According to my understanding, Microsoft Information Protection is a unified solution which consists and collaborates with the information protection solutions which are already available in the Microsoft market such as Azure Information protection, Windows Information Protection, and Office 365 Information protection. Microsoft Information Protection is a complete suite to protect sensitive data throughout the lifecycle – inside and outside the organization. My objective of this post is to identify the Microsoft strategy behind information protection and how we can leverage that to protect our organization's sensitive data and data leakage.
Microsoft Information Protection helps to discover the data and classify according to its sensitivity level. This data then tagged according to its sensitivity using labeling. According to the label, Information protection can protect your sensitive information wherever it lives or travels.
You can keep track of your data, monitor it who have accessed and when required, revoke the access. And doesn't depend on a device, app or location. It supports the protection across all these areas.
What should be considered as Information Protection
- Device Protection
Protect system and data when the device is stolen or lost
- Data Separation
Containment, Data separation - Corporate data and Personal data
- Leak Protection
Prevent unauthorized users and apps from accessing and leaking data
- Sharing Protection
Protect data when sharing with others, or shared outside of organizational devices and control.
Following image expresses how Microsoft solutions such as Bit locker, WIP, AIP and Office 365 protection aligns with Information protection concepts.
Microsoft Information Protection – Unified Protection solutions
Microsoft Information Protection is a Unified solution where it integrates Information protection solutions Microsoft already has in the market, such as Office 365 Information Protection, Windows Information Protection, and Azure Information Protection. It brings these solutions into one surface where you can manage, monitor and apply policies using a single console. I found this nice slide from Microsoft Ignite which describes it all.
- Office 365 Information Protection - Classify and protect data within Office 365 emails and SharePoint documentation
- Windows Information Protection - Windows Information Protection helps to protect against potential information leakage without otherwise interfering with the user experience. WIP also helps to protect enterprise apps and information against accidental information leakage on enterprise-owned, corporate-owned, and employee-owned devices (BYOD) without requiring changes to your environment or other apps.
- Azure Information Protection - Azure Information Protection helps protect sensitive information across cloud services and for on-premises environments. With AIP, you can classify and label information based on sensitivity and create different levels of protection and visual markings (such as encryption and watermarking).
Unified Labeling with Microsoft Information Protection
Information Protection life cycle consists of Discover, Classify, Protect and Monitor. After Classifying the data, it needs to be labeled to apply protection policies. Unified Classification and Labeling enable a single point of the label when shared across these other applications so you don’t need to classify data on other solutions. This can be applied from the Office 365 console when shared with other services. In an example, these protection policies can be used in Windows Information Protection and Azure Information Protection.
Configure and manage labels across apps and services in Office, Azure, and Windows – all from the Security & Compliance Center
Uniform content classification to protect and preserve data across Office, Azure, Windows
Consistent across M365 & extensible to 3rd party
Consistent integration and experience across M365 apps & services. Extensible to 3rd party apps & solutions.
Additional – Microsoft Information Protection Capabilities
Additionally, you can refer the following table where Microsoft released in a whitepaper to demonstrate the capabilities on how Microsoft products help to protect information across devices, applications, and locations.