Tallan Blog

Tallan’s Experts Share Their Knowledge on Technology, Trends and Solutions to Business Challenges

Overview of Azure Information Protection

Azure Info Protection Logo

Azure Information Protection allows administrators to define rules to classify corporate data, documents, emails, and other digitally stored information in the cloud, so that the information is protected automatically when the applicable criteria is met in an enforced configuration. Administrators can also set up the configuration so that end users with access to the originating documentation, can have the same options to do so on their own (when optional enforcement is permitted), based on suggestions when criteria matches are found within the sensitive data (e.g. structure of the numbers look like Social Security numbers, patient numbers, credit card numbers, wording in the document using terms like “confidential”, etc.).

Once protection labels are made, applied, and the data is protected, administrators can track the movement of the data and analyze where it flows, where it is stored, copied, shared, etc. This allows you to have a better understanding what kind of behaviors end users and the data owners have with the corporate information which allows the business to take corrective measures as part of an effort to prevent data leakage or misuse of sensitive corporate documentation.

Azure Rights Management (Azure RMS) is integrated with Microsoft cloud services (Azure Active Directory) and leverages applications (Office 365) and the associated file types that are supported.

The protection technology in Azure RMS uses encryption, identity for access right, and authorization policies, to tie the protection to the data itself (documents, emails, etc.) – this makes it so that the protection that is applied is independent of any storage location / technology, and “follows” the data wherever it goes. This makes it independent of networks, local file servers, and any applications that need to access or otherwise use the data. This allows you to stay in control of your data, even when it is shared externally with other people (as / if allowed). For example, you can make the data only available to people in your organization, you might restrict it so that it is read-only, or you can choose to prevent it from being printed. Email messaging and content can be restricted in the same manner, where you can prevent it from being forwarded or sent to “the world” via Reply All.

Azure Active Directory (Azure AD) is needed to support user authentication and authorization for Azure Information Protection, and if you want to use your on-premises directory (AD DS), you will need to configure directory integration.

Azure Information Protection allows for Multi-factor authentication (MFA) when you have the Azure Information Protection client software installed and configured on your supporting infrastructure.

Azure Information Protection client is supported on:
  • Windows 10 (x86, x64)
  • Windows 8.1 (x86, x64)
  • Windows 8 (x86, x64)
  • Windows 7 Service Pack 1 (x86, x64)
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2012
  • Windows Server 2008 R2
On Windows Server operating systems, the Azure Information Protection client is supported for use under Remote Desktop Services scenarios. If you have your Remote Desktop Services connection configuration set up to delete user profiles when you exit, you will to make sure to configure it so that you do not delete the %Appdata%\Microsoft\Protect folder.
When the Azure Information Protection client protects the data by using the Azure Rights Management service, the data can be consumed by the same devices that support the Azure Rights Management service; these include the following computer operating systems:
  • Windows 7 (x86, x64)
  • Windows 8 (x86, x64)
  • Windows 8.1 (x86, x64)
  • Windows 10 (x86, x64)
  • macOS: Minimum version of macOS 10.8 (Mountain Lion)
Mobile devices running the following operating systems also support the Azure Rights Management service:
  • Windows Phone: Windows Phone 8.1
  • Android phones and tablets: Minimum version of Android 4.4
  • iPhone and iPad: Minimum version of iOS 8.0
  • Windows tablets: Windows 10 Mobile and Windows 8.1 RT
The Azure Information Protection client can use Office applications (Word, Excel, PowerPoint, and Outlook) from any of the following Office editions:
  • Office 365 ProPlus with 2016 apps or 2013 apps (Click-to-Run or Windows Installer-based installation)
  • Office Professional Plus 2016
  • Office Professional Plus 2013 with Service Pack 1
  • Office Professional Plus 2010 with Service Pack 2
Other editions of Office cannot protect documents and emails in this manner, as certain applications and solutions natively support the Azure Rights Management service (which provides the data protection for Azure Information Protection) and others do not. In those situations and on those applications, Rights Management support is integrated by using Rights Management APIs to support the usage restrictions. These applications and solutions are also known as “RMS-enlightened” and are subject to some functional limitations.
In future posts on this subject, I will outline some of the RMS-enlightened applications, information on the file types supported from the Azure Information Protection client, applications that are not supported by Azure RMS, as well as how to configure your firewalls and network infrastructure to allow specific connections to your applications and your on premise servers.


Learn more about Tallan or see us in person at one of our many Events!

Share this post:

1 Comment. Leave new

Neso Development
September 20, 2018 1:19 pm

We have just started using Azure and this is great information to aid our clients.

Thanks a bunch!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>