AIP should be used by all companies to protect their valuable documents and e-mail as has been shown these last years with massive leaks of documents from several companies.
What is AIP? It brings you the possibilities to classify documents with appropriate labels regarding which content the document contain. The labels can be customized to enable that only users in your domain is able to read the content or a specific person.
AIP uses the existing Azure Rights Management which is already integrated with cloud services Office 365 and Azure Active Directory, data is protected by encryption, identity and authorization policies.
What can be done with AIP? Start by setting a policy and choose if is for the whole tenant or for a specific group. In the policy settings it is possible to set how the labels are presented to the users, as an example if the users need to choose a policy to send an e-mail.
Then start by defining what types of labels and sub-labels that is needed in the organization. Microsoft has a standard of Personal, Public, Confidential, Highly Confidential and General labels. As an example, we can make a sub-label for Highly Confidential that automatically is chosen when a user writes a personal identification number or a credit card number.
There the e-mail is only possible to read for a day and who can read the e-mail, it can be the recipient of the mail or a group of users that is configured for this label. This would protect the confidential info from getting in to the wrong hands.
A useful tool is using the Azure RMS Portal where you can track your protected documents and see where in the world the document has been opened or how it has been shared. As a global admin it is possible to track all the documents from your organization and revoke access if the document has gotten in to the wrong hands.
How do you get to use AIP? A licensing of Enterprise Mobility and Security E3 or a subscription of Office 365 that includes Azure Rights Management.