Tuesday, September 10, 2019

How to use Sensitivity sublabels to protect information between groups inside a tenant.

Some companies have pretty strict boundaries that should make it possible for individual groups to secure information from the other groups. In my example we have 4 project groups that lives in the same tenant, and they can share quite a bit, but they also have certain types of information they want to keep from the others. This could for instance be used for internal projects where information is confidential etc.

Monday, September 9, 2019

Protecting Exchange Online email with mail flow rules (Office 365 Message Encryption).

You may not have setup AIP, but still want to protect some of your emails automatically. If you have an Office 365 E3 (or higher) license you can use Encrypt and Do Not Forward rules to protect your emails.

Monday, August 12, 2019

Things you may want to consider as you “migrate” your AIP labels to sensitivity labels.

I have done a few posts on Unified labeling, and after reading this amazing blog post from Microsoft, I was left with a feeling that there was nothing more to say about Unified labeling. This post covered so much. Still, there are a couple of things you might want to consider before migrating your labels to sensitivity labels.

Wednesday, June 26, 2019

The user-friendly Information Protection blog post.

The other day I had a thought: How about a blog post about Information Protection for people who are completely new to it? I sometimes hear that one of the things people like about blogs is that they take complicated information and makes it easier to understand and that has always been my ambition with this blog. I’m not claiming to have done that, but points for trying right? 

Tuesday, June 25, 2019

Enterprise Mobility + Security. A licensing blog post.

“If you have built castles in the air, your work need not be lost; that is where they should be. Now put the foundations under them.”

The great Henry David Thoreau released Walden in 1854 about something completely different of course, but I am taking the liberty to use this quote in a cloud computing context.

In almost every project I am in, I get this one question: Should we choose EM+S E3 or EM+S E5? And it really is a good question. The license cost is almost double in E5, and yet, the two licenses seems to contain a lot of the same stuff. Most of the time I can tell the customer what is gained by going for E5, but let’s look at some of the important differences here. Licensing can be extremely confusing, and Microsoft is in no way the worst company here. 

Tuesday, June 18, 2019

An interview about security

In this interview I try to answer some questions about security. As you can probably see, the term cyber security is used here, although I have tried to be clear that I mostly work with information Security and not cyber security. 

Wednesday, April 24, 2019

How Microsoft Information Protection (AIP) protects data

Most of these blog posts are created from questions I receive from customers and participants in my Information Protection workshops, and this is no different. There are always questions on how data is protected, what kind of encryption is used, if Microsoft can read the data and so on, so I wanted to try to clarify some of these things here. This is intended for those of you who are new to AIP and encryption, and for deep dives into cryptography there are way better sources out there.

Tuesday, April 23, 2019

Azure Information Protection and Unified labeling

If you are working with Microsoft Information Protection (MIP) chances are you have heard the term Unified labeling. If you have been working with AIP, you have probably heard or seen references to activating unified labeling. 

Wednesday, April 10, 2019

What is MIP? (Microsoft Information Protection)

I think most of us who have been working with Microsoft cloud (Azure) have heard about MIP, but not everyone knows what it is, because this question comes up more often than one should think, based on how much information has been released about it since last Ignite. Some have asked me if MIP is just AIP (Azure Information Protection) renamed, but this is not the case. 

Tuesday, March 12, 2019

Monday, March 11, 2019

Add your own sensitive info types to use in sensitivity labels

As you probably know Microsoft has provided us with a list of predefined sensitivity types that follows us around wherever we can configure labels etc. It is getting better and better as more types are added, but we may not find all the types we would need for a setup, and that's why I want to show you how you can add your own sensitivity types.

Wednesday, March 6, 2019

How to work with a mix of AIP P1 and P2 licenses

Just to get this out of the way: Yes, there are several ways to license AIP. You can get it through AIP license (P1/P2), Enterprise Mobility + Security license (E3/E5), the rather new Information and Compliance policy and also some Office 365 licenses. Just think of my references to P2 as the “upgraded basic” (P2/E5 etc.) 

Tuesday, March 5, 2019

What happens to protected content if I delete an AIP label?

Just a short blog post today. What happens to protected content if you delete a label? Yes, that is a question I have been asked a few times. Will I lose access to the protected content if the label that has protected it is deleted? That would be pretty bad right?

Monday, March 4, 2019

Azure Information Protection client and portal confusion

As many of you know there are now two places to create labels (Azure Portal and Office 365 Security portal) and we also have two different AIP clients. One client for each portal really, one of them is the good old AIP client that we know from earlier, and then there is another: The AIP client with Unified Labeling.

Wednesday, January 2, 2019

AIP in the Azure portal

One of my first (and most read) blog posts was AIP – Policies, Labels, templates and protection explained.

The thing is, AIP has changed so much, it really isn't as useful as it once was back in the day (close to a year ago). Not only have the views changed, but it has become (as I see it at least) easier. I thought we should just take a quick look at how things look in the Azure portal these days.

End of support for the Rights Management sharing application

The Rights Management sharing application for Windows has been around for a while, and maybe some of you out there are still using it? Then it is time to do something about that. On January 31st, 2019 the application has it’s end of support. 

Friday, November 30, 2018

Tuesday, November 27, 2018

Migrate labels from the Azure Portal to Office 365 Security & Compliance Center

For those of us who has done a lot of AIP work in the Azure Portal, or just want to move labels from the Azure portal to Unified labels in the Security & Compliance Center, this might help to do the actual migration.

Monday, November 19, 2018

Unified Labeling, and migration of labels to the Office 365 Security and Compliance center.

After Ignite, there has been some interest around changing the way we work with labels and protection. Many of us may want to to do our work in Office 365 Security & Compliance Center, which may seem to be where Microsoft is putting in their effort. 

Tuesday, October 16, 2018

How to start your AIP project with only a selected group of users.

I am sometimes asked if AIP needs to be visible to all users, and usable by all users when customers are starting a PoC or just want to play around with the security settings in AIP. 

Friday, September 28, 2018

Microsoft Information Protection (MIP). Yet another abbreviation you need to know about?

If you are following the news from Ignite, you might have heard the abbreviation MIP. Forget AIP. The big news is MIP someone said to me. Sounds a little dramatic right? Is AIP really dead? Well, to calm down everyone who has invested time and effort into AIP: MIP is not taking over for AIP, it is rather a new umbrella that includes AIP and a lot of other security solutions. It can be seen as a new step in the evolution of Microsoft’s overall information protection strategy. 

Friday, September 21, 2018

Creating a scoped Policy and linking it to a label.

In my previous posts I have mentioned scoped policies a few times. The policy that is included from the start and that will be available for everyone default is the Global Policy. Sometimes that will be all you need, but there are situations where protecting content for groups of people, like the HR department for instance, will be required.

Tuesday, September 18, 2018

The AIP Scanner, licensing, usage and more.

Previously I have promised that I would write a post about the AIP scanner, how it is installed and more, but the good installation guides from Microsoft rendered this kind of unnecessary.

Friday, September 14, 2018

Some updates of the previous blogposts

Trying to keep up with cloud solutions is not at all like back in the day when we got a new server version every few years. Updates are happening all the time, and some of the things I wrote earlier has now been changed so much that I will say something about the updates here. 

Error messages when applying labels with the Azure Information Protection client.

This post describes some of the issues I have had/seen with the AIP Client and Office. Usually everything works well, and you can just start using the labels, but when things go wrong, it is not alway easy to see why. 

Friday, February 16, 2018

AIP – Policies, Labels, templates and protection explained

As simple as AIP can be, it can also become really confusing. All this talk about labels, policies, scoped policies, templates and protection can seem a bit hard to grasp at first, but I will try to simplify it here.

How to use Sensitivity sublabels to protect information between groups inside a tenant.

Some companies have pretty strict boundaries that should make it possible for individual groups to secure information from the other gro...