Azure Information Protection Licencing

Azure Information Protection Licencing
Collection of the most important information related to the use and licensing of solutions using Azure Information Protection.

I will introduce issues on how to license Azure Information Protection itself. I will explain which Office365 plans include Azure Information Protection and which AiP licenses are required for each AiP functionality.

Most important facts about Azure Information Protection licensing

Access to information protected by AiP does not require any license.

Reading AiP secure messages and documents DOES NOT REQUIRE Azure Information Protection License.

Opening the file and reading the content does not require a license. The license requires modifying (removing, changing, assigning) AiP labels and configuring AiP’s operating principles. Any classification, label or protection change requires an Azure Information Protection P1 (if you manually change the label) or P2 (if you automatically apply the classification and label rules).

Explanation: For example, when the recipient of a message tries to access its content, AiP mechanisms verify that it is authorized to do so. This action does not require him to have an AiP license, he receives AiP processes support as a gift from the sender.

Displaying the label attached to the file requires an AiP license

File usage and security verification does not require a license, but if you want to display the label attached to the file, you must have the appropriate license.

Using the Azure Information Protection scanner

Generating a report only – requires Azure Information Protection P1 license

Collecting sensitive information and applying labels automatically – requires Azure Information Protection P1 license

Important:
Consider an example. All users use the same shared file repositories. They use a scanner for automatic classification. Therefore, all users need AiP P2 licenses. When the scanner finds sensitive information and automatically applies a label, the file owner should have a license. We do not know what information will be found in the repository and on which files the scanner will apply labels, so the owners of all files included in the scan should have P2 licenses

Important2:
A license is required from the owner of the document on which the label is automatically applied, not just from the person launching the scanner. Users who created content in the scanned repository must be licensed with Azure Information Protection P2.

Using AiP Client requires P1 or P2 license, using only native labeling environments (in Office applications) requires Office 365 E3 / E5 license

To manually apply labels using the native labeling environment built into Office applications (Word, Excel, PowerPoint, Outlook), users must have Azure Information Protection P1 / P2 or Office 365 E3 / E5 licenses (both licenses are not needed).

Explanation:
To apply labels using mechanisms embedded in Word, Excel, PowerPoint and Outlook, all you need is an Office 365 E3 license for manual classification or Office 365 E5 for automatic and recommended classification.
Instead of the Office 365 license, the user can have an Azure Information Protection P1 or P2 license, then no Office 365 license is required.

Azure Information Protection license plans

AiP for Office 365

Microsoft Azure Information Protection is included in the Office 365 Enterprise E3 plan and higher-level plans.

Functions:

  • Content Protection Exchange Online, SharePoint Online, OneDrive
  • No AiP client (only native functions of O365 application)
AiP Premium P1 (Included in EMS E3)

Provides additional rights to use local connectors, track and revoke shared documents, and allow users to manually classify and label documents.

Functions:

  • Manual classification and labeling
  • Protection of file formats other than Microsoft Office, including PTXT, PJPG and PFILE (general protection) – due to the need to have an AiP client
AiP Premium P2 (Included in EMS E5)

It is based on the Azure Information Protection Premium P1 service with automated and recommended classification, labeling and protection, and with rules-based rules.

Functions:

  • Automatic classification
  • Recommended classification – the function of recommending the use of the label

Azure Information Protection for Office365 in Office365 plans

Office365 SubscriptionIncludes Azure Information
Protection for Office 365
Office 365 Business Essentials No
Office 365 Business Premium No
Office 365 Enterprise No
Office 365 Education Yes
Office 365 Enterprise E3 Yes
Office 365 Education A3 Yes
Office 365 Government G3 Yes
Office 365 Developer No
Office 365 Enterprise E4 Yes
Office 365 Education A4 Yes
Office 365 Government G4 Yes
Office 365 Enterprise E5 Yes
Office 365 Education A5 Yes
Office 365 Enterprise F1 No
SharePoint Plan 1 No
SharePoint Plan 2 No
Exchange Online Plan 1 No
Exchange Online Plan 2 No

Azure Information Protection in Microsoft365 plans

Microsoft 365 F1P1
Microsoft 365 E3P1
Microsoft 365 E5P1P2

Azure Information Protection in Enterprise Mobility + Security plans

Enterprise Mobility + Security E3 Azure Information Protection P1
Enterprise Mobility + Security E5 Azure Information Protection P2
Leave a Reply

Your email address will not be published. Required fields are marked *

ten − 1 =

You May Also Like