What is Azure Information Protection (AIP)?

Though iterations of the solution have existed for a few years now, I predict that Azure Information Protection is about to catch on as the leading information rights management solution.

I will be demoing AIP with my colleague Jeff Silverman at ILTACON 2019. Click here to sign up for “AIP Protecting VIP Data: Now with Mimosas.” Hope to see you there!

What is Azure Information Protection (AIP)?

Microsoft’s Azure Information Protection is a cloud-based information rights management solution that protects your documents wherever they go, in and outside your firm.

Say you send an AIP-protected document to another party. They make a copy of it and file it into their document management system or file server. Even then, you will still retain full control of the document, managing and revoking access entirely as necessary. You can decide whether recipients are able to print, send, or take a screenshot of the document. Track who has opened the document and destroy it if you wish.

You may have been seeing this icon in your documents ribbon, depending on your firm’s deployment.

Most firms will likely want customized macros, such as those in the below screenshot. These will allow users to easily click, for example, a partners-only or team-only button that would prevent access by people outside those groups.

In each of the examples above, document protection would be proactively initiated by the user, by clicking an icon, running a macro, or otherwise taking an action.

AIP can also be configured to run behind the scenes, automatically scanning all document content and applying protection based on rules or artificial intelligence. In line with Microsoft’s aim of incorporating bits of AI into its products, AIP automatically detects the presence of sensitive information such as social security and credit card numbers to set the appropriate level of permissions. You can make it provide a reason and confirm with the user if you prefer—this can all be configured and audited from the backend—and the protection will travel with the document. Note that the scanner feature comes with the higher-level “premium” license.

Azure Information Protection Cons

It’s a promising solution, but not wholly without drawbacks. Because it encrypts documents, AIP makes them non-indexable. Protections cannot be applied wholesale to all the documents in your DMS (which should be applying its own protections to your documents anyway). AIP is meant to augment the security of your DMS once the document is outside of it.

Azure Information Protection Use Cases

AIP can be a life-saver in the case of accidentally sending a highly sensitive document to an unauthorized party, which happens with surprising frequency.

How else can you put AIP to use?

You may, for instance, send a detailed RFP response to a potential client, who decides to go with another company (sad, but it happens). You can then revoke the proposal you sent to protect your intellectual property. The reverse of course also applies; destroy your RFP at the conclusion of your buying process.

Many of our clients are law firms or legal departments. They may wish to revoke documents from opposing counsel at the end of the discovery phase or trial. Attorneys may also wish to apply protections to sensitive documents so that even assistants who have full access to their mailboxes will not be able to view them.

The back-end auditing of AIP also alerts IT when a user is downloading documents in bulk or engaging in otherwise suspicious behavior. The solution would let you take away access to documents to prevent a user from departing with them.

AIP’s place in the market

AIP represents an important breakthrough in the field of information rights management. While other solutions on the market have made good headway, Azure has a big advantage in that it manages 1.1 billion identities. This is a staggeringly large market ready for AIP. Anyone with an Office 365 account or a patched version of Windows 2016 or 2019 can open an AIP-protected document without having to download anything.

Azure also readily integrates with the rest of Microsoft’s suite of products, including Microsoft Cloud App Security, the subject of my next post. From what I heard at Inspire this year, it seems that the AIP product team is actively working on third-party integrations as well.

Curious about AIP’s potential at your firm? Drop us a line to discuss how you can get started—it’s likely already included in your current license.