In the second part, we will check the Azure Information Protection Client Install guide
The Azure Information Protection client includes the following:
- An Office add-in, that installs the Azure Information Protection bar for users to select classification labels.
- Windows File Explorer, right-click options for users to apply classifications labels and protection to files.
- A viewer to display protected files when a native application cannot open it.
- A PowerShell module to apply and remove classification labels and protection from files. This module also includes cmdlets to install and configure the Azure Information Protection scanner that runs as a service on Windows Server. This service lets you discover, classify and protect files on data stores such as network shares and SharePoint Server libraries.
- The Rights Management client that communicates with Azure Rights Management (Azure RMS) or Active Directory Rights Management Services (AD RMS)
Example showing the Azure Information Protection client add-in for an Office application, displaying the classification labels for an organization, and the new Protect button on the ribbon:
There are two options for installing the client for users:
- Run the executable (.exe) version of the client. This method has the most flexibility and it is recommended because the installer checks for many of the prerequisites, and can automatically install missing prerequisites.
- Deploy the Windows installer (.msi) version of the client: Supported for silent installs only that use a central deployment mechanism, such as group policy, Configuration Manager and Microsoft Intune.
Enabling the AIP:
- Office 365 admin center – requires Global Administrator account
Navigate to the rights management page from the admin centre: Settings > Services & add-ins > Microsoft Azure Information Protection > Manage Microsoft Azure Information Protection settings. On the right management page, click activate. A prompt will appear with the message: “Do you want to activate Right Management?” click to the activate button.
- Azure Portal – does not require Global Administrator account
On the Home page start typing Information in the Search box. Select Azure Information Protection. On the sidebar select Protection activation and click to the Activate button, and then Confirm your action.
Configure and deploy classification and labelling
After we confirmed that the protection service is activated we will define the labelling structure. The current labelling structure has been already reviewed and defined based on the specified criteria. AIP will be configured based on the following classification and labelling design.
From the Azure Information Protection, menu select the Classifications > Labels menu option and Click Add a new label.
- Enabled: On
- Label Display Name: Public data
- Description: Public data does not contain any personal data.
Sample Data (not an exhaustive list): public web sites, press releases, public newsletters and other similar information.
- Color: Green
- Set permissions for documents and emails containing this label: Not configured
- Set visual marking (such as header or footer)
- Documents with this label have a header: Off
- Documents with this label have a footer: Off
- Documents with this label have a watermark: Off
- Configure conditions for automatically applying this label: no condition set
- Add notes for administrator use: This is a production Label, handle with care.
When you use sub-labels, don’t configure visual markings, protection, and conditions at the primary label. When you use sublevels, configure these setting on the sub-label only. If you configure these settings on the primary label and its sublabel, the settings at the sublabel take precedence.