5 tips for good Azure Information Protection implementation

aip implementation tips

When you implement information security mechanisms, in AiP implementation, for example, you need to consider many technical and human aspects. Improper planning of the implementation can cause both technical problems and improper use of new mechanisms. In both situations, the implementation will not be successful and your information will remain unsecured.

Below are five tips that will definitely help you plan the implementation process. They are a template of conduct that you must, of course, adapt to your organization, business specifics, and users.

Have the right set of initial labels

It’s very important to pick standardized and approachable labels. Business users should understand the meaning of labels and be able to use them naturally.

for example:

  1. Personal

    Non-business data, for personal use only

  2. Public

    Business data, that is specifically prepared and approved for public consumption. For example brochure for a team.

  3. General (default label)

    Business data, that is not intended for public consumption. However, this can be shared with external partners, as required. Examples include a company’s internal telephone directory, organizational charts, internal standards, and most internal communication.

  4. Confidential

    Sensitive business data that could cause damage to the business if shared with unauthorized people. Examples include contracts, security reports, forecast summaries, and sales account data

  5. Highly confidential

    Very sensitive business data that would cause damage to the business if it was shared with unauthorized people. Examples include employee and customer information, passwords, source code, and pre-announced financial reports.

Have Sub labels for key departments

For example:

for Confidential classification, sub-labels can be:


for Highly Confidential classification, sub-labels can be:

Create scoped policies for specialized teams

The list of global labels may and should be the same for all employees. You can change and customize only the lists of sub-labels. Permissions may be different in that sub-label and the policy may be different for that team.

Encourage the right user behavior

There are four approaches to getting data classified

The best results are obtained by using the recommended classification along with the possibility of changing it. It’s also a good idea to ask the user for the reason for the change. This forces users to think about and consciously make a decision about the change.

Based only on manual classification can lead to a situation where it will not be used.

Automatic classification is a good mechanism to initiate the data classification process. However, the entire information security mechanism should not be based on it.

Safeguard email communication

Use information classification in email communication. You can grant access to information sent by email. You will also have control over its further forwarding and copying.

Exit mobile version