Inside 365 Business Premium: Azure Information Protection Plan 1

Published
Photo of a datacentre

Executive Summary

  • Our Inside 365 Business Premium offers a deep-dive into each of the features of the Microsoft 365 Business Premium subscription – especially those that may be lesser-known.
  • In this edition, we’re putting Azure Information Protection Plan 1 (AIP P1) under the spotlight.
  • Azure Information Protection P1 is a cloud-based file protection system which enables advanced real-time rights management to keep your data under lock and key — even if it’s offline.

Introduction

How does your business handle your sensitive or confidential data?

If you don’t work in a space which requires tight regulation of digital assets, it might not be something you’ve thought about before. But in an always-online digital world, the risk of sensitive files being compromised is ever present.

Whether it’s an email attachment or a physical file on a real-world USB drive, any file can be at risk once it leaves your company’s network. It’s here that Azure Information Protection P1 (AIP P1) comes into play.

In this extensive guide, we’ll tell you everything you need to know about AIP P1 and how it fits into the roster of Microsoft 365 Business Premium tools and services.

So, let’s get started.

What is Azure Information Protection Plan 1?

If you’re at all familiar with Microsoft 365, you’ll know that security is in its DNA, and nowhere is this clearer than with Azure Information Protection, or AIP.

So, what is AIP in practice? It’s a set of cloud-based technologies that allow you to classify and label your files based on their sensitivity, then control (or even revoke) access to these files, even when they’re offline, in a centralised way – but that’s just the start.

Azure Information Protection also offers:

  • The ability to apply access permissions on a per-file basis even if the file isn’t on your network. That means a file on a USB stick can have its permissions revoked retroactively, making it useless to anyone even if the drive is lost.
  • Features to prevent users from forwarding emails, editing, or even printing files.
  • Email encryption which can ‘black out’ the area of the screen containing an email if a user tries to screenshot it.

At its most basic level, AIP allows users to access files protected or encrypted by the system; at its most advanced, AIP users can encrypt their data, such as emails, using encryption so sophisticated that even Microsoft won’t be able to read it. As with most things, the best option for most people lies somewhere in the middle – and this is where Azure Information Protection Plan 1 enters the frame.

AIP Plan 1 is the version of AIP you’ll receive with a Microsoft 365 Business Premium subscription and we think it offers an excellent balance of cybersecurity protection for even the most sensitive of business files.

It’s worth noting here that you might have heard of AIP under various different names in the past, including the Azure Rights Management Service or simply Information Rights Management. All of these names have now been consolidated into a single umbrella known as Azure Information Protection.

How Azure Information Protection P1 works in practice

As with many Microsoft products, AIP is an incredibly sophisticated system, delivering data security solutions you won’t find anywhere else.

But with that sophistication also comes some complexity. Because the Get Support team is all about explaining things in straightforward plain English, we thought we’d break down the process of actually using Azure Information Protection P1 in the real world with your files.

Let’s look at an example of a workflow you might follow to incorporate AIP into your cybersecurity processes.

Step 1: Classifying and labelling your data

At its heart, AIP works by applying classifications and labels to your files. For example, you might label a file or email as ‘Public’, ‘General’, or even ‘Highly Confidential’.

There was a time when all of your files had to be labelled manually using a dedicated AIP client in order to make the most of the protection it offers. Mercifully, Microsoft now uses a unified labelling system which brings a core set of labels to the Microsoft 365 family of apps and services. This means, for example, that you’re able to label a document while working on it in Microsoft Word or typing an email in Microsoft Outlook.

Different label types can be applied to your files, including overall file classifications (applied to the file itself), visual elements in the file (such as headers / footers), or metadata.

Step 2: Setting up access control policies

Depending on your setup, you may want to actually set your policies prior to labelling your files, but the basics here are that AIP lets you add fine-grain access permissions and more.

The default labels provided by AIP with Microsoft 365 – ‘Public’, ‘Confidential’, etc. – can be edited in your admin panel to adjust who should have access, and which controls apply. So, for example, you could create a security group containing specific users within your company, then set your label policies so that only these users can access it. Furthermore, you can enable the other protection features – Do Not Forward, screen capture blocking, and so on – on a per-label basis.

The way you set this up is entirely up to you, but it’s essential to keep your files safe, even when they’re on the move. AIP uses file-level encryption to ensure that your most sensitive data is for your eyes only.

Step 3: Protecting and tracking files across their lifetime

Traditionally, once a file leaves your business premises, it’s essentially up to fate who can view it. If it’s on a USB stick, practically anyone with a laptop might be able to view it.

One of the big benefits of AIP is that you have control of your file access all the time, no matter where the files are. Access is granted via the Azure infrastructure sitting beneath Microsoft 365, so if a user tries to open a file, they’ll need to authenticate first before being granted access.

As your sensitive files are disseminated throughout your organisation, you’ll be able to track access logs – and revoke access if necessary – to any file you’ve labelled and classified via Azure Information Protection.

How to start using Azure Information Protection P1

As you may have noticed, there’s a lot of complexity when it comes to Azure Information Protection – and that complexity does indeed extend to the pricing and access models for the service.

Luckily, we’re here to simplify things a bit.

To start using the features we’ve covered here today, including labelling and classification, encryption, revocation of file access, and so on, you can simply sign up for Microsoft 365 Business Premium subscription. This will grant you access to Azure Information Protection Plan 1.

This plan starts at just £15.10 per user per month, with annual commitment, and represents one of the best value packages available to small businesses.

While Business Premium is our recommended route to start using AIP today, you can also gain access via a dedicated subscription at just £1.51 per user per month, or via an Enterprise 365 package – anything above Office 365 E3. All of that said, for most UK businesses, the simplest and most straightforward way to enjoy the benefits of AIP is via the Microsoft 365 Business Premium subscription.

Level-up your data protection with Microsoft 365 and Get Support

Whether you’re just getting started with a basic subscription to Microsoft 365, or still getting by with a standard business plan, this guide should offer some insight into what’s possible with Business Premium.

As you can see, the benefits to small businesses in terms of data protection alone are worth the cost of entry. Want to know what else Business Premium has to offer? Then check out the rest of our Inside 365 Business Premium series at the links below:

Once you’re ready to sign up for, or upgrade to, 365 Business Premium, get set up faster by talking to the Get Support team. Call us today on 01865 59 4000 or just fill in the form below.

Latest From The Blog

Microsoft 365 Copilot Wave 2: What You Need to Know

In September 2024, Microsoft announced Wave 2 of Microsoft 365 Copilot, and with it, lots of fresh new ways to supercharge your working day with AI.

Microsoft is Finally Killing the Control Panel… Or Is It?  

Microsoft is finally saying goodbye to the Control Panel in favour of the Settings app. But is there more to this story than meets the eye?

A Fond Farewell to Microsoft Publisher

After a 33-year career, Microsoft announced that Microsoft Publisher will finally reach end of life status in October 2026.