Home > IT in a usual life > Azure Information Protection – What AIP is, (#1/3)

Azure Information Protection – What AIP is, (#1/3)


Azure information protection에 대한 이미지 검색결과


1. Definition of AIP


It’s an IRM (information rights management) solution to protect documents by adding authentication and permission features based on Azure Active Directory. You can classify(personal, confidential), encrypt, and set permissions (PRINT, VIEW, EDIT) for documents, and any type of files.

All the above functions work perfectly for Microsoft Office files, and partially work for other types of files. The details will be explained later.


2. Historical notes


Previously, Microsoft introduced RMS (right management services), which uses on-premise AD which can be integrated with Exchange servers and MS Office clients. With RMS (it’s just another Windows server), users can access security templates in RMS, and select a template, such as ‘VIEW ONLY’, to apply it for the documents.

Now, this RMS became AIP (Azure information protection), and uses AAD (Azure Active Directory) for Office 365 subscribers. Note that when you subscribe Office 365, you also have Azure AD account/subscription. AIP is also being called Azure RMS, anyway the term – RMS seems deprecated.


3. So, what is it.


I’m going to deal with ‘How to install, configure’  stuff in a later article. So, at first, let’s feel free to check what we’re going to have after subscribing AIP which requires Office 365 + Azure AD.


Classifying documents


azure information protection에 대한 이미지 검색결과

You or your organization can have a label to set a necessary sensitivity as shown above. Not only for Excel, you can see the label in Word, PowerPoint.

I have no doubt there’re many companies those require features to classify documents, just like we did using a cabinet a few decades ago.

AIP helps you to set the sensitivity with Personal, Public, Confidential, and so forth.

관련 이미지

You don’t need to classify all the documents just because AIP has been installed, there’re other and easy ways to do this, or you can leave them unclassified.

Note that setting a sensitivity using a label does NOT encrypt the document yet.


Protecting documents


관련 이미지


Another change that you can see, is ‘'[Protect] button in the ribbon. The button includes sensitivity and Permissions menu. Once you click ‘Custom Permissions’, you can check the below beautiful screen which has great functions. Smile

This is the reason why AIP is quite useful for someone who need to protect enterprise or personal documents with a reasonable cost. 


Azure information protection에 대한 이미지 검색결과


‘Select permissions’ : This is to set a permission to apply. Available options are VIEW, EDIT, PRINT, and ALL. This is one of easiest way to disable printing, or editing the original documents.


‘Select users, groups…’ : This is to specify a user or group for the above permission. It’s available to set ‘Sales team only’, or ‘HR team, and John’, or ‘Only you and me’. Once you set users or groups, as you can expect, any other people can’t open, view, and edit the encrypted documents as shown below.

Azure information protection에 대한 이미지 검색결과

‘Expire access’ : Yes, you can expire the access by specifying a date.


You can also use [MS Office > Info > Protect Document] for the above settings.

관련 이미지


4. Supported file types


Basically, AIP support all files, it means that you can set a sensitivity and permissions for txt, pdf, hwp, and other files. The differences are as follows,


. Any of MS Office files has a button, and label in its UI (Office user interfaces).
. PDF, TXT files can be encrypted using a Windows explorer.


In Windows explorer, select a file (hello.txt) and right-click to select ‘Classify and protect’


When you encrypt TXT, or PDF files, AIP generates encrypted files ptxt (hello.ptxt in this case), or ppdf instead of encrypting the original documents.



Other Tools


Microsoft Office has all user interfaces to utilize AIP functions. Other files can be encrypted using Windows explorer, or PowerShell script.

Outlook has more security templates to protect email messages. A template can be a policy which can be configured at Office 365 & AIP admin page.

 ê´€ë ¨ 이미지


Azure Advanced Threat Detection


AIP also provides a dashboard to track documents – accessed from where, & how many.

OMS Security and Audit dashboard

Categories: IT in a usual life
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: