SlideShare a Scribd company logo

From classification to protection of your data, secure your business with azure information protection - Ottawa

Joris Faure, profile picture
Joris Faure

The document discusses Azure Information Protection, focusing on concepts like data classification, encryption, and the use of rights management to secure sensitive data. It highlights the integration of Azure services with Microsoft applications and provides details on managing identities and access controls in a business environment. Additionally, it addresses the necessity for organizations to protect data from unauthorized access and comply with regulatory requirements.

Technology
1 of 27
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
aOS 2017Tournée Canadienne Fueled by Québec Montréal Ottawa Toronto 6 Février 7 Février 8 Février 10 Février
From classification to protection of your data, secure your business with Azure Information Protection Joris Faure Joris FAURE – MVP Enterprise Mobility Microsoft Solution Manager at SII CANADA ca.linkedin.com/in/jorisfaure @faurejoris
Thank you !
faurejoriswww.It-channels.com Identity Overview Introduction to Azure Information Protection • Conceptually… • RMS • Azure Information Protection Live Demonstration • Azure Information Protection SUMMARY
faurejoriswww.It-channels.com Identity at Microsoft Forefront Microsoft Identity Manager Identity Management Automatisation, based on rules, of identities (accounts, groups, access) Azure Active Directory Connect Identity Management between Active Directory and Azure Active Directory Azure Information Protection RMS Classification and Protection of documents Apply persistent protection within company documents: Messaging, SharePoint, Office AD Federation Services Identity Federation Allows the SSO application in web mode for the services supporting the SAML protocol
faurejoriswww.It-channels.com Introduction challenge • You have a perimeter • You have devices to manage • Your business requires sharing sensitive data out of your control for B2B / B2C Reduce leakage of shared data with others (B2B collaboration) Isolation of sensitive data from unauthorized users Prevention of malicious workers from leaking secrets Comply with regulatory requirements 96% 94% 89% 87% Source -Microsoft
faurejoriswww.It-channels.com Azure Information Protection Locating RMS in my information systems security project DRM : Digital Rights Management VS DLP : Data Loss Prevention Digital signature of documents (Encryption) Example : AD RMS : Active Directory Rights Management Services / Azure RMS Consists of monitoring the events of the infrastructure Example : Digital Guardian Document classification is the important requirement of a DRM or DLP project ! ! !
faurejoriswww.It-channels.com Azure Information Protection • Information Technology Protection • Data Encryption • Transport of the right of use within the document • Prevents -> Protects against information leakage • Based on security policies • AD RMS is an infrastructure  Leverages Active Directory for identities and groups  Integration with the Microsoft environment • SharePoint • Exchange • Office • Azure RMS is a cloud service offered in Office 365 • Azure Information Protection is a cloud service offered in Office 365
faurejoriswww.It-channels.com Azure Information Protection Microsoft – RMS Offer AD RMS (Active Directory Rights Management Services) Azure RMS Infrastructure On-Premise – Windows Server 2012 R2 (Office, PDF… Gigatrust) Infrastructure Cloud – Office 365 (Multiple extensions - protected file [pfile]) Windows Vista SP2 minimum Windows 7 minimum (SP1) / Some version of Linux (Ubuntu 14.04 / OpenSUSE 13.2 / CentOS 7) Compatible with a minimum version of Office 2007 Compatible Office 2010 minimum throught RMS / AIP sharing application Mobility: Windows RT / iOS / Android / Windows Phone Mobility: Windows RT / iOS / Android / Windows Phone Classification : File Classification Infrastructure (FCI) Classification : Azure Information Protection (AIP)
faurejoriswww.It-channels.com Azure Information Protection Important : Using the Azure RM service with a local infrastructure ( Exchange, SharePoint …) requires deploying the RMS connector on the target infrasturcure The RMS Connector– Hybrid Infrastrcture
faurejoriswww.It-channels.com Azure Information Protection RMS Connector Windows Azure Active Directory Synchronization Tool Exchange 2010/2013 Azure RMS Microsoft RMS Connector SharePoint 2010/2013 Active Directory
faurejoriswww.It-channels.com YOUR Authandcollab Topology Source -Microsoft
faurejoriswww.It-channels.com Sensitive data is never sent to Rights Management Noneprotectedcontent RMS Source -Microsoft
faurejoriswww.It-channels.com Azure Information Protection Protection of Documents and Emails Data Encryption Decryption of Data by Authorized Persons Rights: - Reading/modification - Printing - Transfer Protects source : - User - Automatic Centralized Safety Policy Workflow RMS
faurejoriswww.It-channels.com Azure Information Protection Based on security policies Manual mode Automatic mode Integrated mode  Use a template : « Reading for all the employees »  Specify manually rights  Administration of templates since the server RMS or Azure RMS (centralization of the administration)  Use of FCI (File Classification Infrastructure) for the application of the automatic templates (local)  Use of Azure Information Protection (cloud)  Deployment of templates on the applications (Office, Exchange) and/or Azure Information Protection  SharePoint :  The protection RMS is automatically applied  Rights RMS Rights SharePoint  Use of the application Microsoft Sharing App  Use of Azure Information Protection
faurejoriswww.It-channels.com Azure Information Protection Supplying a platform of holistic, agile, complète and flexible data protection for the enterprise of today  Classification Labelling Protection Orchestration
faurejoriswww.It-channels.com Azure Information Protection Integration with Microsoft Office apps • By a plug-in (current version) : Microsoft Azure Information Protection • Will be integrated in the SDK RMS (Azure IP SDK) in the future to benefit to all integrated applications (enlightened) • Classification of the data based on the sensibility and the addition of labels – manually or automatically – at the time of the creation or at the time of the modification. • Encryption of critical data and definition of rights of user if necessary. • Simple application of the protection without interrupting the normal course of work. Take advantage of policies for the set of the controls to be applied • You can define a set of policies through the Azure Information Protection • Policies define if a model RMS must be applied • Encryption of the data + rights of user for the persons concerned • Policies applied to the information by Azure Information Protection can be automatically applied to the data or as recommendation which the users decide to apply or not. Follow-up of the use of the information and the revocation of so necessary data • You have access to a detailed follow-up and reports to see what takes place with the data shared for some more of control.
faurejoriswww.It-channels.com Automatic classification based on content • Policies applied to information by Azure Information Protection can be automatically applied to data or as a recommendation for users to apply it to data • You can replace a classification and may be required to provide justification User-initiated content classification • Conversely, with Azure Information Protection, a user can choose to apply a label himself to the document, hence a classification. This allows it to apply visual marks and control who has access to content through RMS templates as defined in the policy. SECRET CONFIDENTIAL INTERNAL NON RESTRICTED PERSONAL Labels(setofkeysandvalues)areaddedasmultiplemetadataentriestofiles(insidefilesandin thefilesystem) ThelabelsareinplaintextsothatothersystemslikeaDLPenginecanreadit Authentification Retrievepolicies(occurswheneveranOfficeinstanceisstarted) .RetrievesRMScertificatesand templates,theURLoftheURLserviceis referencedinthepolicy Azure Information Protection
faurejoriswww.It-channels.com DEMO • Review of Azure RMS • Azure Information Protection • Tracking • …
faurejoriswww.It-channels.com Azure Information Protection https://portal.aadrm.com/home/download Minimum compatibility Work station  Windows 7 (SP1)  OS X 10.6.6 Mobile Devices  Windows Phone  iOS (iPhone / iPad / iPad Touch)  Android
faurejoriswww.It-channels.com Azure Information Protection … by defining directly a protection selected by the user. The application allows to protect documents based on company policy security or ...
faurejoriswww.It-channels.com Azure Information Protection Live document's activity report XXX
faurejoriswww.It-channels.com Azure Information Protection Stay in control !  Document's activity report  List of authorized people  Opening date of the document  Geographic location of document opening  Alert when opening is denied…
faurejoriswww.It-channels.com Azure Information Protection Limitations
faurejoriswww.It-channels.com Any Questions ?
Thank you !
faurejoriswww.It-channels.com Technical Blog To go further… Technical Blog – Azure section / RMS available http://it-channels.com MicrosoftTechNetDocumentation http://technet.microsoft.com/en-us/dn175751 MicrosoftMSDNDocumentation http://msdn.microsoft.com/en- us/library/windows/desktop/dn223672(v=vs.85).aspx BlogsGroupeproduitMicrosoftRMS http://blogs.technet.com/b/rms/ http://blogs.msdn.com/b/rms/

More Related Content

PDF
Protect your data in / with the Cloud
GWAVA
 
PPTX
Azure information protection
Kjetil Lund-Paulsen
 
PDF
Azure Information Protection
Robert Crane
 
PDF
Microsoft Azure Rights Management
David J Rosenthal
 
PDF
SPSNL17 - Secure Collaboration: Start classifying, labeling, and protecting y...
DIWUG
 
PPTX
[IGNITE2018] [BRK2495] What’s new in Microsoft Information Protection solutio...
☁️ Gustavo Magella
 
PPTX
Global Azure Bootcamp 216 - Azure Rights Management
Riwut Libinuko
 
PPTX
What's New in Microsoft Rights Management Services
UL Transaction Security
 
Protect your data in / with the Cloud
GWAVA
 
Azure information protection
Kjetil Lund-Paulsen
 
Azure Information Protection
Robert Crane
 
Microsoft Azure Rights Management
David J Rosenthal
 
SPSNL17 - Secure Collaboration: Start classifying, labeling, and protecting y...
DIWUG
 
[IGNITE2018] [BRK2495] What’s new in Microsoft Information Protection solutio...
☁️ Gustavo Magella
 
Global Azure Bootcamp 216 - Azure Rights Management
Riwut Libinuko
 
What's New in Microsoft Rights Management Services
UL Transaction Security
 

What's hot (20)

PPTX
NIC 2017 Did you like Azure RMS? You will like Azure Information Protection e...
Morgan Simonsen
 
PPTX
Cloud Based Rights Management with Azure RMS
Morgan Simonsen
 
PDF
Information protection & classification
David De Vos
 
PPTX
Azure security and Compliance
Karina Matos
 
PPTX
EMS Diagram Click Through Web
Eric Inch
 
PDF
Microsoft 365 Security and Compliance
David J Rosenthal
 
PDF
Azure information protection_datasheet_en-us
Kjetil Lund-Paulsen
 
PDF
Secure Your Cloud Environment with Azure Active Directory (AD)
WinWire Technologies Inc
 
PDF
One name unify them all
BizTalk360
 
PPTX
Overview of Microsoft Enterprise Mobility & Security(EMS)
Radhakrishnan Govindan
 
PPTX
Enterprise Mobility+Security Overview
Chris Genazzio
 
PPTX
SPS Geneva - Azure information protection
Albert Hoitingh
 
PPTX
Securing your Azure Identity Infrastructure
Vignesh Ganesan I Microsoft MVP
 
PDF
Secure Productive Enterprise from Microsoft and Atidan
David J Rosenthal
 
PDF
SCOM 2007 & Audit Collection Services
OlivierMichot
 
PPTX
Make your Azure PaaS Deployment More Safe
Thuan Ng
 
PDF
Microsoft EMS Enterprise Mobility and Security Architecture Poster
Ammar Hasayen
 
PPTX
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...
Morgan Simonsen
 
PPT
Security As A Service
guest536dd0e
 
PPTX
Intro to Office 365 Security & Compliance Center
Craig Jahnke
 
NIC 2017 Did you like Azure RMS? You will like Azure Information Protection e...
Morgan Simonsen
 
Cloud Based Rights Management with Azure RMS
Morgan Simonsen
 
Information protection & classification
David De Vos
 
Azure security and Compliance
Karina Matos
 
EMS Diagram Click Through Web
Eric Inch
 
Microsoft 365 Security and Compliance
David J Rosenthal
 
Azure information protection_datasheet_en-us
Kjetil Lund-Paulsen
 
Secure Your Cloud Environment with Azure Active Directory (AD)
WinWire Technologies Inc
 
One name unify them all
BizTalk360
 
Overview of Microsoft Enterprise Mobility & Security(EMS)
Radhakrishnan Govindan
 
Enterprise Mobility+Security Overview
Chris Genazzio
 
SPS Geneva - Azure information protection
Albert Hoitingh
 
Securing your Azure Identity Infrastructure
Vignesh Ganesan I Microsoft MVP
 
Secure Productive Enterprise from Microsoft and Atidan
David J Rosenthal
 
SCOM 2007 & Audit Collection Services
OlivierMichot
 
Make your Azure PaaS Deployment More Safe
Thuan Ng
 
Microsoft EMS Enterprise Mobility and Security Architecture Poster
Ammar Hasayen
 
NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...
Morgan Simonsen
 
Security As A Service
guest536dd0e
 
Intro to Office 365 Security & Compliance Center
Craig Jahnke
 
Ad

Similar to From classification to protection of your data, secure your business with azure information protection - Ottawa (20)

PPTX
Agile IT EMS webinar series, session 1
AgileIT
 
PDF
Azure in education (office365 summit)
Remco Ploeg
 
PPTX
Azure Cloud Services
Kajal Kathrotiya
 
PPTX
Securely Harden Microsoft 365 with Secure Score
Joel Oleson
 
PPTX
Understanding Microsoft Teams Security & Compliance features and plan for Gov...
Ravikumar Sathyamurthy
 
PPTX
Azure Compute, Networking and Storage Overview
Azure Riyadh User Group
 
PPTX
Prestashop and Azure
Vito Flavio Lorusso
 
PDF
Spca2014 navigating clouds sp_con14_mackie
NCCOMMS
 
PPTX
EMS-HPT Template-v.1.0
Huy Pham
 
PPT
Securing Sensitive Data in Your Hybrid Cloud
RightScale
 
PDF
MMS 2015: What is ems and how to configure it
Peter Daalmans
 
PDF
Security Features of different Cloud Service Models: A Review
AM Publications,India
 
PPTX
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
SPS Paris
 
PPTX
What is Microsoft Enterprise Mobility Suite and how to deploy it
Peter De Tender
 
PDF
CSS17: Houston - Azure Shared Security Model Overview
Alert Logic
 
PDF
Securing Red Hat workloads on Azure - Summary Presentation
Principled Technologies
 
PDF
June 2020 Microsoft 365 Need to Know Webinar
Robert Crane
 
PDF
AZ-900 Summary with all information that
FadiAlkanani1
 
PDF
MTUG - På tide med litt oversikt og kontroll?
Olav Tvedt
 
PPTX
Why Power BI is the right tool for you
Marcos Freccia
 
Agile IT EMS webinar series, session 1
AgileIT
 
Azure in education (office365 summit)
Remco Ploeg
 
Azure Cloud Services
Kajal Kathrotiya
 
Securely Harden Microsoft 365 with Secure Score
Joel Oleson
 
Understanding Microsoft Teams Security & Compliance features and plan for Gov...
Ravikumar Sathyamurthy
 
Azure Compute, Networking and Storage Overview
Azure Riyadh User Group
 
Prestashop and Azure
Vito Flavio Lorusso
 
Spca2014 navigating clouds sp_con14_mackie
NCCOMMS
 
EMS-HPT Template-v.1.0
Huy Pham
 
Securing Sensitive Data in Your Hybrid Cloud
RightScale
 
MMS 2015: What is ems and how to configure it
Peter Daalmans
 
Security Features of different Cloud Service Models: A Review
AM Publications,India
 
I1 - Securing Office 365 and Microsoft Azure like a rockstar (or like a group...
SPS Paris
 
What is Microsoft Enterprise Mobility Suite and how to deploy it
Peter De Tender
 
CSS17: Houston - Azure Shared Security Model Overview
Alert Logic
 
Securing Red Hat workloads on Azure - Summary Presentation
Principled Technologies
 
June 2020 Microsoft 365 Need to Know Webinar
Robert Crane
 
AZ-900 Summary with all information that
FadiAlkanani1
 
MTUG - På tide med litt oversikt og kontroll?
Olav Tvedt
 
Why Power BI is the right tool for you
Marcos Freccia
 
Ad

More from Joris Faure (20)

PDF
Comment réussir sa gouvernance dans office 365 - SPS Montréal 2019
Joris Faure
 
PDF
Office 365 : Collaborez en toute sécurité - Collab Montréal 2018
Joris Faure
 
PDF
Microsoft Identity Protection -- MITPro Montreal
Joris Faure
 
PDF
Vous avez dit identite hybride ! -- SharePoint saturday montreal 2017
Joris Faure
 
PDF
La fédération d'identité, quels avantages pour mon SharePoint -- Montreal
Joris Faure
 
PDF
De la classification à la protection de vos données, sécurisez votre entrepri...
Joris Faure
 
PDF
Configuration de mim pour la synchronisation des profils avec microsoft share...
Joris Faure
 
PDF
Configuration de MIM pour la synchronisation des profils avec Microsoft Share...
Joris Faure
 
PDF
Protéger vos données grâce à microsoft rms - Marocco SharePoint Days 2016
Joris Faure
 
PDF
Office 365 hybride - Marocco SharePoint Days 2016
Joris Faure
 
PDF
La fédération d'identité, quels avantages pour mon SharePoint - Marocco Share...
Joris Faure
 
PDF
Office 365, retour client ! - 2SeeU
Joris Faure
 
PDF
Office 365 hybride, et si on parlait retour d’expériences ! - Global Azure Bo...
Joris Faure
 
PDF
Retour d'expérience environnement hybride - Groupe d'usagers SharePoint Montréal
Joris Faure
 
PDF
MDM & RMS une protection totale, sortez couvert! - SPS Montréal
Joris Faure
 
PDF
Découvrez les concepts de MDM Office 365 & Intune - Evoluday
Joris Faure
 
PDF
Osez faire le premier pas vers office 365 hybridez vous! - yOS Tour Lyon
Joris Faure
 
PDF
La protection des données avec microsoft rms
Joris Faure
 
PPTX
Office 365 hybride - Swiss SharePoint Club
Joris Faure
 
PDF
Présentation de la protection des données dans SharePoint - Global Conférence...
Joris Faure
 
Comment réussir sa gouvernance dans office 365 - SPS Montréal 2019
Joris Faure
 
Office 365 : Collaborez en toute sécurité - Collab Montréal 2018
Joris Faure
 
Microsoft Identity Protection -- MITPro Montreal
Joris Faure
 
Vous avez dit identite hybride ! -- SharePoint saturday montreal 2017
Joris Faure
 
La fédération d'identité, quels avantages pour mon SharePoint -- Montreal
Joris Faure
 
De la classification à la protection de vos données, sécurisez votre entrepri...
Joris Faure
 
Configuration de mim pour la synchronisation des profils avec microsoft share...
Joris Faure
 
Configuration de MIM pour la synchronisation des profils avec Microsoft Share...
Joris Faure
 
Protéger vos données grâce à microsoft rms - Marocco SharePoint Days 2016
Joris Faure
 
Office 365 hybride - Marocco SharePoint Days 2016
Joris Faure
 
La fédération d'identité, quels avantages pour mon SharePoint - Marocco Share...
Joris Faure
 
Office 365, retour client ! - 2SeeU
Joris Faure
 
Office 365 hybride, et si on parlait retour d’expériences ! - Global Azure Bo...
Joris Faure
 
Retour d'expérience environnement hybride - Groupe d'usagers SharePoint Montréal
Joris Faure
 
MDM & RMS une protection totale, sortez couvert! - SPS Montréal
Joris Faure
 
Découvrez les concepts de MDM Office 365 & Intune - Evoluday
Joris Faure
 
Osez faire le premier pas vers office 365 hybridez vous! - yOS Tour Lyon
Joris Faure
 
La protection des données avec microsoft rms
Joris Faure
 
Office 365 hybride - Swiss SharePoint Club
Joris Faure
 
Présentation de la protection des données dans SharePoint - Global Conférence...
Joris Faure
 

Recently uploaded (20)

PDF
Hybrid model detection and classification of lung cancer
IAESIJAI
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PDF
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
PDF
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
A Presentation on Touch Screen Technology
memembruh336
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PDF
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
Hybrid model detection and classification of lung cancer
IAESIJAI
 
Encapsulation theory and applications.pdf
gurumoop
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
Approach and Philosophy of On baking technology
30anthuong17
 
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
A Presentation on Touch Screen Technology
memembruh336
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 

From classification to protection of your data, secure your business with azure information protection - Ottawa

  • 1. aOS 2017Tournée Canadienne Fueled by Québec Montréal Ottawa Toronto 6 Février 7 Février 8 Février 10 Février
  • 2. From classification to protection of your data, secure your business with Azure Information Protection Joris Faure Joris FAURE – MVP Enterprise Mobility Microsoft Solution Manager at SII CANADA ca.linkedin.com/in/jorisfaure @faurejoris
  • 4. faurejoriswww.It-channels.com Identity Overview Introduction to Azure Information Protection • Conceptually… • RMS • Azure Information Protection Live Demonstration • Azure Information Protection SUMMARY
  • 5. faurejoriswww.It-channels.com Identity at Microsoft Forefront Microsoft Identity Manager Identity Management Automatisation, based on rules, of identities (accounts, groups, access) Azure Active Directory Connect Identity Management between Active Directory and Azure Active Directory Azure Information Protection RMS Classification and Protection of documents Apply persistent protection within company documents: Messaging, SharePoint, Office AD Federation Services Identity Federation Allows the SSO application in web mode for the services supporting the SAML protocol
  • 6. faurejoriswww.It-channels.com Introduction challenge • You have a perimeter • You have devices to manage • Your business requires sharing sensitive data out of your control for B2B / B2C Reduce leakage of shared data with others (B2B collaboration) Isolation of sensitive data from unauthorized users Prevention of malicious workers from leaking secrets Comply with regulatory requirements 96% 94% 89% 87% Source -Microsoft
  • 7. faurejoriswww.It-channels.com Azure Information Protection Locating RMS in my information systems security project DRM : Digital Rights Management VS DLP : Data Loss Prevention Digital signature of documents (Encryption) Example : AD RMS : Active Directory Rights Management Services / Azure RMS Consists of monitoring the events of the infrastructure Example : Digital Guardian Document classification is the important requirement of a DRM or DLP project ! ! !
  • 8. faurejoriswww.It-channels.com Azure Information Protection • Information Technology Protection • Data Encryption • Transport of the right of use within the document • Prevents -> Protects against information leakage • Based on security policies • AD RMS is an infrastructure  Leverages Active Directory for identities and groups  Integration with the Microsoft environment • SharePoint • Exchange • Office • Azure RMS is a cloud service offered in Office 365 • Azure Information Protection is a cloud service offered in Office 365
  • 9. faurejoriswww.It-channels.com Azure Information Protection Microsoft – RMS Offer AD RMS (Active Directory Rights Management Services) Azure RMS Infrastructure On-Premise – Windows Server 2012 R2 (Office, PDF… Gigatrust) Infrastructure Cloud – Office 365 (Multiple extensions - protected file [pfile]) Windows Vista SP2 minimum Windows 7 minimum (SP1) / Some version of Linux (Ubuntu 14.04 / OpenSUSE 13.2 / CentOS 7) Compatible with a minimum version of Office 2007 Compatible Office 2010 minimum throught RMS / AIP sharing application Mobility: Windows RT / iOS / Android / Windows Phone Mobility: Windows RT / iOS / Android / Windows Phone Classification : File Classification Infrastructure (FCI) Classification : Azure Information Protection (AIP)
  • 10. faurejoriswww.It-channels.com Azure Information Protection Important : Using the Azure RM service with a local infrastructure ( Exchange, SharePoint …) requires deploying the RMS connector on the target infrasturcure The RMS Connector– Hybrid Infrastrcture
  • 11. faurejoriswww.It-channels.com Azure Information Protection RMS Connector Windows Azure Active Directory Synchronization Tool Exchange 2010/2013 Azure RMS Microsoft RMS Connector SharePoint 2010/2013 Active Directory
  • 13. faurejoriswww.It-channels.com Sensitive data is never sent to Rights Management Noneprotectedcontent RMS Source -Microsoft
  • 14. faurejoriswww.It-channels.com Azure Information Protection Protection of Documents and Emails Data Encryption Decryption of Data by Authorized Persons Rights: - Reading/modification - Printing - Transfer Protects source : - User - Automatic Centralized Safety Policy Workflow RMS
  • 15. faurejoriswww.It-channels.com Azure Information Protection Based on security policies Manual mode Automatic mode Integrated mode  Use a template : « Reading for all the employees »  Specify manually rights  Administration of templates since the server RMS or Azure RMS (centralization of the administration)  Use of FCI (File Classification Infrastructure) for the application of the automatic templates (local)  Use of Azure Information Protection (cloud)  Deployment of templates on the applications (Office, Exchange) and/or Azure Information Protection  SharePoint :  The protection RMS is automatically applied  Rights RMS Rights SharePoint  Use of the application Microsoft Sharing App  Use of Azure Information Protection
  • 16. faurejoriswww.It-channels.com Azure Information Protection Supplying a platform of holistic, agile, complète and flexible data protection for the enterprise of today  Classification Labelling Protection Orchestration
  • 17. faurejoriswww.It-channels.com Azure Information Protection Integration with Microsoft Office apps • By a plug-in (current version) : Microsoft Azure Information Protection • Will be integrated in the SDK RMS (Azure IP SDK) in the future to benefit to all integrated applications (enlightened) • Classification of the data based on the sensibility and the addition of labels – manually or automatically – at the time of the creation or at the time of the modification. • Encryption of critical data and definition of rights of user if necessary. • Simple application of the protection without interrupting the normal course of work. Take advantage of policies for the set of the controls to be applied • You can define a set of policies through the Azure Information Protection • Policies define if a model RMS must be applied • Encryption of the data + rights of user for the persons concerned • Policies applied to the information by Azure Information Protection can be automatically applied to the data or as recommendation which the users decide to apply or not. Follow-up of the use of the information and the revocation of so necessary data • You have access to a detailed follow-up and reports to see what takes place with the data shared for some more of control.
  • 18. faurejoriswww.It-channels.com Automatic classification based on content • Policies applied to information by Azure Information Protection can be automatically applied to data or as a recommendation for users to apply it to data • You can replace a classification and may be required to provide justification User-initiated content classification • Conversely, with Azure Information Protection, a user can choose to apply a label himself to the document, hence a classification. This allows it to apply visual marks and control who has access to content through RMS templates as defined in the policy. SECRET CONFIDENTIAL INTERNAL NON RESTRICTED PERSONAL Labels(setofkeysandvalues)areaddedasmultiplemetadataentriestofiles(insidefilesandin thefilesystem) ThelabelsareinplaintextsothatothersystemslikeaDLPenginecanreadit Authentification Retrievepolicies(occurswheneveranOfficeinstanceisstarted) .RetrievesRMScertificatesand templates,theURLoftheURLserviceis referencedinthepolicy Azure Information Protection
  • 19. faurejoriswww.It-channels.com DEMO • Review of Azure RMS • Azure Information Protection • Tracking • …
  • 20. faurejoriswww.It-channels.com Azure Information Protection https://portal.aadrm.com/home/download Minimum compatibility Work station  Windows 7 (SP1)  OS X 10.6.6 Mobile Devices  Windows Phone  iOS (iPhone / iPad / iPad Touch)  Android
  • 21. faurejoriswww.It-channels.com Azure Information Protection … by defining directly a protection selected by the user. The application allows to protect documents based on company policy security or ...
  • 23. faurejoriswww.It-channels.com Azure Information Protection Stay in control !  Document's activity report  List of authorized people  Opening date of the document  Geographic location of document opening  Alert when opening is denied…
  • 27. faurejoriswww.It-channels.com Technical Blog To go further… Technical Blog – Azure section / RMS available http://it-channels.com MicrosoftTechNetDocumentation http://technet.microsoft.com/en-us/dn175751 MicrosoftMSDNDocumentation http://msdn.microsoft.com/en- us/library/windows/desktop/dn223672(v=vs.85).aspx BlogsGroupeproduitMicrosoftRMS http://blogs.technet.com/b/rms/ http://blogs.msdn.com/b/rms/