Consuming AIP (Azure Information Protection) protected emails by different recipients

Azure Information Protection is a rights management service offered by Microsoft which helps the organization to classify and optionally protect the documents and emails. Having this service in an enterprise gives the visibility of the sensitive information which is getting exchanged.

Enabling this service to an enterprise bridges the security gaps and concerns to an extent but definitely disturbs the recipients workflow. All the users are to be well educated on how to use and consume this service. To an extent, we can educate the internal users, but it is quite challenging to educate and train the recipients who are not adapted to cloud, who are using external email services like Yahoo/Gmail, who are using on-premise Exchange for hosting their mailboxes.

As the recipient experience is seamless with only O365 services, other recipients have to follow certain procedures/guidelines for consuming the AIP protected content. These procedures are different for different recipients and this blog will help to understand them

When protection is enforced with Azure Information protection for an email, it will enable the DNF (Do Not Forward) functionality, which will restrict the recipient from forwarding, editing, printing and even taking screenshot of the protected email.

Let us consider different scenarios where a protected email is sent to different recipients and understand the recipeint workflow

Scenario-1: Sending protected email from O365 sender to O365 recipient ( Business to Business )

Outlook: Seamless

Outlook Web Access: Seamless

Mobile: Seamless with MS Office application

Scenario-2: O365 sender sending to Gmail/Yahoo recipient

Gmail and Yahoo, as they are federated with Azure Active Directory, the recipients either can authenticate with Yahoo/Gmail accounts or can use OTP to consume the protected email.

Scenario-3: O365 sender sending email to Exchange-on- premise recipient

Outlook and no AIP agent : OTP

Outlook : when AIP agent is installed at endpoint: Seamless consumption

Outlook Web Access: OTP

Mobile: Seamless


1 thought on “Consuming AIP (Azure Information Protection) protected emails by different recipients

  1. Pingback: Consuming AIP protected documents by different recipients | Tech Ripples

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s