Azure Notes from the Field
Some key cloud services offered by Microsoft:
- Domain services
- Identity Federation services
- Azure Active Directory
- Azure Information Protection (AIP)
Azure Information Protection (AIP) – Classifying sensitive Data
Azure Information Protection (AIP) is a new system to help protect sensitive data even as it moves between applications and organizations. AIP builds on the existing Azure Rights Management (RMS) system to add data labeling and classification to ensure that the right protection policies are applied to sensitive data at the time it is created to help restrict data leaks.
Azure RMS provides a cloud-based system for performing rights management of sensitive information. With RMS, documents are encrypted and restricted in various ways; opening them requires authentication against Azure Active Directory (AD), allowing the usage of the documents to be tracked and recorded.
Once opened, the documents can have their usage restricted to prevent, for example, printing or editing.
Unlike a traditional password-protected document, where knowing the password is sufficient to give permanent access to the file, the online authentication used by RMS means that access can be controlled on a more continuous basis. Accounts showing suspicious behavior such as impossible travel (where logins are made from different places around the world faster than one could travel between those places) can be locked out, blocking access to protected data.
Applications such as Exchange and SharePoint already have support for rights management policies, with Exchange being able to block the forwarding of sensitive e-mails to external addresses, for example.
Endpoint Configuration
Azure has two different deployment models for creating and working with resources:Resource Manager and classic. Microsoft recommends that most new deployments use the Resource Manager model. In the Resource Manager deployment model, endpoints are configured using Network Security Groups (NSGs). For more information, see Allow external access to your VM using the Azure Portal.
Leave a Reply