Azure Information Protection Review

Azure Information Protection (AIP) is a cloud-based document protection system by Microsoft. Its primary focus is to allow organisations to classify and protect user documents and emails, regardless of the location of the document. It allows organisations to share, collaborate and even publish documents in a managed manner with the ability to implement protection and tracking.


AIP has two key elements, Classification and Protection, which can be applied to documents or emails. Microsoft is expanding the capability of AIP to provide this functionality to classify and protect a wide range of document types (such as pdf, txt and jpg formats) and are ever increasing this capability.  


Classification allows businesses to define a document labelling structure that can be applied to all staff, departments or project groups. This classification structure allows the document creator to customise who the audience of the document should be or if the document even needs to be classified.


Viewed as the next generation of file security, protected documents can have finer restrictions such as viewing only, blocking copy and paste or not allowing 'save as' functions. From an end-user perspective, protected documents or emails can be restricted to allow specific users, departments, groups or whole organisations access to it, this can also be with people outside the organisation. It even allows document owners to revoke access, or for chosen end users, to define access to documents on creation (think of HR staff creating sensitive documents to share with individuals).


Document Protection in AIP utilises Azure Rights Management Service (RMS) technologies for encrypting documents and emails. This technology was introduced by Microsoft for Active Directory back with Windows Server 2003, so it’s a well-known technology. Azure RMS saves organisations from implementing this complicated technology on-premises. The benefit of using Azure RMS for encryption is the existence of a master key to decrypt documents. The integration with other Microsoft 365 services is also built in so the business can be alerted when sensitive information is being compromised.


Advanced protection features of AIP can automatically apply a classification label if key words or sensitive information types (e.g. employee numbers) are identified within a document or email. This is especially important if documents are located in Sharepoint, Teams or OneDrive.

Case studies

Related resources