What We Do

You’ll get fast decisions, responsible technicians and quality outcomes.

2019–20 coronavirus pandemic - Coronavirus disease 2019

Azure Information Protection explained

When it comes to data contained in emails, shared files and documents, security is a big issue. Indeed, for many businesses, it is difficult to control and manage, which increases the risk they will come a statistic.

Data breaches are becoming more of a risk, with the average cost of a single breach in Australia sitting at $3.35 million, which makes securing your company’s sensitive data mission-critical.

One of the ways in which you can protect your business is by ensuring there’s an extra layer of security around internal and external information, using Azure Information Protection (AIP), part of the larger Microsoft Information Protection story.

What is Azure Information Protection?

Azure a platform of cloud-based services from Microsoft. Azure Information Protection is a service provided by Azure for data security and allows organisations to secure, manage, and control sensitive data, primarily documents and emails, with the ability to include most data types. This level of security offers peace of mind, as well as reducing security risk, maintaining trust with stakeholders, and ensuring your business data is safe.

AIP is a cloud-based solution that allows businesses to discover, classify, and protect emails and documents, though label application to documents. AIP allows you to label, classify, and protect documents in one go, or you may have recommended classifications for guidance on the best option. Labelling can be done manually, or automatically if that is more appropriate for your business.  AIP includes features such as document tracking and revocation.

This protection persists regardless of where the document or email goes, across multiple devices, through encryption and setting rights and authorization policies. For example, if you email a document to another company or save a document to their cloud drive, AIP.

Label and classify files with AIP

AIP classification is used to make data identifiable according to relevance within your organisation. This can be categorised according to sensitivity of information, such as official use, public, restricted, or confidential. Labels are created based on this categorisation, which defines the level of protection that will be applied to the data.

Labelling the document allows watermarks to appear to inform others the document is secret and is only allowed to be seen by certain people. For example, the finance director of your business communicates regularly with several finance institutions. A label can be created adding the email domains of the bank contacts, so any information sent can only be viewed by the recipients.

AIP allows users to automate labelling of files. If you save a file with confidential business information and don’t manually label or classify it, with AIP, the file is automatically saved as secret and only accessible to authorised users if encryption is in use.

On-premises scanner with AIP

An extra feature of AIP is the on-premise scanner, available through the Microsoft Azure portal. This allows IT administrators to scan on-premise file repositories and rapidly identify any files stored locally that have sensitive content that needs to be labelled, classified, and possibly protected.

The on-premise scanner reveals which user owns the files, how users interact with files (read only, no access, etc.), and also whether the files are able to be shared externally and internally. This gives IT administrators oversight to look further and see if the files need to be protected.

Sharing protected content with AIP

So far, we can see that labelling, classifying, and protecting documents allows only authorised people to view them. But what happens if someone unauthorised attempts to view the files, or it is shared to someone outside the organisation.

With AIP, you can prevent data being shared in a few ways:

  • Prevent copy and paste from protected documents. This means users can’t open a file, copy and paste the information, then send it to an external email or document form.
  • Blocking protected documents from being emailed or shared. A document with sensitive information that is protected will not be sent if a user tries to email it. The IT administrators will be informed through the Azure portal if a user tries to send any emails with protected or sensitive information.

Control over document sharing with AIP

It’s important that your organisation has total control over the information you’re sharing. This includes when you have shared the document and the person you’ve shared it with has viewed the content. By setting the appropriate label permissions, you can share files via email to external parties, enabling editing privileges, view only, print, etc.

Recipients of shared documents and files need to be connected to the internet to view the shared file. You are also able to immediately revoke access to the file for all of the users originally given permission to view it, and they cannot access the file again, even if it’s left open on their screen.

Why should your business use AIP?

Today, cloud-based services are being used by organisations around the world more than ever before. File sharing is one feature of cloud technology that enables efficiency. While instant access to files and documents is a boon to productivity, it’s vitally important business data is protected at all times.

Sensitive or protected information falling into the wrong hands can be disastrous for businesses. Despite the concerns about security with sharing files and emails online, when set up properly, security tools such as Azure Information Protection is safer than having physical files on-site that can be accessed and copied easily.

Microsoft 365 Business Premium and Enterprise users can access all the benefits of AIP. Speak to Linktech Australia’s Azure consultants about how to ensure you have the best possible protection available for your business.