Overview of the Azure Information Protection policy

Applies to: Azure Information Protection

Instructions for: Azure Information Protection client for Windows

Note

The Azure Information Protection policy applies to the Azure Information Protection client (classic) and not the Azure Information Protection unified labeling client. Not sure of the difference between these clients? See this FAQ.

If you are looking for information about sensitivity labels, see the Microsoft 365 Compliance documentation. For example, Learn about sensitivity labels.

An Azure Information Protection policy contains the following elements that you can configure:

  • Which labels are included that let administrators and users classify (and optionally, protect) documents and emails.

  • Title and tooltip for the Information Protection bar that users see in their Office applications.

  • The option to set a default label as a starting point for classifying documents and emails.

  • The option to enforce classification when users save documents and send emails.

  • The option to prompt users to provide a reason when they select a label that has a lower sensitivity level than the original.

  • The option to automatically label an email message, based on its attachments.

  • The option to control whether the Information Protection bar is displayed in Office applications.

  • The option to control whether the Do Not Forward button is displayed in Outlook.

  • The option to let users specify their own permissions for documents.

  • The option to provide a custom help link for users.

Azure Information Protection comes with a default policy, which contains five main labels. Two of these labels contain sublabels to provide subcategories, when needed.

When a label is configured for sublabels, users cannot select the main label but must select one of the sublabels. In this scenario, the main label is supported as a display container only for the name and color.

The Azure Information Protection labels can be used with the full range of data that an organization typically creates and stores, from the lowest classification of personal data, to the highest classification of highly confidential data.

You can use the default labels without changes, or you can customize them, or you can delete them, and you can create new labels. For full instructions, see Configuring the Azure Information Protection policy.

Next steps

For examples of how to customize the Azure Information Protection policy, and see the resulting behavior for users, try the following tutorials: