Microsoft Information Protection in Microsoft 365

Licensing for Microsoft 365 Security & Compliance

Use Microsoft Information Protection (MIP) to help you discover, classify, and protect sensitive information wherever it lives or travels.

MIP capabilities are included with Microsoft 365 Compliance and give you the tools to know your data, protect your data, and prevent data loss.

Know your data, protect your data, prevent data loss, govern your data

For information about governing your data, see Microsoft Information Governance in Microsoft 365.

Know your data

To understand your data landscape and identify important data across your hybrid environment, use the following capabilities:

Capability What problems does it solve? Get started
Sensitive information types Identifies sensitive data by using built-in or custom regular expressions or a function, together with corroborative evidence that includes keywords, confidence levels, and proximity. Customize a built-in sensitive information type
Trainable classifiers (preview) Classifies data for you, using one of the built-in classifiers or train a classifier with your own content Get started with trainable classifiers (preview)
Data classification Identifies items that have a sensitivity label, a retention label, or have been classified as a sensitive information type in your organization and the actions that your users are taking on them Get started with content explorer

Get started with activity explorer

Protect your data

To apply flexible protection actions that include encryption, access restrictions, and visual markings, use the following capabilities:

Capability What problems does it solve? Get started
Sensitivity labels A single solution across apps, services, and devices to label and protect your data as it travels inside and outside your organization

Example scenario: Apply and view sensitivity labels in Power BI, and protect data when it is exported
Get started with sensitivity labels
Azure Information Protection unified labeling client For Windows computers, extends sensitivity labels for additional features and functionality that includes labeling and protecting all file types from File Explorer and PowerShell

Example additional features: Custom configurations for the Azure Information Protection unified labeling client
Azure Information Protection unified labeling client administrator guide
Double Key Encryption Under all circumstances, only you can ever decrypt protected content, or for regulatory requirements you must hold encryption keys within a geographical boundary Deploy Double Key Encryption
Office 365 Message Encryption (OME) Encrypts email messages and attached documents that are sent to any user on any device, so only authorized recipients can read emailed information

Example scenario: Revoke email encrypted by Advanced Message Encryption
Set up new Message Encryption capabilities
Service encryption with Customer Key Protects against viewing of data by unauthorized systems or personnel, and complements BitLocker disk encryption in Microsoft datacenters Set up Customer Key for Office 365
SharePoint Information Rights Management (IRM) Protects SharePoint lists and libraries so that when a user checks out a document, the downloaded file is protected so that only authorized people can view and use the file according to policies that you specify Set up Information Rights Management (IRM) in SharePoint admin center
Rights Management connector Protection-only for existing on-premises deployments that use Exchange or SharePoint Server, or file servers that run Windows Server and File Classification Infrastructure (FCI) Steps to deploy the RMS connector
Azure Information Protection unified labeling scanner Discovers, labels, and protects sensitive information that resides in data stores that are on premises Configuring and installing the Azure Information Protection unified labeling scanner
Microsoft Cloud App Security Discovers, labels, and protects sensitive information that resides in data stores that are in the cloud Discover, classify, label, and protect regulated and sensitive data stored in the cloud
Microsoft Information Protection SDK Extends sensitivity labels to third-party apps and services

Example scenario: Set and get a sensitivity label (C++)
Microsoft Information Protection (MIP) SDK setup and configuration

Prevent data loss

To help prevent accidental oversharing of sensitive information, use the following capabilities:

Capability What problems does it solve? Get started
Data loss prevention (DLP) Helps prevent unintentional sharing of sensitive items

Example scenario: Protect sensitive information in Microsoft Teams chat and channel messages
Get started with the default DLP policy
Endpoint data loss prevention (preview) Extends DLP capabilities to items that are used and shared on Windows 10 computers Get started with Endpoint data loss prevention (preview)