Last year, Microsoft acquired Israeli information protection company Secure Islands, explaining at the time that the company's technology would soon be integrated with Azure Rights Management Service to work alongside the data classification capabilities of Office 365 and Windows. Today, just a few months after this acquisition, Microsoft is introducing Azure Information Protection, a new service that combines Microsoft Azure Rights Management and Secure Islands' technology to makes it simpler to classify and protect information, even as it travels outside of an organization.
In a blog post on the company's Enterprise Mobility and Security Blog, Microsoft Partner Director for Information Protection Dan Plastina explains that as sensitive information can sometimes escape a company's corporate network through all the employees' devices, Microsoft wants to enable secure productivity in the enterprise through an "identity-driven approach to security":
In this new approach, protecting employee identity is the foundation of how Microsoft on-premises products and cloud services help you secure and manage devices, apps and data. Enterprise Mobility Suite is a great example of this, and Azure Information Protection is yet another example of this identity-driven approach to security.
If you're not familiar with it, the Enterprise Mobility Suite is Microsoft's cloud solution built to deliver apps and data access across all devices to allow employees to work securely on any device. The new Azure Information Protection is a complementary solution which will allow companies to define how their employees can classify their documents and emails during their work, track where sensitive documents are traveling and more. Plastina shared the full list of capabilities below:
- Classify, label and protect data at the time of creation or modification. Use policies to classify and label data in intuitive ways based on the source, context and content of the data. Classification can be fully automatic, user-driven or based on a recommendation. Once data is classified and labeled, protection can be applied automatically on that basis.
- Persistent protection that travels with your data. Classification and protection information travels with the data. This ensures that data is protected at all times, regardless of where it is stored, with whom it is shared, or if the device is running iOS, Android or Windows.
- Enable safe sharing with customers and partners. Share data safely with users within your organization as well as with external customers and partners. Document owners can define who can access data and what they can do with it; for example, recipients can view and edit files, but they cannot print or forward.
- Simple, intuitive controls help users make the right decisions and stay productive. Data classification and protection controls are integrated into Office and common applications. These provide simple one-click options to secure data that users are working on. In-product notifications provide recommendations to help users make the right decisions.
- Visibility and control over shared data. Document owners can track activities on shared data and revoke access when necessary. IT can use logging and reporting to monitor, analyze and reason over shared data.
- Deployment and management flexibility. Protect data whether it is stored in the cloud or on-premises, and choose how your encryption keys are managed with Bring Your Own Key options.
You can watch the above video to know more about the solution, and Plastina added that current Azure RMS customers will "continue to use the same capabilities with no change to their service until the General Availability of Azure Information Protection later this calendar year". Lastly, a public preview of Azure Information Protection will be available next month and you can already sign up to preview the service.Further reading: Azure, Azure Information Protection, Enterprise Mobility Suite, Microsoft, Security