{"id":11012,"date":"2018-04-04T08:42:25","date_gmt":"2018-04-04T15:42:25","guid":{"rendered":"https:\/\/www.microsoft.com\/insidetrack\/blog\/?p=11012"},"modified":"2023-06-11T15:57:03","modified_gmt":"2023-06-11T22:57:03","slug":"using-azure-information-protection-to-classify-and-label-corporate-data","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-azure-information-protection-to-classify-and-label-corporate-data\/","title":{"rendered":"Using Azure Information Protection to classify and label corporate data"},"content":{"rendered":"<div class=\"m-alert f-error\" role=\"alert\">\n<div>\n<div class=\"c-glyph glyph-incident-triangle\" aria-label=\"Error message\"><\/div>\n<p class=\"c-paragraph\">This content has been archived, and while it was correct at time of publication, it may no longer be accurate or reflect the current situation at Microsoft.<\/p>\n<\/div>\n<\/div>\n<p>A mobile workforce means that company information is no longer secured within a corporate network or on corporate devices. At Microsoft, we\u2019re using Azure Information Protection to classify and label data\u2014part of our strategy to protect information in our modern workplace. We\u2019re teaching people to correctly label data with an intuitive classification framework, so persistent protection travels with it, wherever it is stored, sent, or shared.<\/p>\n<p><iframe loading=\"lazy\" style=\"border: none;\" src=\"https:\/\/www.microsoft.com\/en-us\/videoplayer\/embed\/RE4NUJe?autoplay=false&amp;showinfo=true\" width=\"640\" height=\"360\" allowfullscreen=\"allowfullscreen\"><span data-mce-type=\"bookmark\" style=\"display: inline-block; width: 0px; overflow: hidden; line-height: 0;\" class=\"mce_SELRES_start\">\ufeff<\/span><\/iframe><\/p>\n<p>As the speed of business increases, employees are more mobile\u2014often bringing their personal devices to work. Corporate network perimeters are dissolving as the modern workplace moves to the cloud. In this evolving environment, protecting corporate and customer data is of the utmost importance to Microsoft. Layers of data security and protection measures, which align to corporate data security and compliance standards, help protect our information.<\/p>\n<p>At Microsoft Digital, when we needed to modernize our information protection strategy, we upgraded our data classification framework and deployed Azure Information Protection (AIP), a data classification labeling and protection tool. Classification labels offer persistent protection because they travel with the data, regardless of where it\u2019s stored, sent, or shared.<\/p>\n<p>As described in the video embedded above, information protection at Microsoft is supported by device health, identity management, and data telemetry. Not all data is equal, nor does it require equal levels of protection. To apply the appropriate levels of security control in our environment, we need to identify the data we are protecting, and how much we need to protect it\u2014based on its sensitivity and business value.<\/p>\n<h2>Business challenge<\/h2>\n<p>Microsoft is a global organization, which makes security compliance more complex. Different regions of the world have different data requirements. Complex data governance, retention, and encryption controls can be very difficult to enforce without tooling and automation. For example, identifying our data and controlling access to it are critical requirements of General Data Protection Regulation (GDPR) compliance.<\/p>\n<p>In the past, we used a data classification framework with four main labels that were based on the possible business impact if information was leaked or mishandled. However, the naming convention was Microsoft-centric and not intuitive. Data was classified by templates that, when used properly, provided visual cues about file classification.<\/p>\n<p>To help people classify data appropriately, we gave them a detailed data classification standard and a point-and-click application with simplified examples of common data elements. However, in many cases\u2014such as Office documents\u2014labeling was often a cosmetic exercise. If people classified a document, the protection did not travel with the file once it left SharePoint or a file share. People were responsible for following data classification standards when they shared files, but some didn\u2019t really think about the classification requirements outside of SharePoint collaborative environments. Ultimately, labelling was inconsistent.<\/p>\n<p>Employees and contingent staff are responsible for recognizing sensitive or confidential information and helping prevent unauthorized access. Their decisions affect our compliance state. Faced with the challenging and expensive task of educating people about data retention, encryption, and classification, we needed to look at more intuitive ways to help people classify data, so we could automatically apply policies and standards.<\/p>\n<p>We also needed more visibility into what is happening with sensitive data, where it is stored, and where it is shared. Before AIP, once a file left the relative safety of a secure SharePoint portal, we had little visibility or control over how it was handled, unless explicit protection policies like encryption or rights management were applied at the file level. We wouldn\u2019t know if sensitive data was copied from a confidential document and pasted into an unclassified, local file\u2014and we couldn\u2019t tell if data was improperly classified. We relied on employee training and education to help ensure that sensitive data was being handled appropriately.<\/p>\n<h2>Improving our classification framework<\/h2>\n<p>We worked with security and compliance groups across Microsoft to improve our classification framework. The new framework and labels are more intuitive, so our people can make better data-handling decisions. Data protection standards align more clearly and are easier for people to understand and follow. The classification framework we implemented has five labels:<\/p>\n<ul class=\"c-list\">\n<li><strong>Non-Business.<\/strong>\u00a0Non-business data that is created using Microsoft assets, but is not related to Microsoft business or our customers. Data is not encrypted and cannot be tracked or revoked.<\/li>\n<li><strong>Public.<\/strong>\u00a0Microsoft business information that is prepared and approved for public consumption. Data is not protected by Azure Rights Management service (RMS), and owners cannot track or revoke content using RMS.<\/li>\n<li><strong>General.<\/strong>\u00a0Business information that is\u00a0<i>not<\/i>\u00a0meant for public consumption; however, it can be shared with employees, contingent staff, business guests, and external partners. It is not RMS protected and owners cannot track or revoke content using RMS. If an employee does not select a classification label, AIP defaults to this label, but will provide labeling recommendations based on what\u2019s being entered in the document.<\/li>\n<li><strong>Confidential.<\/strong>\u00a0Sensitive, strategic business information that could cause harm if shared inappropriately. It also represents personal information, regardless of identifiability. Data is protected using RMS and owners can track and revoke content. Recipients are trusted and get full delegation rights, including the ability to remove RMS protection.<\/li>\n<li><strong>Highly Confidential<\/strong>. Very sensitive critical and high-risk data, requiring the strictest protection. This classification includes regulated data and sensitive personally identifiable information. Data is protected using RMS and owners can track and revoke content. Recipients do\u00a0<i>not<\/i>\u00a0get delegation rights or rights to modify or remove RMS protection.<\/li>\n<\/ul>\n<p>For Confidential and Highly Confidential we also have sub-labels that address the scope of visibility:<\/p>\n<ul class=\"c-list\">\n<li>Microsoft Executive and Staff, which is visible only to the Microsoft Senior Leadership.<\/li>\n<li>Microsoft FTE, which is visible to all full-time employees.<\/li>\n<li>Microsoft Extended, which is visible to full-time employees and contingent staff.<\/li>\n<\/ul>\n<h2>Azure Information Protection helps protect data throughout the document lifecycle<\/h2>\n<p>We worked with security, privacy, and product groups at Microsoft to upgrade and unify our data loss prevention (DLP) program. As part of the unified DLP program, we implemented Azure Information Protection to help us protect documents throughout their lifecycle.<\/p>\n<figure id=\"attachment_11014\" aria-describedby=\"caption-attachment-11014\" style=\"width: 573px\" class=\"wp-caption alignleft\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-11014 size-full\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/7521-fig1.png\" alt=\"Image shows layers of protection and control throughout the document lifecycle.\" width=\"573\" height=\"164\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/7521-fig1.png 573w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/7521-fig1-300x86.png 300w\" sizes=\"(max-width: 573px) 100vw, 573px\" \/><figcaption id=\"caption-attachment-11014\" class=\"wp-caption-text\">Figure 1. Azure Information Protection as part of data loss prevention lifecycle.<\/figcaption><\/figure>\n<h3>Classification and labeling<\/h3>\n<p>We are using Azure Information Protection to classify, label, and protect roughly 15 million documents and emails per month. With Azure Information Protection, employees can classify their own content, or we can automate classification by using the Azure Information Protection Scanner to scan documents for sensitive content, such as credit card and social security numbers.<\/p>\n<p>We believe that the right combination of people, processes, and technology can effectively protect the organization\u2019s data. Microsoft employees play a crucial role in protecting the corporate data that they create, collaborate on, and manage. In the absence of tools and automation, we still want them to think about the right way to classify and handle confidential data. We chose to have our employees classify data, and we scan content to provide classification recommendations.<\/p>\n<p>With data constantly being created, edited, stored, and shared within and outside the company, from both corporate and personal devices, we needed to give people the tools and information to easily and correctly classify and label data.<\/p>\n<h4>Tools take the guesswork out of protection policies<\/h4>\n<p>The Azure Information Protection\u00a0<strong>Protect<\/strong>\u00a0button is an add-in for Office 365 productivity applications, including Outlook email, Word, Excel, and PowerPoint. Once installed, the\u00a0<strong>Protect<\/strong>\u00a0button gives employees classification tips and an automated method to classify files that they open or create in Office 365 productivity apps.<\/p>\n<p>Since we\u2019re asking employees to classify their own files, we use tool tip recommendations, shown below, to help them choose an appropriate classification and encourage their ongoing participation.<\/p>\n<p>&nbsp;<\/p>\n<figure id=\"attachment_11015\" aria-describedby=\"caption-attachment-11015\" style=\"width: 620px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-11015 size-full\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/7521-fig2.png\" alt=\"Image contains a tool tip making a classification recommendation from within an Office 365 productivity app.\" width=\"620\" height=\"100\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/7521-fig2.png 620w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/7521-fig2-300x48.png 300w\" sizes=\"(max-width: 620px) 100vw, 620px\" \/><figcaption id=\"caption-attachment-11015\" class=\"wp-caption-text\">Figure 2. Azure Information Protection recommends data classification in Office 365 Word files<\/figcaption><\/figure>\n<p>By default, unclassified documents open as\u00a0<i>General<\/i>, but as content and data are added, Azure Information Protection makes recommendations. Those recommendations can be based on keyword scans and number patterns that indicate financial or personal information.<\/p>\n<figure id=\"attachment_11016\" aria-describedby=\"caption-attachment-11016\" style=\"width: 292px\" class=\"wp-caption alignleft\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-11016 size-full\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/7521-fig3.png\" alt=\"The image shows the expanded menu for the Azure Information Protection Protect button in an Office 365 productivity application.\" width=\"292\" height=\"225\" \/><figcaption id=\"caption-attachment-11016\" class=\"wp-caption-text\">Figure 3. Azure Information Protection Protect button<\/figcaption><\/figure>\n<h3>Protect<\/h3>\n<p>Labels and classification inform automated protections that are applied using encryption, identity, and authorization policies. Azure RMS integrates with cloud services and applications such as Office 365, Azure Active Directory (Azure AD), and\u00a0<a class=\"c-hyperlink\" href=\"https:\/\/www.microsoft.com\/en-us\/insidetrack\/windows-Information-protection-helps-enforce-data-policy-at-microsoft\" target=\"_self\" rel=\"noopener\" aria-label=\"Read more about Windows Information Protection\">Windows Information Protection<\/a>. The protection travels with documents and email whether they are inside or outside of the company network, files servers, and applications.<\/p>\n<h4>Encrypt<\/h4>\n<p>Azure RMS Data Encryption in Azure Storage helps secure data at rest and in transit. Azure Disk Encryption can be used to encrypt operating systems and data disks used by virtual machines. Data is protected in transit between an application and Azure, so it remains secure at all times.<\/p>\n<p>Azure Key Vault helps safeguard cryptographic keys, certificates, and passwords that protect our data. Key Vault uses hardware security modules, and is designed so that we can control our keys and, therefore, our data. We can monitor and audit stored key use with Azure logging, and we can import logs into Azure HDInsight or our security information and event management system for more analysis and threat detection.<\/p>\n<h4>Access control<\/h4>\n<p>Azure helps us manage user identities and credentials to control access to data in several ways.<\/p>\n<p>Azure AD helps ensure that only authorized users access our computing environments, data, and applications. We use multi-factor authentication for secure sign-in, and Azure role-based access control helps manage access to Azure services that contain personal data. And\u00a0<a class=\"c-hyperlink\" href=\"https:\/\/www.microsoft.com\/en-us\/insidetrack\/using-azure-ad-privileged-identity-management-for-elevated-access\" target=\"_self\" rel=\"noopener\" aria-label=\"Read more about Azure AD Privileged Identity Management\">Azure AD Privileged Identity Management<\/a>\u00a0helps us reduce risks associated with administrative privileges through access control, management, and reporting.<\/p>\n<h4>Policy enforcement<\/h4>\n<p>Classification and labeling also inform enforcement of policies that restrict access to some document functions for higher classification levels. Once an employee applies a classification label and scope, our policy specifies which recipients and recipient actions are allowed. For example:<\/p>\n<ul class=\"c-list\">\n<li>By applying the\u00a0<i>Non-Business\u00a0<\/i>label, recipients can view, forward, print, and save the content. Content is not RMS protected.<\/li>\n<li>By applying the\u00a0<i>Confidential \\ Recipients Only<\/i>\u00a0label, recipients can view, reply, print, and save the content. However, they can\u2019t forward the content or remove RMS protection.<\/li>\n<li>By applying the\u00a0<i>Confidential \\ Microsoft Executive and Staff<\/i>\u00a0label, only members of the executive and executive staff user groups can view, forward, reply, print, and save the content. Document owners can view tracking and logging of their confidential documents using the Azure Information Protection app or console.<\/li>\n<\/ul>\n<h3>Monitor and respond<\/h3>\n<p>When Azure Information Protection has been applied, employees can securely collaborate with people inside or outside the company, track use, and even revoke access remotely. With the Azure Information Protection app, they can see who has access to their content and where it\u2019s located, even when it leaves the organization\u2019s traditional boundaries.<\/p>\n<h2>Company-wide adoption<\/h2>\n<p>We implemented a company-wide awareness campaign, which included digital displays in company offices, targeted communication, presentations at company events, and new-hire orientation. We included data protection information in mandatory employee and vendor training to raise awareness without additional training.<\/p>\n<p>Our adoption program involved representatives from each business organization that helped shape the program. They helped develop a company-wide standard and provided feedback. We established company and organizational baselines, methods to measure classification label adoption, and key indicators that help us target more training and to drive awareness improvements and adoption.<\/p>\n<h3>Reporting and metrics<\/h3>\n<p>Measuring the amount of classified and protected data in our systems is a key requirement for reporting our GDPR compliance. Azure Information Protection audits and logs compliance data that we can analyze for business insights or monitor for abuse through a consolidated information protection console. We have delegated super users that can set policies and recover protected documents\u2014for example, from an employee who has left the company.<\/p>\n<p>We have recently deployed a new Azure service in Operations Management Suite that uses the same policies as our Azure Information Protection data at-rest scans.<\/p>\n<h2>The information protection journey<\/h2>\n<p>Azure Information Protection has been broadly deployed at Microsoft, and we have been working to educate users and promote adoption. A key benefit in deploying the Azure Information Protection button on the Office ribbon is that we can focus on teaching people how to use the toolbar, rather than the complexities of information protection. We don\u2019t need them to remember which levels of sensitivity require encryption or how long the retention policy is for Highly Confidential information\u2014we simply need to teach them how to use the tool.<\/p>\n<p>We are working toward a unified data protection program that features native integration with Office 365 and seamless interoperability across all Microsoft cloud platforms. We are coordinating with teams from other areas of Microsoft including Azure Information Protection, Office Information Protection, and Windows Information Protection. We are working with Microsoft security and compliance teams on a unified console, where all data and documents are labeled and protected during their entire lifecycle, across all important endpoints, applications, and services.<\/p>\n<p>If you are ready to begin your information protection journey, you can start by reading\u00a0<a class=\"c-hyperlink\" href=\"https:\/\/docs.microsoft.com\/en-us\/information-protection\/understand-explore\/what-is-information-protection\" target=\"_blank\" rel=\"noopener\" aria-label=\"Read more about What is Azure Information Protection?\">What is Azure Information Protection?<\/a>, then visit\u00a0<a class=\"c-hyperlink\" href=\"https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?id=53018\" target=\"_blank\" rel=\"noopener\" aria-label=\"Read more about Azure Information Protection\">Azure Information Protection<\/a>\u00a0to download.<br \/>\n<code><!-- hide for more info section\n\n\n<h3 class=\"c-heading\">For more information<\/h3>\n\n\n\n\n<ul class=\"c-list\">\n \t\n\n<li><a href=\"https:\/\/www.microsoft.com\/en-us\/insidetrack\/protecting-files-in-the-cloud-with-azure-information-protection\">Protecting files in the cloud with Azure Information Protection<\/a><\/li>\n\n\n \t\n\n<li><a href=\"https:\/\/www.microsoft.com\/en-us\/insidetrack\/automating-data-protection-with-azure-information-protection-scanner\">Automating data protection with Azure Information Protection scanner<\/a><\/li>\n\n\n<\/ul>\n\n\n--><\/code><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This content has been archived, and while it was correct at time of publication, it may no longer be accurate or reflect the current situation at Microsoft. A mobile workforce means that company information is no longer secured within a corporate network or on corporate devices. At Microsoft, we\u2019re using Azure Information Protection to classify [&hellip;]<\/p>\n","protected":false},"author":146,"featured_media":11017,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"_hide_featured_on_single":false,"_show_featured_caption_on_single":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[1],"tags":[],"coauthors":[674],"class_list":["post-11012","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","m-blog-post"],"jetpack_publicize_connections":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Using Azure Information Protection to classify and label corporate data - Inside Track Blog<\/title>\n<meta name=\"description\" content=\"A mobile workforce means that company information is no longer secured within a corporate network or on corporate devices. At Microsoft, we\u2019re using Azure Information Protection to classify and label data\u2014part of our strategy to protect information in our modern workplace. We\u2019re teaching people to correctly label data with an intuitive classification framework, so persistent protection travels with it, wherever it is stored, sent, or shared.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-azure-information-protection-to-classify-and-label-corporate-data\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Using Azure Information Protection to classify and label corporate data - Inside Track Blog\" \/>\n<meta property=\"og:description\" content=\"A mobile workforce means that company information is no longer secured within a corporate network or on corporate devices. At Microsoft, we\u2019re using Azure Information Protection to classify and label data\u2014part of our strategy to protect information in our modern workplace. We\u2019re teaching people to correctly label data with an intuitive classification framework, so persistent protection travels with it, wherever it is stored, sent, or shared.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-azure-information-protection-to-classify-and-label-corporate-data\/\" \/>\n<meta property=\"og:site_name\" content=\"Inside Track Blog\" \/>\n<meta property=\"article:published_time\" content=\"2018-04-04T15:42:25+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-06-11T22:57:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/7521-hero.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1040\" \/>\n\t<meta property=\"og:image:height\" content=\"585\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Inside Track \u2013 retired stories\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Inside Track \u2013 retired stories\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-azure-information-protection-to-classify-and-label-corporate-data\/\",\"url\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-azure-information-protection-to-classify-and-label-corporate-data\/\",\"name\":\"Using Azure Information Protection to classify and label corporate data - Inside Track Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-azure-information-protection-to-classify-and-label-corporate-data\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-azure-information-protection-to-classify-and-label-corporate-data\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/7521-hero.jpg\",\"datePublished\":\"2018-04-04T15:42:25+00:00\",\"dateModified\":\"2023-06-11T22:57:03+00:00\",\"author\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/59e5f7b07dae629412c990cc1a63b575\"},\"description\":\"A mobile workforce means that company information is no longer secured within a corporate network or on corporate devices. At Microsoft, we\u2019re using Azure Information Protection to classify and label data\u2014part of our strategy to protect information in our modern workplace. We\u2019re teaching people to correctly label data with an intuitive classification framework, so persistent protection travels with it, wherever it is stored, sent, or shared.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-azure-information-protection-to-classify-and-label-corporate-data\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-azure-information-protection-to-classify-and-label-corporate-data\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-azure-information-protection-to-classify-and-label-corporate-data\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/7521-hero.jpg\",\"contentUrl\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/7521-hero.jpg\",\"width\":1040,\"height\":585,\"caption\":\"Business people in conference with laptop.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-azure-information-protection-to-classify-and-label-corporate-data\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Using Azure Information Protection to classify and label corporate data\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/\",\"name\":\"Inside Track Blog\",\"description\":\"How Microsoft does IT\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/59e5f7b07dae629412c990cc1a63b575\",\"name\":\"Inside Track \u2013 retired stories\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/image\/ee0de87c339052d5d84852473bd7f213\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/24a8c329ab32afd1bc23fd1658d1acc2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/24a8c329ab32afd1bc23fd1658d1acc2?s=96&d=mm&r=g\",\"caption\":\"Inside Track \u2013 retired stories\"},\"description\":\"The content on this page was crafted to highlight a specific moment in time or the solutions that have led us to where we are today. It offers valuable insights into our journey and the progress made over the years. Check out the Inside Track blog page for our up-to-date stories around Microsoft.\",\"url\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/author\/insidetrackarchive\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Using Azure Information Protection to classify and label corporate data - Inside Track Blog","description":"A mobile workforce means that company information is no longer secured within a corporate network or on corporate devices. At Microsoft, we\u2019re using Azure Information Protection to classify and label data\u2014part of our strategy to protect information in our modern workplace. We\u2019re teaching people to correctly label data with an intuitive classification framework, so persistent protection travels with it, wherever it is stored, sent, or shared.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-azure-information-protection-to-classify-and-label-corporate-data\/","og_locale":"en_US","og_type":"article","og_title":"Using Azure Information Protection to classify and label corporate data - Inside Track Blog","og_description":"A mobile workforce means that company information is no longer secured within a corporate network or on corporate devices. At Microsoft, we\u2019re using Azure Information Protection to classify and label data\u2014part of our strategy to protect information in our modern workplace. We\u2019re teaching people to correctly label data with an intuitive classification framework, so persistent protection travels with it, wherever it is stored, sent, or shared.","og_url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-azure-information-protection-to-classify-and-label-corporate-data\/","og_site_name":"Inside Track Blog","article_published_time":"2018-04-04T15:42:25+00:00","article_modified_time":"2023-06-11T22:57:03+00:00","og_image":[{"width":1040,"height":585,"url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/7521-hero.jpg","type":"image\/jpeg"}],"author":"Inside Track \u2013 retired stories","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Inside Track \u2013 retired stories","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-azure-information-protection-to-classify-and-label-corporate-data\/","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-azure-information-protection-to-classify-and-label-corporate-data\/","name":"Using Azure Information Protection to classify and label corporate data - Inside Track Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-azure-information-protection-to-classify-and-label-corporate-data\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-azure-information-protection-to-classify-and-label-corporate-data\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/7521-hero.jpg","datePublished":"2018-04-04T15:42:25+00:00","dateModified":"2023-06-11T22:57:03+00:00","author":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/59e5f7b07dae629412c990cc1a63b575"},"description":"A mobile workforce means that company information is no longer secured within a corporate network or on corporate devices. At Microsoft, we\u2019re using Azure Information Protection to classify and label data\u2014part of our strategy to protect information in our modern workplace. We\u2019re teaching people to correctly label data with an intuitive classification framework, so persistent protection travels with it, wherever it is stored, sent, or shared.","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-azure-information-protection-to-classify-and-label-corporate-data\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/insidetrack\/blog\/using-azure-information-protection-to-classify-and-label-corporate-data\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-azure-information-protection-to-classify-and-label-corporate-data\/#primaryimage","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/7521-hero.jpg","contentUrl":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/7521-hero.jpg","width":1040,"height":585,"caption":"Business people in conference with laptop."},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/using-azure-information-protection-to-classify-and-label-corporate-data\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/insidetrack\/blog\/"},{"@type":"ListItem","position":2,"name":"Using Azure Information Protection to classify and label corporate data"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/","name":"Inside Track Blog","description":"How Microsoft does IT","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/insidetrack\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/59e5f7b07dae629412c990cc1a63b575","name":"Inside Track \u2013 retired stories","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/image\/ee0de87c339052d5d84852473bd7f213","url":"https:\/\/secure.gravatar.com\/avatar\/24a8c329ab32afd1bc23fd1658d1acc2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/24a8c329ab32afd1bc23fd1658d1acc2?s=96&d=mm&r=g","caption":"Inside Track \u2013 retired stories"},"description":"The content on this page was crafted to highlight a specific moment in time or the solutions that have led us to where we are today. It offers valuable insights into our journey and the progress made over the years. Check out the Inside Track blog page for our up-to-date stories around Microsoft.","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/author\/insidetrackarchive\/"}]}},"jetpack_featured_media_url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/7521-hero.jpg","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9hcZA-2RC","_links":{"self":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts\/11012"}],"collection":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/users\/146"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/comments?post=11012"}],"version-history":[{"count":6,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts\/11012\/revisions"}],"predecessor-version":[{"id":11216,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts\/11012\/revisions\/11216"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/media\/11017"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/media?parent=11012"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/categories?post=11012"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/tags?post=11012"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/coauthors?post=11012"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}