Now Generally Available: Azure Information Protection and AzureAD Conditional Access Policies

AzureAD Conditional Access policies for iOS, Android and Windows, and Microsoft Azure Information Protection are now Generally Available.

Share online:

Microsoft Azure Information Protection, a new service that builds on both Microsoft Azure Rights Management and Microsoft's recent acquisition of Secure Islands, is now generally available.

Azure Information Protection delivers a comprehensive classification, labeling and protection solution to the market, writes Dan Plastina of the Information Protection Team.

The company notes, preview on July 12th, was incredibly successful, "with over 500 active tenants testing and giving us great input."

So, with today's announcement of AIP in GA actually mean that: "Azure Information Protection client for Office (2010/13/16) on Windows (7/8/10) is general available as well. And, HYOK feature is available in preview, while new mobile apps for iOS and Android replace the existing RMS Sharing Apps," write azure team.

Further, they note, begining 10/5, "will be enforcing license requirements and admin rights in the Admin Portal."

Azure Information Protection GA

Here's what you get in AIP today:

  • Use policies to classify, label, and protect data at the time of creation or modification. "Classification can be fully automatic, user-driven, or based on a recommendation." Once data is classified and labeled, protection can be applied automatically on that basis.
  • Classification and protection information travels with data, ensuring "data is protected at all times, regardless of where it is stored, with whom it is shared, or if the device is running iOS, Android, or Windows," team explained.
  • Enable safe data sharing with users as well as with external customers and partners. "Document owners can define who can access data and what they can do with it."
  • Simple, intuitive controls help users make right decisions and stay productive. "Data classification and protection controls are integrated into Office and common applications providing simple one-click options to secure data that users are working on."
  • Document owners can track activities on shared data and revoke access when necessary. IT can use logging and reporting to monitor, analyze, and reason over shared data.
  • Protect data whether it is stored in the cloud or on-premises, and choose how your encryption keys are managed with Bring Your Own Key (BYOK) and Hold Your Own Key (HYOK) options, explained team.

Furthermore, you can wathc the AIP introduction in the video embedded below:

Other product that goes in to GA today, is the Azure AD device-based Conditional Access policies for iOS, Android and Windows generally available as on 10/04..

"These policies in conjunction with MFA, network location and risk scores from Azure AD Identity Protection and MDM capabilities of Microsoft Intune provide industries the most comprehensive set of security and compliance controls," writes azure team.

Conditional Access is a feature of Azure AD Premium, and it "works with EVERY application that authenticates using Azure AD," team explains. That means "Office 365, Azure and Microsoft CRM as well as all the apps in app gallery," including thousands of apps like ServiceNow, Salesforce.com & Concur, plus on-premises apps published through Azure AD Application Proxy, added azure team.

Quite a few customers already have these policies in their production environments and are already requiring employees to use properly configured devices to access Office 365 and other applications.

For devices to participate in device-based conditional access, devices must be registered with Azure AD as follows. Some companies already have these policies for controlling access from iOS, Android and Windows (10, 8.1 & 7).

  • Windows domain joined devices (in on-premises Active Directory) can be easily registered with Azure AD in an automatic manner. This includes both Windows 10 and down-level Windows devices.
  • iOS and Android devices are registered with Azure AD when they get enrolled into Microsoft Intune, our MDM service.
  • Windows 10 Azure AD joined devices are registered upon being joined to Azure AD.
  • Windows 10 personal devices (BYOD) are registered when the work account is added to Windows.

AzureAD Conditional Access policies GA

Most notably, per-app access can be set on the following services:

  • Microsoft Office 365 Exchange Online
  • Microsoft Office 365 SharePoint Online
  • Dynamics CRM
  • Power BI
  • All of the 2,700+ SaaS applications from the Azure AD application gallery
  • On-premises apps registered with Azure AD Application Proxy
  • LOB apps registered with Azure AD

You can see in detail how to setup automatic registration of domain joined devices in Azure AD here, and how to setup Azure AD for device compliance here.

In other news, System Center Management Pack for SQL Server and Dashboards (6.7.7.0) is released. You can use the links under to download Microsoft System Center Management Pack for:

Also, Cumulative update releases for Microsoft System Center 2012 R2 Operations Manager.

The updates are listed according to release date and include the associated build number. Also note the following:

  • Cumulative update build numbers with a larger numeric value include the fixes from all previously released cumulative updates.
  • Any version of OpsMgr 2012 R2 can be updated to a later cumulative update.
  • You cannot uninstall a later-version cumulative update to downgrade to an earlier-version cumulative update.

For the complete list, please see the following:

KB3193857 – Cumulative update releases for Microsoft System Center 2012 R2 Operations Manager (OpsMgr 2012 R2).