole lifecycle.



As one or the other of you may wanna gain some own experiences with Azure Information here are some really good start points.

If you just want to have a look at how Microsoft explains what Azure IP is, check out this whitepaper.

Then there is the “An Introduction to Microsoft Azure Information Protection” video which gives a quite good overview about AIP even though there are some more features available in the meantime.


As we are all more the technical guys, check out the Azure Information Protection client. In my next blogpost I will explain you how to spread own AIP policies. And of corse there is the Enterprise Mobility and Security Blog and “What is Azure Information Protection?”


So stay aboard.





Submit a comment on “Azure Information Protection – Overview”

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© 2022 IT-Pirate