Azure Information Protection

One of the new features that is about to go live is “Azure Information Protection“, which in reality is the cloud version of “Rights Management Services” but better. You can read more about it here: https://www.microsoft.com/en-us/cloud-platform/azure-information-protection

For this post we will simply look at enabling it and how it works. Firstly, you have to access the Azure Portal. Once there you are going to want to add something new. To do this click the “new” option then type the word “information“.

This will give you the list of options available. Now we need to click the “Azure Information Protection” option. Next you should get a list of options and the first one is what we need.

Simply click this item to start the creation process.

Literally clicking the “Create” link creates it and it should be done in less than a minute.

Now we can find the newly created item in the list of many things we now have in our portal. Once we click on it, it will open the configuration screen.

As you can see we get a title called sensitivity, with what will be some rules that we created, then we define what should be applied to the files by default. You may wonder what this all means?

The idea is that a policy can be created that is then pushed down to documents and using the installed client tool, will surface this within the Office documents. We will look at this shortly. First we need to create some labels.

To begin we need to create the label name, then define a tooltip that our users will see along with a color. We can ignore the RMS template piece for now, and look at the bottom three options for visual marking.

You will also see that section for the conditions for defining the label we will create.

Selecting the “Add a new condition” enables us to define how this will be utilized.

Choosing from the built-in is the easiest and we will choose credit card number, though you can create custom ones too.

As with Data Loss Prevention, we can specify the number of occurrences to find before this is triggered and applied. For this we will set this to “1” so it flags up as soon as we add a credit card number. Once that is saved we now get to populate the core settings.

Next we can go back and set the header and footer values.

So now we have our policy, with its labels, watermark and condition, now we can set the default options for applying the values along with a policy tip.

Once we have all this done, we should then see the list of labels we created.

Next we need to save and publish this.

Lastly we then set what the default label should be and save everything.

We then save and publish again.

So there we have it, but the next question is what does it do once it is enabled?

Firstly, we need to install the client office application. This can be downloaded from here: https://www.microsoft.com/en-us/download/details.aspx?id=53018

Installing is very simple and quick, of course you need to ensure you have Office installed first, for me I am using Office 2016.

Now it is installed when we open Word 2016, it prompts us for authentication to the Azure Service.

Typing our Office 365 / Azure credentials enables what we need to be shown within Office. Once done, when we open a blank document we see the changes in the ribbon bar.

Notice the custom one we created at the end called “Demo Credit Card“. Clicking that one sets the properties we defined earlier.

So setting it back to “Internal” we can add some text, and then save and upload to SharePoint Online.

Now it does not make any difference where this gets stored at all, but for me SharePoint Online makes perfect sense, as it also shows how the labels are respected no matter where they are stored. Now we have saved it, let’s add some fake generated credit card numbers, notice what happens in real-time it checks and recommends that the sensitivity be changed to our new credit card label.

This of course changes the document as per our settings from before.

How fantastic is that, real-time checking and modification to the documents based on content that is stored within it. Outside of this we can also enable monitoring of the document usage, but we will save that for another post.

All in all, this a great option for greater control of documents that are stored anywhere as the labels are respected and used no matter where the files are stored. More to come.

Liam Cleary

I work as an Associate Director for Protiviti in Virginia. My main focus is to ensure that SharePoint can either natively or with minimal customization meet the business requirement securely. I am currently a SharePoint MVP focused on Architecture but also cross the boundary into Development and Security. I am often found at user groups, conferences speaking, offering advice, spending time in the community, teaching my kids how to code, raspberry PI programming, hacking the planet and sometimes building Lego robots.

You may also like...