Microsoft Azure Information Protection (AIP)

Welcome. After this course you'll be able to implement Microsoft's Azure Information Protection for small and micro businesses. Don't forget to download the course guide documentation to help throughout.

The scary truth about why you need encryption, particularly as a business who would be liable for breaches and fines if this occurred. Let's see how much data a hacker can see without encryption.

Now, let's look at the difference that file encryption makes! 

A brief overview of Microsoft's Azure Information Protection and where it originated from.

Now you've gotten to grips with the portal, we need to do some leg work.

With large implementations like this, no matter how many users you have, you need to do some pre-planning. This limits the amount of troubleshooting needed later. 

Plus, it also allows you to understand more about the sensitive data within your business and how Azure Information Protection can help you. 

Policies and labels are highly specific to your business and you can get as specific as you need to do, to protect your data and offer the right amount of accessibility to it, offering you complete control.

Now, let's set up your labels first...

You need to create your labels first, and you do this by starting in your Azure portal (portal.azure.com/) and logging in using your Office 365 Credentials. 

Now, we need to define who has access to the labels and again, this is done in the Azure portal.

Before installation you must create policies and these fall into two areas: 

The Global Policy

There is only one global policy that covers everyone internally that has the client installed. You can adjust and add to this policy as many times as you like, but you cannot create more than one. 

Here is how you create a global policy: 

Scoped Policies

Scoped policies involve a team, department or interdepartmental level and will normally contain more labels. If you're just starting out or you don't yet have departments, you may not need scoped policies yet, but it's good to know as you grow and expand how to define them. 

Here is how you create a scoped policy: 

Before completing the installation make sure you have run all Microsoft and Windows updates from the previous section and closed any Office applications so that you don't lose any data. 

Next, go to: https://www.microsoft.com/en-us/download/details.aspx?id=53018 

Of course, you can manually set sensitivity levels by simply using the drop down arrows or buttons you can see above but we do not recommend this as general practice.

*If you find you're needing to do this time and time again, set new conditions in the scoped policy for better automatic coverage. 

*Note: You cannot use the document tracking tool without first turning encryption on. 

Here's why you need to test!

How to test your encryption works for your policies to ensure you're protected.

In some instances, for example if you have a one-time vendor you're using or a temporary member of staff, you won't need to adjust your policies to include them, but you still want to make sure documents and emails are labelled correctly. 

You do this using manual labeling. It's important to note that if you're lowering the classification of a document, you will need to state a reason that will be logged for record purposes.

This will apply if you have set your installation and settings as we instructed earlier in the course. 

*Note: If you're using manual labels frequently for the same reason, consider creating a new label or policy that best suits this so that you can use Azure Information Protection to the fullest in your business. 

Demo of the Do Not Forward Function for Staff Training

Showing how to use the sensitivity bar as a member of staff.

Demo of protection button for Staff Training

Demo of classify & Protect function for staff training

Demo of how to use the track and revoke function for Staff Training

How to decrypt, staff training demo.

A helpful guided template that shows what and why you should include in a GDPR staff training session.