In my previous post, Benefits of Data Classification, I covered the foundation of data classification.  In this post, I’ll highlight how data classification (labels) can be applied to documents and how you can configure them in Office 365.

Why would you want to classify your data?

As my previous post pointed out “Consistent use of data classification will facilitate more efficient business activities, and lower the costs of ensuring adequate information security.  By classifying data, your organization can prepare to identify the risk and impact of an incident based upon what type of data is involved.”

Most recently, I have been working with Microsoft Azure Information Protection (AIP) to classify and protect data in Office 365. AIP provides classification, labeling, and protection for documents and emails stored in your organization.  Azure Rights Management service (Azure RMS) is the protection technology, and is a component of Azure Information Protection. More information about Azure Information Protection can be found here.

What are Labels?

In AIP, a classification label is used to identify data based on its level of sensitivity and the impact to your business.  Most common sensitivity levels are categorized as restricted, confidential, official use, and public.

AIP can apply labels (classify) to documents and e-mails. The current supported file types for classification according to Microsoft are listed below.  However, in my experience and images use in this post were all done with Office 2016.  Visit this page for the latest information on supported file types.

  • Adobe Portable Document Format: .pdf
  • Microsoft Visio: .vsdx, .vsdm, .vssx, .vssm, .vsd, .vdw, .vst
  • Microsoft Project: .mpp, .mpt
  • Microsoft Publisher: .pub
  • Microsoft Office 97, Office 2010, Office 2003: .xls, .xlt, .doc, .dot, .ppt, .pps, .pot
  • Microsoft XPS: .xps .oxps
  • Images: .jpg, .jpe, .jpeg, .jif, .jfif, .jfi.png, .tif, .tiff
  • Autodesk Design Review 2013: .dwfx
  • Adobe Photoshop: .psd
  • Digital Negative: .dng

Let’s take a look at how AIP can be used by users and administrators.

Classifying Your Documents

Users can assign predefined or customized labels manually or AIP can automatically apply a default label, depending on the version of AIP deployed with Office 365 (automatic classification requires AIP Plan 2).

This image shows the default labels from AIP that users can apply to their document from within Microsoft Word.

AIP Client Labels

 

I added a few customized and sub-level labels to the existing default ones.  You can modify the pre-existing ones as well.

AIP Customized Client Labels

You can even configure the labels to display in different languages based on your Office client.  In the image below, I configured my labels to display in Spanish.

AIP Client Labels Spanish

Configuring a default label to be applied to documents and e-mails is as simple as clicking the On or Off switch.

AIP Auto Classify2

How are Labels Created?

From Azure Information Protection Admin Portal, you can administer how labels are published to your users.  These are the default and custom labels I created.

AIP Labels

You can also scope or target labels for users or groups.  Just an example, I created a specific label for one of the users in the tenant.

AIP Scoped Policy

As you can see from the above image, all the labels are marked as ‘Global’ with the exception of one sub-label ‘Partners’ where it’s marked as ‘Ben Walters Only’.  All users will see the ‘Global’ labels, but only Ben will see the additional label.  Obviously, you would want to scope your policies to target multiple users or groups.

These are some of the features in Azure Information Protection.  I will cover more features in my next post.

Advertisements