Azure information Protection (AIP) is a cloud-based classification system that offers organizations the ability to set an array of protection limits to documents and emails by applying labels. Please refer to Microsoft's documentation for more information on AIP and AIP labels.
All AIP labels are created and managed in the Microsoft Compliance center. Do note that your tenant must have either Azure Information Protection P1 license or Office 365 E3/E5 licenses (you do not need both).
Note: There are labels; that define which resources have restricted, protected access, and there are label policies; where you define who can see and apply the labels you have created. The label policy pushes out the restrictions configured in the label to certain M365 Groups
Once at the home screen of the Microsoft Compliance center, click on the Information Protection located on the left side of the screen. You are now in the correct location to begin creating labels for your organization (Figure 1).
You will need to create a name and tooltip for the label. You'll be required to enter the following information (Figure 2):
Once the tooltip and label are created, you will need to define the scope for your label. The purpose of this step is to define what type of content the label can be applied to (Figure 3). The two available options are:
In this tutorial, we are going to focus on the Files & emails definition.
Next, you will be configuring the settings for encrypting files & emails. Additionally, this step accounts for setting contenting marking (watermark, header, footer) should your organization require the settings (Figure 4).
Note: content marking is optional, but may be recommended for highly confidential data.
You can leave your Configure encryption settings as default for most cases unless you need any of the following:
This step allows for the configuration of content marketing policy settings. The settings can be configured either by watermark, header, or footer (Figure 6).
After policy settings have been set, you will be prompted to set permissions on labels to either:
For example, the screenshot below shows the settings in a highly confidential protection label recommending the user of the label because a US bank account number was found within the document (Figure 7).
Lastly, review your new sensitivity label to ensure that all settings are correct. Once you've reviewed and confirmed all settings are correct, select Create label (Figure 8).
You have now successfully created an Azure Information Protection label. Please note that users in your organization will not be able to view or apply this label to their content until you have created a Label policy.
Learn how to create a Label policy in our next article.