Microsoft inside track #5: label changes improve information protection & security

Microsoft inside track #5: improved data security

Security is an ongoing concern for all of us in IT, so it’s great to see some previously signposted improvements to labels coming to fruition. 

You may well be familiar with Azure Information Protection (AIP): a cloud-based service which can classify, track and protect documents and emails with labels. The aim of AIP is to provide control of the data that is critical to your business, with a platform to maintain control – for example, to stop sensitive documents being emailed outside the business. Labels can be applied automatically, following rules defined by administrators, or manually by users. AIP is part of the Enterprise Mobility + Security (EMS) suite, so many organisations will already be licenced for this, while many more are likely to become so on the back of Azure Active Directory (AD) and/or Intune use.

Microsoft has advised for some time of the intention for Unified Labelling to be its key focus, with Microsoft products and services that require classification and protection capabilities now moving to this unified approach. AIP Labels will be going End of Life, and Microsoft is providing customers with a one-year deadline to migrate away: all customers will need to migrate to Unified Labelling. Fortunately, the process is relatively simple and can be phased in.

With the move to Unified Labels, management of labels is moving from the Azure Portal, to the new Security Center. The Security Center was previously called the Security & Compliance Center, but this has now been separated into its own dedicated portal.

I wanted to highlight some of the improvements and new features coming to unified labelling.

Firstly, labels can now natively be applied from all Office apps without the need for a separate installation of the AIP client. There are currently some features which do not currently work unless you have the AIP client, but this functionality gap is reducing and is on Microsoft’s roadmap to remove.

Then, co-authoring will be introduced this month for files in OneDrive/SharePoint Online which have labels which apply encryption. Currently any files in OneDrive/SharePoint Online that are labelled cannot make use of co-authoring, and can also not be opened in the web browser.

This feature will first be released for Office Online apps to allow co-authoring of protected documents, with support in the desktop apps releasing later in 2020. It is a key improvement, as this has been an important challenge for customers introducing Microsoft 365 functionality such as OneDrive and SharePoint Online alongside AIP.

These changes to Information Protection labels highlight the importance that the Security Center has as a central portal for all security management across the infrastructure. I say infrastructure and not tenant because, in fact, Information Protection can also protect your on-premises file servers.

Security can be a complicated business, but I think Microsoft is choosing a good path in providing sufficient features and granularity, while still keeping everything manageable.

In this blog series I’ve tried to summarise some of the many new services and improvements Microsoft is introducing. Clearly this is an area of consultancy expertise for us, but I don’t want to make this a sales pitch. If you want to explore if any of the technologies I’ve discussed might benefit your organisation, we’d be happy to help. Most customers find a workshop best, since this enables them to see a live demonstration of the technology used in a scenario that’s relevant to them. To learn more, contact your account manager or contact us.

Missed parts 1, 2, 3 and 4 of the blog series? Read about the productivity benefits coming to Microsoft 365, the new Office app for tablets and smartphones, new features for Microsoft 365 and why it’s now Yammer time.