Azure Information Protection (AIP) Premium P1 capabilities were added to Microsoft 365 Business, a welcome enhancement for those who may have otherwise started heading down the Office 365 E3 path for these capabilities. What are the things you need to know, and what are some of the changes you will see in the future? Let’s start off with one of the capabilities that we will see soon that is a major departure from what we’ve seen in the past.
This one isn’t as obvious as obvious as you might expect, but it’s one that those of you who bounce between Business and Enterprise subscriptions of Microsoft 365 or Office 365 may already be aware of. Right now, Office 365 Business (also part of Office 365 Business Premium and Microsoft 365 Business) includes the ability to consume AIP protected content, but not to create it from scratch. This capability was only part of Office 365 Pro Plus, and even if you install the AIP client on your Windows PC, Office 365 Business will only provide labelling capabilities, it won’t expose the organisations AIP policies. This applies to content creation in Office such as Word, Excel and PowerPoint files, for example, but also applies to email through Outlook. If you want to protect email, for now you will need to use Outlook on the web. For the protection of Office files, you will need to use the Azure Information Protection client.
Here are some screenshots of what that experience is like today, and in a later post I’ll show you what it should look like with a Word document that needs protection.
Here’s Word, as included in Microsoft 365 Business today.
In the Info page you can see that protect document doesn’t show any AIP integration capabilities.
After installing the AIP client, you can see the Protect option on the Ribbon.
It’s important to note that you will only see the labels that are available until Office 365 Business is updated to support native encryption, which is on the way.
I saved the document out to the desktop of the virtual machine and you can see the Classify and protect option that now light up.
You can see that the Confidential label is already applied.
Clicking on Confidential now shows the All Employees Confidential protection policy that we couldn’t see in Word.
As you can see, it’s a multiple step process to do it from Explorer, versus what Office 365 ProPlus does today.
This final screenshot is from with Office 365 ProPlus. If you compare this to the second image, the capabilities are available rom Info, Protect Document, and as you would also expect, they are available from the Protect icon in the Ribbon.
If you are interested in learning more about the capabilities of Azure Information protection, here’s the list – https://azure.microsoft.com/en-us/pricing/details/information-protection/ (current as of May 3, 2018).
|Feature||Free||Azure Information Protection for Office 365||Azure Information Protection Premium P1||Azure Information Protection Premium P2|
|Manual, default, and mandatory document classification and consumption of classified documents|
|Automated and recommended data classification and administrative support for automated rule sets|
|Hold Your Own Key (HYOK) that spans Azure Information Protection and Active Directory (AD) Rights Management for highly regulated scenarios|
|Protection for Microsoft Exchange Online, Microsoft SharePoint Online, and Microsoft OneDrive for Business content|
|Azure Information Protection scanner for automated classification, labeling, and protection of supported on-premises files|
|Bring Your Own Key (BYOK) for customer-managed key provisioning life cycle2|
|Custom templates, including departmental templates|
|Protection for on-premises Exchange and SharePoint content via Azure Information Protection connector|
|Azure Information Protection software developer kit for all platforms— Windows, Windows Mobile, iOS, Mac OSX, and Android|
|Azure Information Protection connector with on-premises Windows Server file shares by using the File Classification Infrastructure (FCI) connector|
|Document tracking and revocation|
|Protection for non-Microsoft Office file formats, including PTXT, PJPG, and PFILE (generic protection)||Yes|
|Azure Information Protection content consumption by using work or school accounts from AIP policy-aware apps and services|
|Azure Information Protection content creation by using work or school accounts||Yes|
|Office 365 Message Encryption|
1Some Office 365 subscriptions also include data protection using Microsoft Azure Information Protection. For information on those Office 365 subscriptions and the data protection capabilities they include, refer to Azure Information Protection licensing datasheet.
2Azure subscription required to use configured key for Bring Your Own Key (BYOK).
3Includes activating/deactivating the service, onboarding controls for a phased deployment, usage logging, super user capability for eDiscovery and data recovery, bulk protect/unprotect of files.