Microsoft Azure Information Protection

Persistent information security – anytime, anywhere – is the best protection for your sensitive data information. Classify data based on sensitivity and apply persistent data protection to your most critical assets. Enable safe sharing of sensitive data inside and outside of your organization. Gain visibility and control over shared data.

Microsoft Azure Information Protection

Azure Information Protection (AIP) is a cloud-based solution that allows companies to classify, label, and protect documents and e-mails. This can be done automatically by administrators who define the rules and conditions, manually by users, or a combination where users are given recommendations.

The protection technology uses encryption, identity, and authorization policies. Similar to the persistent labels, protection that is applied by using Rights Management remains with the documents and e-mails, regardless of location – within or outside the organization, networks, file servers, and applications. This information protection solution keeps you in control of your data, even when it is shared with other people.

Microsoft Azure Information Protection

Keyon service

As a certified Microsoft EMS partner, Keyon provides comprehensive advice and turnkey solutions.

  • Comprehensive and expert advice based on a standardized approach
  • Consulting related to the introduction and use of classification guidelines
  • Efficient provision of a proof of concept (PoC)
  • Conceptual design and integration of the solution
  • Support in all stages of the project

Your benefits

Better protection of your confidential information – anytime, anywhere

  • Classify data based on sensitivity
    Policies classify and label data at time of creation or modification based on source, context, and content. Classification with Azure Information Protection is fully automatic, driven by users, or based on recommendation.
  • Protect data at all times
    Embed classification and protection information for persistent protection that follows your data – ensuring it remains protected regardless of where it’s stored or who it’s shared with.
  • Secure collaboration with others
    Share data safely with coworkers as well as customers and partners. Define who can access data and what they can do with it – such as allowing to view and edit files but not print or forward.
  • Add transparency and control
    Track activities on shared data and revoke access if necessary. Your IT team can use powerful logging and reporting to monitor, analyze, and reason over data.
  • Ease of use
    Data classification and protection controls are integrated into Microsoft Office and common applications to secure the data you’re working on with one click. In-product notifications such as recommended classification help users make right decisions.
  • Deployment and management flexibility
    Help protect your data whether it’s stored in the cloud or in on-premises infrastructures. You have the flexibility to choose how your encryption keys are managed, including Bring Your Own Key (BYOK) options.

Bring your own key (BYOK)

By creating your tenant key on your premises, in line with your IT policies and security policies, and keeping the master copy on your premises in a hardware security module (HSM), you gain complete control over your tenant key.

Thales enhances security by providing HSMs that feature a hardened, tamper-resistant environment for secure cryptographic processing on behalf of multiple Microsoft applications. The trustworthiness of cryptographic operations also depends on a strong supporting key management process.

Thales nShield Edge

For more information about the portable Thales nShield Edge HSM and how it is used to secure customers’ keys as part of Microsoft Azure Key Vault see the attached product briefs and white papers. Keyon assists you with the planning, integration, and support of the Thales HSMs.