Microsoft has had some form of information protection in place over many years and if you have been a Microsoft user over that time, you may have some confusion because of all of the name changes and locations where this has existed within the admin experience. In this article, I wanted to briefly cover that history to demystify some of those changes
Microsoft started this solution out with on premise active directory in what they called ADRMS or active directory rights management service. This allowed you to apply certain protections over documents that you may have been storing in file shares locally.
Next, they moved this to Azure RMS which extended the service to the cloud and allowed you to apply similar protections in cloud locations. The secure islands acquisition allowed them to expand on this service for the taxonomy components that were incorporated into Azure information protection. Azure information protection allowed you manage labels within the Azure Portal and also extended protections locally with the creation of the AIP scanner. During this time, Microsoft expanding labeling within the security and compliance center because it made more sense for these features to live in that location. Over the span of about a year they allowed you to work out of both the Azure portal and the security and compliance center in what they called a “unified labeling” experience. This functionality allowed you to create labels and their policies in both locations and push changes bidirectionally between the portals. Now Microsoft has a separate portal for both security and compliance admin centers. They have deprecated the labeling functionality within the azure portal as of April of 2021 and move all functionality into the compliance center. Azure Information Protection was folded up under the newly branded Microsoft Information Protection which includes other data governance features such as data loss prevention, compliance manager, eDiscovery, and more.
Portal Separation
Within the Microsoft 365 Admin Center, you can go to the information protection section to manage all of the labels and label policies within your organization. There is no longer any connection with labels in the Azure Portal.
Within the Azure Portal, you can secure for Azure Information protection to bring up a page which discusses the changes around unified labeling.
Currently, you can still use this portal to look at analytics of labels across an organization. This includes usage over time, activity logs of when labels were applied, discovery of new data across locations such as on prem file shares and recommendations based on sensitive content discovered.
Additionally, the initial configuration and management of the AIP scanner is something you can only perform within the Azure Portal. We will be covering this configuration in a later lesson but this is what allows you to scan for files locally which can be reported on as an aggregate across the other cloud locations as well.
Conclusion
I hope this article provided some clarity to Azure Rights Management/Microsoft Information protection changes over time. As we look to the future, I would anticipate Microsoft continuing to fold more functionality into the Compliance center as a unified experience.