Solutions & Products

Microsoft Information Protection: Digital Security in All Its Facets

Secure your data and enhance your security with Microsoft Information Protection!

Security and Governance: Microsoft Information Protection
Digital Workplace
Microsoft 365

The topic of IT security was particularly prominent in 2021, as a large number of well-known companies and institutions were exposed to a series of hacker attacks. In addition to major international corporations such as Telekom AG or BioNTech, the German Bundestag was also the target of cyberattacks. In the process, the perpetrators used two opportunities at once to gain access to confidential information from members of parliament. Such situations are not isolated incidents: The last major attack in 2015 resulted in a significant data loss. As a result, Bundestag's IT had to be rebuilt with the aim of better protecting sensitive data and documents in the future.

Away from the prominent headlines, small and medium-sized companies can also fall victim to unauthorized access. Therefore, well-established security tools and governance measures are essential in times of home office and crowd working to ensure the maintenance of the modern working day. To ensure that you can continue to use digital benefits such as cloud computing, video chats, and intranets securely, Microsoft Information Protection offers you an established and constantly growing all-around solution for the protected collaboration of your teams. In this article, you will learn about the comprehensive applications, functionalities and benefits of Microsoft Information Protection.

What is Microsoft Information Protection?
Azure Information Protection
Unified Sensitivity Labeling
Microsoft Defender
Rights Management

What Is Microsoft Information Protection?

Microsoft Information Protection (MIP)

is a portfolio consisting of different applications that serve to protect and classify your documents. The security factor of MIP focuses on monitoring your information to prevent unwanted publications or unauthorized access. Microsoft Information Protection also focuses on high transparency: you'll always know which users are editing and reusing your files. In this way, you can keep an eye on your files at all times and decide on the usage rights of employees and other partners as required.

To ensure that not all users have unrestricted access to sensitive data, Microsoft Information Protection provides comprehensive protection measures. Document classification lets you control who can see, share, or edit your content. In detail, all these functions are due to the following applications of the Microsoft Information Portfolio:

Microsoft Information Protection Funktionen | Arvato Systems

  1. Azure Information Protection
  2. Unified Sensitivity Labeling
  3. Microsoft Cloud App Security
  4. Office 365 Message Encryption, Double Key Encryption, and Service Encryption
  5. Information Rights Management and Rights Management Connector

Azure Information Protection for Greater Customization

Azure Information Protection (AIP) is a cloud-based application whose task is to recognize, classify and protect your company's internal documents. To do that, AIP adds functionality to Microsoft 365's existing labeling and classification capabilities. The Azure Information Protection offering includes the following tools:


The AIP client sets the confidentiality of a document directly in your file explorer. The protection applies to various file types from your document repository - from text and image files to PDF documents, and this is how you secure your sensitive data.


The local AIP scanner is primarily aimed at your company's administrators. Admins check SharePoint file repositories for sensitive content that needs protection and classification. In doing so, the tool lists the content in the associated Azure portal and provides a structured overview. With the AIP Scanner, you can find your sensitive data in no time and manage documents individually or in clusters.

Microsoft Information Protection SDK

Microsoft Information Protection SDK (Software Development Kit) is a collection of programming tools and program libraries. MIP SDK gives you the ability to specifically tailor third-party applications to Azure Information Protection confidentiality designations during their development. This allows you to classify and protect third-party solutions or in-house developed programs to the same extent as your Office applications.

With Unified Sensitivity Labeling to a Unified Environment

Over time, large amounts of data management often lead to divergent and confusing structures. To ensure long-term uniformity, Microsoft Information Protection provides Unified Labeling. You establish a uniform classification and encryption for documents from your Office applications Word, Excel, PowerPoint, and Outlook with the tool. These settings are also retained on other user interfaces and devices. This creates company-wide standards that noticeably simplify the daily handling of security and governance.

Unified Sensitivity Labeling is the successor to the now discontinued Azure Information Protection Labels tool. The main advantage of the update is that documents can now also be protected on Android and iOS devices. On top of that, Unified Sensitivity Labeling can also be used in the browser-based Office variant. The respective classification of a confidential file appears directly in the document. Authorized users' access and editing rights are also tied to this setting.

Microsoft Defender for Cloud Apps for New Challenges

Cloud services allow you a high degree of flexibility for your everyday work, as you can access relevant resources regardless of time, device, and location. To ensure that you can access your file repositories reliably and securely, comprehensive protection of the stored content is also necessary at this point. Microsoft Defender for Cloud Apps offers a flexible balance between support and access control.

Various functions are used here for your optimal cloud security. These include relatively gentle measures such as an automated log collection that documents access to a file store. But also an extensive reverse proxy is possible, which acts as an interface between your cloud and the freely accessible Internet


In some application areas, particularly high security requirements apply, as internal company data is either subject to a high level of confidentiality or is shared with users outside your company via external communication channels. For these cases, Microsoft Information Protection offers the following tools:

Office 365 Message Encryption

The application is used to encrypt emails that contain confidential data. Besides Outlook, the service is also compatible with other mail providers, such as Yahoo or Gmail. If the tool detects a document that was previously classified as sensitive, a warning appears, which is why the mail can only be encrypted or, in some cases, not sent at all.

Double Key Encryption

The tool is reserved for the most sensitive data, so that access is possible only for you or through you. It generates two keys, the first of which resides with Microsoft Azure and the second with you. Since a document can only be decrypted by merging both keys, your approval is required under all circumstances.

Service Encryption

Furthermore, it is also possible to encrypt data without a connection to Microsoft services. To do this, they manage the respective root key within Azure Key Vault and can thus perform encryption via an additional hardware security module.

Rights Management

If, on the other hand, data is made accessible in external file repositories, then once again specialized protection measures are needed to prevent unauthorized access. Microsoft Information Protection provides the following tools for this purpose:

Information Rights Management

This service from the Microsoft Information Protection portfolio is used to protect documents that originate from SharePoint lists or libraries. Using the associated settings, you can define which access rights are available after a download. In this way, you can also classify documents ready for download accordingly.

Rights Management Connector

The Rights Management Connector enables the protection of file repositories within an on-premise solution that uses Microsoft Exchange Server, SharePoint Server or another file server based on Windows Server as its foundation. Using this tool, the security settings established in Information Rights Management can be applied to the on-premise system without having to set up an additional digital infrastructure first.

Service Encryption

Furthermore, it is also possible to encrypt data without a connection to Microsoft services. To do this, they manage the respective root key within Azure Key Vault and can thus perform encryption via an additional hardware security module.

Enterprise-Wide Data Protection With Microsoft Information Protection

For secure collaboration across your Modern Workplace, Microsoft Information Protection offers a comprehensive portfolio. With Microsoft Defender for Cloud Apps, you first support protection against unauthorized access, data leaks and data loss at various levels. With the associated Azure Information Protection tool, you also manage, classify and encrypt your content via numerous features - completely customized according to the respective confidentiality.
However, integrating this framework not only means more protection for your confidential content, but also more efficiency in your everyday work. The included functions automate many more of your processes. The product offering provides you with clear logs to simplify the review of file accesses retrospectively. At the same time, the unification of third-party applications allows fast and, above all, security-compliant access to other tools that are relevant to you. Moreover, with Microsoft Information Protection, you also comply with the legal guidelines of the EU's General Data Protection Regulation (DSGVO), which stipulates how stored personal data must be handled.

Digital Workplace

Our solutions with Microsoft Office 365 for the ideal workplace of the future.

Managed Microsoft Security

Deploy Microsoft 365 Defender and Azure Defender effectively and manage them professionally.

Written by

Karsten Schneider
Expert for Microsoft 365