Last week I had the pleasure to do some experience with Azure Information Protection (Azure IP). Azure IP is now in Public Preview like Dan Plastina announced in his blog. Azure IP is based on two technologies. Azure Rights Management Service (Azure RMS) and the acquisition of Secure Islands. With the acquisition of Secure Islands it is now possible to work with classification labels. With these two technologies combined in Azure IP Microsoft is doing a great job because the user experience is much better. So how can we setup and use Azure Information Protection?

Requirements

Before we start configuring Azure Information Protection there are some requirements.

• A cloud subscription that includes Azure RMS
• Azure AD directory
• Client devices (with minimum .NET Framework version 4.6.5)
  • Windows 10 (x86, x64)
  • Windows 8.1 (x86, x64)
  • Windows 8 (x86, x64)
  • Windows 7 Service Pack 1 (x86, x64)
• Applications in the following Office Suites support labeling (Word, Excel, PowerPoint and Outlook)
  • Office 2016
  • Office 2013 with Service Pack 1
  • Office 2010

More information can be find on the Microsoft site.

Configuring Azure Rights Management

First we’ve to configure Azure RMS with the right templates. These templates can be used in Azure Information Protection. Go to the old Azure AD Portal and select Active Directory, then Rights Management can be opened to configure the right templates. I’ve created a few templates for different usage. These templates will be used later on.

Configuring Azure Information Protection

In the Azure Portal the option for Azure Information Protection can be added. When this has been done it can be configured. In the first view there is an overview of all classification labels. These labels can be enabled, disabled, edited or deleted. On this page it is also possible to set that all documents must have a label, the default classification label and if a justification must be provided when lowering the classification label.

When creating or editing a classification label the label can be enabled. A name must be provided and a tooltip can be provided. On this page also a visual marking can be enabled. A header, footer or watermark can be configured.

In the classification label an Azure RMS or AD RMS templates can be used. This RMS template will be applied when the Classification Label is selected.

Automatic classification rules can be created.

The classification label can be applied automatically or it can be recommended to the user.

After this setup the Classification Labels in Azure Information Protection can be used on the clients. So let’s see how we can use this.

User Experience

First install the Azure Information Protection Software. This can be downloaded here. Download and start the installation. The installation is really straight forward. Install, next and finish.

 

 

 

 

 

 

After this we can open Word for example. When we open this we see a new toolbar appearing under the Ribbon.

In this toolbar it is possible to classify the document. By default the document is classified as “Personal” and can be shared with everyone.

Also Financial Information can be detected. When financial information is in the document and the document is saved a new classification label and so a watermark is applied.

When lowering the classification label there will be a windows where a reason must be given. 

Licensing

Azure Information Protection licenses will be available in Q4 of 2016. There will be a standalone license and en Azure IP will also be part of Enterprise Mobility Suite (EMS). Azure IP is available in two licenses, namely P1 and P2. The P1 is the Azure RMS license as we know it today with manual classification and labeling from the acquisition of Secure Islands and the P2 license is everything covered in the P1 license and automatic classification and labeling.

The Enterprise Mobility Suite is also divided in two separate licenses. The EMS E3 license is the current EMS license as we know it today. The EMS E5 license will be the current EMS license with some new additions for security.

Conclusion

In this post I gave an overview of Azure Information Protection. Microsoft has done a great job by integrating Azure RMS and the technology of Secure Island with each other in Azure Ip. With this new product documents can be secured for unauthorized access. And that with a great user experience. It’s really easy to change the classification of documents. In the near future this technology will be more and more adopted so be prepared.