Microsoft Officially unifies labeling across Office 365 and Azure IP

Yesterday, after months of “preview testing”, Microsoft announced the “General Availability” (GA) of their Azure Information Protection (AIP) unified labeling client.

Sorry remind me – what is AIP?

Azure Information Protection (AIP) is a Microsoft 365 cloud-based solution that helps organisations to protect their data and information through the classification, labeling and (optionally), encryption of the data. AIP applies to a vast range of document types and emails data.  Labels can be applied automatically by administrators or SecOps who define rules and conditions, manually by your users, or a combination where users are given recommendations as to what labels to apply.

Example of recommended classification for Azure Information Protection

So what has changed in this update?

If you’ve been using labelling in Office 365 for things like DLP in the past you’ll know that this labelling has always been different to the labelling and classification service which is part of Azure Information Protection causing some pain and potential conflict between deifferent data and information labelling across the two services.

This GA release has now brought these together resulting in a completely integrated and unified labeling platform to eliminate managing labels in both the Azure portal and the Office 365 Security & Compliance Center.

The AIP unified labeling client gets its configuration (labels and polices) from the Office 365 Security & Compliance Center like all other Microsoft Information Protection workloads, including built in labeling in across the Office applications for Mac, iOS, and Android.

Microsoft say that this new release contains substantial new features from the original AIP client, including the manual and automatic labeling and exciting new features that are supported only for unified labeling, such as custom sensitive information types, dictionaries and complex conditions (AND/OR) that dramatically improve automation capabilities and reduce false positive rates.

Moving forward….

Microsoft’s advice is that for any organisation just starting their deployment and use of AIP are advised to start with the new unified labeling client and the Office 365 Security & Compliance Center to “enjoy” the unified client and admin experience.

From here on, new features will only be made available in the AIP unified labeling client.

But there is a but….. Since the new Unfied Client is not currently at full “feature parity” with old AIP client, organisations that require any of the features that are still not supported in the new AIP unified labeling client, for example “user defined permissions”, should start with the AIP client and upgrade these clients to the unified labeling client once the required features are released.

Microsoft does support “mixed environments” on the same environment which means you can run the AIP client and scanner, and the AIP unified labeling client on different devices at the same time. Additionally, Microsoft promises that the AIP unified labeling supports a seamless upgrade from the old AIP client.

How do I get it?

Complete release information for these two clients are available from Mcirosoft here: AIP client version history and the AIP unified labeling client version history.

More information about the AIP unified labeling client can be found in this Mcirosoft blog post.

You can download both AIP client versions from here.

Leave a Reply