Even tho Azure Information Protection is included within the EMS package i would recomend using the Office 365 Unified Labeling insted.
Those labels which can be eather Sensitivity or Retention labels and capabilities comes with in the Office 365 E3 or Office 365 E5 license.
Why should you use Unified labels you say?
Well, in my opinion you should keep it as simple as posible for your users therefore by embracing the Unified labels within Office 365 users don`t have to think about using a labeling client to manage their labels. Unified labels are built into Office applications both web and installed ones and also embeded into the mobile applications. That meaning users can label on any device with application.
When using Azure Information Protection internal IT department of your company need to roll out the AIP Client to all machines and drawbacks here is that web applications and mobile applications are not eligable for this client.
So!
Start with creating some labels from Security & Compliance center and play arround crating watermarks, encryption and deploy to test users at first to be able to test your policies.
Head into https://protection.office.com/ and navigate to “Classifications -> Sensitivity labels” and from her create a new label
Follow through with the wizard
And when going through the Wizard you need to take some descisions on what the policy should do.
- Encryption
- Yes or no and what permissions should be set automatically to your files.
- Should the access to the file expire on a givven date or days after encryption
- Allow offline access to files could be convenient for some.
- Should the content be watermarked?
- Add DLP policy from the Entpoint (Windows Information protection WIP).
- Use this label to protect
Office365 groups (Teams and SharePoint sites also)
- Here you can choose if the created SharePoint site, Teams or Office 365 Group should be have restricted access from unmanaged devices and such.
- Use Autolable based on
conditions
- This feature require E5
- You can automatically lable documents with for example Norwegian passport number is written in a document.
Thats it! You have created your first label – quite easy.
But before going big-scale you need to evaluate how your company should label documents. General, Confidential, Higly confidential and so on.
My best tip there is to create a table on the labels you think you need and describe the “rules” of when to apply the labels. Like financial data should maybe be labels highly confidential while some company flyers should have “General”.
S for Security in EMS – Overview
Part 1 – S for Security in EMS – Azure AD Premium
Part 2 – S for Security in EMS – Information Protection
Part 3 – S for Security in EMS – Microsoft Intune
Part 4 – S for Security in EMS – Advanced Threat Analytics
Part 5 – S for Security in EMS – Cloud App Security
