Skip to content

Enterprise Mobility + Security


With an exponential increase in the number of data breaches and regulations such as EU-GDPR, we all feel the urgency to work towards a holistic information protection strategy. We’ve been on a journey with our information protection offerings and vision over the years. You may have noticed our focus broadening from just Azure Information Protection as the primary data protection technology to a more comprehensive set of information protection capabilities across Microsoft.

We shared this vision in our Ignite session – Protecting complete data lifecycle using Microsoft information protection capabilities. In this session, we demonstrated some of the experiences that we’ll be enabling in near future. Today, we’re excited to share the general availability and preview of some of these capabilities that help you to protect your data regardless of where it lives or travels. We’ve also made tremendous progress in unifying the labeling experience across the Azure Information Protection and Office 365 Security and Compliance Center. Watch these capabilities in action in this video.

Today, we’re making the following key announcements:

  • General availability of Azure Information Protection scanner
  • Preview of native labeling of Word, PowerPoint, and Excel files on Mac
  • Preview of unified labeling and protection schema in Office 365 and Azure Information Protection
  • Preview of Information Protection SDK for labeling and protection
  • Preview on native labeling of files in SaaS apps with integration of Azure Information Protection and Microsoft Cloud App Security
  • Preview of Information Protection administrator role

Let’s take a deeper look at these new releases and enhancements.

General availability of Azure Information Protection scanner

You may have a significant amount of data in your on-premises repositories such as File Servers and on-premises SharePoint Servers. Understanding what types of data you have and whether it needs protection can be a challenge. It’s also critical to have this insight if you’re planning to migrate this data to cloud or working towards compliance with regulations such as EU-GDPR. At Ignite, we announced the public preview of Azure Information Protection scanner that helps you discover, classify, label and protect your existing on-premises data. Our customers and partners provided us with tremendous feedback that helped shape the scanner.

We’re excited to share that the feature is now generally available to all our customers. Learn how to get started with the scanner by following our technical documentation. Visit Azure Information Protection licensing datasheet for FAQs on scanner licensing.

Preview of native labeling support for Word, PowerPoint, and Excel files on Mac

Our vision for Information Protection is to provide you with simple and usable experiences for Classification, Labeling and Protection in your favorite applications across all device platforms. Building on our efforts to support non-Microsoft platforms, we’re announcing that we’re coming into preview of native labeling capability for Word, PowerPoint, and Excel documents on Mac. With this preview, you can apply the same labeling and protection that you are used to with AIP client on Windows, now on Mac.

We believe this will unblock many scenarios that require labeling and protection of data on Mac platform, usher a new wave of Information Protection in your organization.

Here’s a snapshot of how the interface will look like on Mac devices.

Preview of unified labeling and protection schema in Office 365 and Azure Information Protection

To provide a unified experience in creating and using labels in various scenarios, we’re excited to introduce the preview of a unified labeling schema across the Azure Information Protection and Office 365 Security and Compliance Center. Learn more about this update in the Office 365 Tech community blog.

Preview of information protection SDK for labeling and protection

As you know, our vision is to make the classification, labeling and protection (CLP) capabilities integrated with all your Microsoft and non-Microsoft application and services. We have been working on bringing to life the Information Protection platform as an SDK for our partner ecosystem that can provide the same level of labeling and protection support that internal Microsoft developers can utilize.

We are pleased to announce today that now this SDK is available in preview form on Windows, Mac, and Linux platforms. As seen above, Office Mac uses the same SDK, so does Microsoft Cloud App Security. Using this SDK, you can now label and protect content in a way that works with the rest of Microsoft services like Office 365, AIP scanner, AIP client, or Microsoft Cloud App Security.

We’ve already been working with many partners who are integrating these capabilities into the applications that they build. We hope to announce these integrations shortly.

Preview on native labeling of files in SaaS apps with integration of Azure Information Protection and Microsoft Cloud App Security

We’re constantly strengthening the integration between Azure Information Protection and Microsoft Cloud App Security to enable new scenarios and extend information protection to data in cloud apps. To that effect, we recently announced the public preview of native labeling capability for files in SaaS apps.

Learn more about this in the Microsoft Cloud App Security blog.

Preview of Information Protection administrator role

In order to provide more granular security role management and following the high demand from the customers, we have added a new Azure AD role named Information Protection Administrator that can manage Azure Information Protection policies, labels and protection templates using Azure portal or RMS PowerShell.

This role is introduced in addition to existing roles of Global Admins and Security Admin that can already manage Azure Information Protection, but unlike these roles, Information Protection Admins members do not get any additional management permissions on other Azure services except query Azure AD users and groups. Using this role will enable you to delegate Azure Information Protection policies management without granting any other permissions in Azure AD.

You can add users to this role using “Directory role” definitions in the Azure Active Directory, or by using Add-MsolRoleMember PowerShell command:

We hope this helps you with your testing, planning, and deployments and we welcome your commentary and feedback. We also know this can be a lot to absorb, and we are here to help! Engage with us on Yammer or Twitter and let us know what’s important to you by voting on UserVoice!

It really is very easy to get started with AIP. We have a lot of information available to help you, from great documentation to engaging with us via Yammer and e-mail. What are you waiting for? Get to it!

Additional information

  • Sign up here to experience the preview features
  • Watch an overview of Microsoft’s information protection capabilities
  • Download the Azure Information Protection client from our Download Center
  • Start a trial and kick the tires
  • Learn more about Information Protection
  • Get deep technical and scenario documentation