With the explosion of digital technology that allows new forms of collaboration, companies of all sizes are facing growing needs to protect their sensitive information. At the same time, these companies must safely share the same information among the appropriate collaborators.
Azure Information Protection provides the ability to create and consult protected content present in your collaboration spaces. Thanks to this solution, you can protect your sensitive information better by simply applying classifications and access permissions ...
Live demos will be offered to further understand the interactions. To try it is to adopt it!
Speaker : Joris Faure
2. From classification
to protection of your
data, secure your
business with Azure
Information
Protection Joris Faure
Joris FAURE – MVP Enterprise
Mobility
Microsoft Solution Manager at SII
CANADA
ca.linkedin.com/in/jorisfaure
@faurejoris
5. faurejoriswww.It-channels.com
Identity at Microsoft
Forefront Microsoft
Identity Manager
Identity Management
Automatisation, based on rules, of identities (accounts, groups, access)
Azure Active
Directory Connect
Identity Management between Active Directory and Azure Active Directory
Azure Information
Protection
RMS
Classification and Protection of documents
Apply persistent protection within company documents: Messaging,
SharePoint, Office
AD Federation
Services
Identity Federation
Allows the SSO application in web mode for the services supporting the SAML
protocol
6. faurejoriswww.It-channels.com
Introduction
challenge
• You have a perimeter
• You have devices to manage
• Your business requires sharing sensitive data out of
your control for B2B / B2C
Reduce leakage of shared data with others (B2B
collaboration)
Isolation of sensitive data from unauthorized
users
Prevention of malicious workers from leaking
secrets
Comply with regulatory requirements
96%
94%
89%
87%
Source -Microsoft
7. faurejoriswww.It-channels.com
Azure Information Protection
Locating RMS in my information systems security project
DRM : Digital Rights
Management
VS DLP : Data Loss Prevention
Digital signature of documents (Encryption)
Example :
AD RMS : Active Directory Rights Management
Services / Azure RMS
Consists of monitoring the events of the
infrastructure
Example :
Digital Guardian
Document classification is the important requirement of a DRM or DLP project ! ! !
8. faurejoriswww.It-channels.com
Azure Information Protection
• Information Technology Protection
• Data Encryption
• Transport of the right of use within the document
• Prevents -> Protects against information leakage
• Based on security policies
• AD RMS is an infrastructure
Leverages Active Directory for identities and groups
Integration with the Microsoft environment
• SharePoint
• Exchange
• Office
• Azure RMS is a cloud service offered in Office 365
• Azure Information Protection is a cloud service offered in Office 365
9. faurejoriswww.It-channels.com
Azure Information Protection
Microsoft – RMS Offer
AD RMS (Active Directory Rights Management Services) Azure RMS
Infrastructure On-Premise – Windows Server 2012 R2
(Office, PDF… Gigatrust)
Infrastructure Cloud – Office 365
(Multiple extensions - protected file [pfile])
Windows Vista SP2 minimum Windows 7 minimum (SP1) / Some version of Linux
(Ubuntu 14.04 / OpenSUSE 13.2 / CentOS 7)
Compatible with a minimum version of Office 2007 Compatible Office 2010 minimum throught RMS / AIP
sharing application
Mobility: Windows RT / iOS / Android / Windows Phone Mobility: Windows RT / iOS / Android / Windows Phone
Classification : File Classification Infrastructure (FCI) Classification : Azure Information Protection (AIP)
14. faurejoriswww.It-channels.com
Azure Information Protection
Protection of
Documents and Emails
Data Encryption
Decryption of Data by
Authorized Persons
Rights:
- Reading/modification
- Printing
- Transfer
Protects source :
- User
- Automatic
Centralized Safety
Policy
Workflow RMS
15. faurejoriswww.It-channels.com
Azure Information Protection
Based on security policies
Manual mode Automatic mode Integrated mode
Use a template : « Reading for all
the employees »
Specify manually rights
Administration of templates since
the server RMS or Azure RMS
(centralization of the
administration)
Use of FCI (File Classification
Infrastructure) for the application
of the automatic templates (local)
Use of Azure Information
Protection (cloud)
Deployment of templates on the
applications (Office, Exchange)
and/or Azure Information
Protection
SharePoint :
The protection RMS is
automatically applied
Rights RMS Rights
SharePoint
Use of the application Microsoft Sharing App Use of Azure Information Protection
17. faurejoriswww.It-channels.com
Azure Information Protection
Integration with Microsoft Office apps
• By a plug-in (current version) : Microsoft Azure Information Protection
• Will be integrated in the SDK RMS (Azure IP SDK) in the future to benefit to all integrated applications (enlightened)
• Classification of the data based on the sensibility and the addition of labels – manually or automatically – at the time of the creation or
at the time of the modification.
• Encryption of critical data and definition of rights of user if necessary.
• Simple application of the protection without interrupting the normal course of work.
Take advantage of policies for the set of the controls to be applied
• You can define a set of policies through the Azure Information Protection
• Policies define if a model RMS must be applied
• Encryption of the data + rights of user for the persons concerned
• Policies applied to the information by Azure Information Protection can be automatically applied to the data or as recommendation
which the users decide to apply or not.
Follow-up of the use of the information and the revocation of so necessary data
• You have access to a detailed follow-up and reports to see what takes place with the data shared for some more of control.
18. faurejoriswww.It-channels.com
Automatic classification based
on content
• Policies applied to information by Azure Information Protection
can be automatically applied to data or as a recommendation
for users to apply it to data
• You can replace a classification and may be required to provide
justification
User-initiated content
classification
• Conversely, with Azure Information Protection, a user can
choose to apply a label himself to the document, hence a
classification. This allows it to apply visual marks and control
who has access to content through RMS templates as defined
in the policy.
SECRET
CONFIDENTIAL
INTERNAL
NON RESTRICTED
PERSONAL
Labels(setofkeysandvalues)areaddedasmultiplemetadataentriestofiles(insidefilesandin
thefilesystem)
ThelabelsareinplaintextsothatothersystemslikeaDLPenginecanreadit
Authentification
Retrievepolicies(occurswheneveranOfficeinstanceisstarted)
.RetrievesRMScertificatesand
templates,theURLoftheURLserviceis
referencedinthepolicy
Azure Information Protection
27. faurejoriswww.It-channels.com
Technical Blog
To go further…
Technical Blog – Azure section / RMS available
http://it-channels.com
MicrosoftTechNetDocumentation
http://technet.microsoft.com/en-us/dn175751
MicrosoftMSDNDocumentation
http://msdn.microsoft.com/en-
us/library/windows/desktop/dn223672(v=vs.85).aspx
BlogsGroupeproduitMicrosoftRMS
http://blogs.technet.com/b/rms/
http://blogs.msdn.com/b/rms/