locked
Automated classification within Sharepoint RRS feed

  • Question

  • Hi guys,

    If we deploy Azure RMS connectors for our on-premises sharepoint we can utilize AIP.

    Is there any way of automatically classify/label and protect documents based on where they are stored? Lets say we crate a library and every document that will be saved there must be classified as confidential, add a label and also enforce protection? Is this how its done? or is it up to each users to choose classification in word when saving the document to the sharepoint library?

    And it seems that we have the AIP P1 plan, which according to the comparison table does not contain Automated data classification and administrative support for automated rule sets. (so it we want to utilize automated data classification we have to go P2?)


    • Edited by [zid] Tuesday, March 28, 2017 8:13 PM
    Wednesday, March 22, 2017 8:30 AM

Answers

  • Hi Carol and thanks for your reply. I might actually begin to understand this now! :)

    So our options are if I understand you correctly:

    - classify and label the documents in word before uploading them to SharePoint
    - we can protect the document when they are stored on SharePoint but the SharePoint cannot index the document

    or...

    Use SharePoint IRM:

    - classify and label the documents in word before uploading them to SharePoint
    - if the document should be protected, it will be stored in SharePoint unprotected but IRM will apply this protection based upon the classification when a user is downloading the document? (does that apply if one is viewing it online via word online as well as downloading it word?)

    Thanks!

    Thursday, March 23, 2017 7:54 AM

All replies

  • Currently, SharePoint doesn't have a labeling integration feature for Azure Information Protection - but the engineering teams are working on this.  So yes, label the documents before uploading them to SharePoint.  If the document is also protected, beware that SharePoint now can't index this document, so it won't be returned in search results.  What you could do here, if search on SharePoint is important to you, is not configure the labels for Azure RMS protection, but configure the SharePoint library for IRM, which automatically applies Azure RMS protection when these documents are downloaded.

    Yes, automated classification (such detecting credit card numbers) is a P2 subscription feature.

    Wednesday, March 22, 2017 8:15 PM
  • Hi Carol and thanks for your reply. I might actually begin to understand this now! :)

    So our options are if I understand you correctly:

    - classify and label the documents in word before uploading them to SharePoint
    - we can protect the document when they are stored on SharePoint but the SharePoint cannot index the document

    or...

    Use SharePoint IRM:

    - classify and label the documents in word before uploading them to SharePoint
    - if the document should be protected, it will be stored in SharePoint unprotected but IRM will apply this protection based upon the classification when a user is downloading the document? (does that apply if one is viewing it online via word online as well as downloading it word?)

    Thanks!

    Thursday, March 23, 2017 7:54 AM
  • Yes, you've understood it correctly :)  SharePoint IRM libraries apply protection only on download so if a user then saves the file locally and emails it or tries storing it elsewhere, the polices defined in SharePoint (who can open the document and what they can do with it) remains with the document, even though it's now outside the control and management of SharePoint.
    Saturday, March 25, 2017 1:37 AM