Azure Information Protection is a rights management service offered by Microsoft which helps the organization to classify and optionally protect the documents and emails. Having this service in an enterprise gives the visibility of the sensitive information which is getting exchanged.
Enabling this service to an enterprise bridges the security gaps and concerns to an extent but definitely disturbs the recipients workflow. All the users are to be well educated on how to use and consume this service. To an extent, we can educate the internal users, but it is quite challenging to educate and train the recipients who are not adapted to cloud, who are using external email services like Yahoo/Gmail, who are using on-premise Exchange for hosting their mailboxes.
As the recipient experience is seamless with only O365 services, other recipients have to follow certain procedures/guidelines for consuming the AIP protected content. These procedures are different for different recipients and this blog will help to understand them
When protection is enforced with Azure Information protection for an email, it will enable the DNF (Do Not Forward) functionality, which will restrict the recipient from forwarding, editing, printing and even taking screenshot of the protected email.
Let us consider different scenarios where a protected email is sent to different recipients and understand the recipeint workflow
Scenario-1: Sending protected email from O365 sender to O365 recipient ( Business to Business )
Outlook Web Access: Seamless
Mobile: Seamless with MS Office application
Scenario-2: O365 sender sending to Gmail/Yahoo recipient
Gmail and Yahoo, as they are federated with Azure Active Directory, the recipients either can authenticate with Yahoo/Gmail accounts or can use OTP to consume the protected email.
Scenario-3: O365 sender sending email to Exchange-on- premise recipient
Outlook and no AIP agent : OTP
Outlook : when AIP agent is installed at endpoint: Seamless consumption
Outlook Web Access: OTP