Azure Information Protection – Protection & Automatic Labelling

This marks the first post on Azure Information Protection. In this post I am going to go through creating a label which will be automatically applied to a new document when a specific keyword appears. This label will also contain protection.

The first step is to create a new label, in Azure Information Protection I can navigate to Labels > Add a new Label.

image

  • Enter a Name
  • Enter a Description
  • Set the permissions containing this label to “Protect”
  • Set Documents with this label have a footer to on (Optional)
  • Enter the Text for the Footer (Optional)

image

  • Choose Azure Cloud Key under Protect

image

In this example i am going to set permissions for all members of the T67 Tenant to have co-owner rights to an internal only labelled doc.

  • Choose Add Permissions
  • Click Add “Company Name” – All Members
  • Choose Ok and then Ok again

image

  • Next I want to add conditions for automatic labelling. I can do this by going to “add a new condition”

image

  • Select Custom
  • Enter a name for the condition
  • Under Match Exact Phrase or Pattern i am going to Choose “T67 Services”
  • Click Save

image

  • Select Automatic so that the protection is automatically applied when the condition matches. You can change the default policy tip wording if you wish.
  • I can now save the Label

image

  • Next I am going to add the label to my global policy for all users.
  • Select Policies
  • Click on the global policy

image

  • Choose Add or Remove Label
  • Tick “Internal Only” or whatever you named your label
  • Click Ok
  • Click Save

image

End User Experience

I am now going to open Word on a device which has the Azure Information Protection client installed. I created a blank document and typed “T67 Services” (which was my condition) and then saved the document. As you can see the document was automatically labelled with “Internal Only”.

image

It is not only documents which can apply a label. You can also do this for emails. I am going to create an email and label this as internal only and send to my personal gmail account

image

image

As expected I am unable to view the message as I am not part of the T67 Services tenant

image

Thanks for reading my first AIP Post, I will be covering a range of AIP Scenarios in a series of posts.


Jake Stoker

Jake Stoker

Enteprise Mobility + Security SME