Microsoft Azure Information Protection: A Guide for Small Businesses (2024)

In today’s technology and productivity focussed world, hybrid, remote and multidevice work is a part of everyday life for almost every organisation. Whilst it brings many benefits, it also poses new challenges for data security.

• How can you keep your sensitive information safe and compliant no matter where your employees work from?
• How can you ensure that documents are only accessed by the people that need to see it and not your entire organisation?

We very often see organisations that have highly secure in-office set ups, but as soon as data leaves their network, the security practices are much less stringent. It’s important that we maintain absolute security outside of our offices, and also for our data regardless of where, when and how it’s accessed. This is where Azure Information Protection can help.

In this article, we’ll look at what Azure Information Protection is, we’ll delve into some of its functionality, explore some small business use cases, look at how it works alongside Copilot, and understand how to get it. Let’s dive in…

Azure Information Protection (AIP) is a Cloud service that allows you to protect, set policies for, and audit your sensitive data. Its key focus is protecting data by applying sensitivity labels and encryption.

You can use AIP to:

• Apply encryption to your data, so that only authorised users can open it.
• Track and revoke access to your data, even after it has been shared or downloaded.
• Define who can access your data and what they can do with it (such as view, edit, print or forward).
• Detect and prevent data leaks, by applying policies and rules to your data based on its classification label.

The primary focus and AIP’s main application for the majority of organisations is its classification and labelling functionality. This allows you to choose who can and can’t see certain documents and folders, and assign levels of confidentiality and importance.

When a document is created, classification labels can be applied. This means that the relevant policy dictates where this document can go and what can be done with it. If a labelled document were to be shared with a group or individual it’s not supposed to be, the action wouldn’t work and the administrator would be notified. The administrator notification is important because it ensures transparency and allows the admin to respond appropriately.

For emails, similarly to when a document is created, users will be prompted to apply a label and this will then dictate who can access the email and what can be done with it.

Adding classification labels to your data also allows staff to explicitly see which information is sensitive, so there’s no confusion and less chance of human error. Additionally, this also means that employees are consciously identifying the risks and potential business impact sharing that data might cause.

The beauty of classification labels in AIP is that they are customisable. Administrators can customise the labels so they can be tailored to suit your organisation’s needs. Virtually any classification system you can think of can be made a reality!

If you need help choosing and implementing the classification labels most suitable for your business, then please get in touch.

There are two business AIP plans to choose from – Plan 1 and Plan 2. The difference between the two is that AIP Plan 2 has Automatic and Recommended Labelling.

Automatic labelling can be done using predefined patterns (if an email contains a credit card number for example), or you can use customised labelling based on your policies. You might choose to have all HR documents automatically labelled as ‘strictly confidential’. If administrators allow it, users can overwrite these labels if they’re not appropriate for the document. All overwrites are audited to provide traceability.

The biggest benefit of automatic labelling is that it isn’t reliant on employees to classify the documents themselves. This prevents users overlooking classification or bypassing it because they’re pressed for time, thereby eliminating the chances of data being shared into the wrong hands.

As more and more organisations are getting excited about and exploring Copilot for Business and its capabilities, we thought we’d address how Azure Information Protection works alongside Copilot.

Organisations can rest assured knowing that Copilot for Business always respects the security measures set up in Azure Information Protection. As an example, if a user were to ask Copilot to display some Sales Data in a table, Copilot would operate only within the context of that user’s permissions. It would only be able to display data that the user had access to – it would not, and could not, pull data from documents that the user doesn’t have permission to see.

In addition, Copilot wouldn’t pull data if access had been rescinded, and if printing and downloading is restricted by the AIP classification, Copilot generated content won’t be printable or downloadable either.

In other words, Copilot will always respect the permissions in AIP providing a secure, and context-aware experience for users. This means businesses can use the powerful tools of Copilot for Business with peace of mind that they are maintaining absolute data security.

If you have Microsoft 365 E3, then you already have AIP Plan 1, and AIP Plan 2 is included in Microsoft 365 E5.

If you don’t have these plans, then AIP is also available as a stand alone product that can be added on to whichever Microsoft 365 plan you currently have.