Microsoft Information Protection in Microsoft 365

Licensing for Microsoft 365 Security & Compliance

Implement Microsoft Information Protection (MIP) to help you discover, classify, and protect sensitive information wherever it lives or travels.

MIP capabilities are included with Microsoft 365 Compliance and give you the tools to know your data, protect your data, and prevent data loss.

Image of how MIP helps you discover, classify, and protect sensitive data

For information about governing your data, see Microsoft Information Governance in Microsoft 365.

Know your data

Note

For information about classifying and labeling data in Azure Purview, currently in preview, see Automatically label your content in Azure Purview.

For release announcements for Azure Purview, see the following blog posts: Microsoft Information Protection and Microsoft Azure Purview: Better Together and Azure Purview at Spring Ignite 2021.

To understand your data landscape and identify important data across your hybrid environment, use the following capabilities:

Capability What problems does it solve? Get started
Sensitive information types Identifies sensitive data by using built-in or custom regular expressions or a function. Corroborative evidence includes keywords, confidence levels, and proximity. Customize a built-in sensitive information type
Trainable classifiers Identifies sensitive data by using examples of the data you're interested in rather than identifying elements in the item (pattern matching). You can use built-in classifiers or train a classifier with your own content. Get started with trainable classifiers
Data classification A graphical identification of items in your organization that have a sensitivity label, a retention label, or have been classified. You can also use this information to gain insights into the actions that your users are taking on these items. Get started with content explorer

Get started with activity explorer

Protect your data

To apply flexible protection actions that include encryption, access restrictions, and visual markings, use the following capabilities:

Capability What problems does it solve? Get started
Sensitivity labels A single solution across apps, services, and devices to label and protect your data as it travels inside and outside your organization.

Example scenarios:
Manage sensitivity labels for Office apps
Encrypt documents and emails
Apply and view labels in Power BI

For a comprehensive list of scenarios for sensitivity labels, see the Get started documentation.
Get started with sensitivity labels
Azure Information Protection unified labeling client For Windows computers, extends sensitivity labels for additional features and functionality that includes labeling and protecting all file types from File Explorer and PowerShell

Example additional features: Custom configurations for the Azure Information Protection unified labeling client
Azure Information Protection unified labeling client administrator guide
Double Key Encryption Under all circumstances, only your organization can ever decrypt protected content or for regulatory requirements, you must hold encryption keys within a geographical boundary. Deploy Double Key Encryption
Office 365 Message Encryption (OME) Encrypts email messages and attached documents that are sent to any user on any device, so only authorized recipients can read emailed information.

Example scenario: Revoke email encrypted by Advanced Message Encryption
Set up new Message Encryption capabilities
Service encryption with Customer Key Protects against viewing of data by unauthorized systems or personnel, and complements BitLocker disk encryption in Microsoft datacenters. Set up Customer Key for Office 365
SharePoint Information Rights Management (IRM) Protects SharePoint lists and libraries so that when a user checks out a document, the downloaded file is protected so that only authorized people can view and use the file according to policies that you specify. Set up Information Rights Management (IRM) in SharePoint admin center
Rights Management connector Protection-only for existing on-premises deployments that use Exchange or SharePoint Server, or file servers that run Windows Server and File Classification Infrastructure (FCI). Steps to deploy the RMS connector
Azure Information Protection unified labeling scanner Discovers, labels, and protects sensitive information that resides in data stores that are on premises. Configuring and installing the Azure Information Protection unified labeling scanner
Microsoft Cloud App Security Discovers, labels, and protects sensitive information that resides in data stores that are in the cloud. Discover, classify, label, and protect regulated and sensitive data stored in the cloud
Microsoft Information Protection SDK Extends sensitivity labels to third-party apps and services.

Example scenario: Set and get a sensitivity label (C++)
Microsoft Information Protection (MIP) SDK setup and configuration

Prevent data loss

To help prevent accidental oversharing of sensitive information, use the following capabilities:

Capability What problems does it solve? Get started
Data loss prevention (DLP) Helps prevent unintentional sharing of sensitive items. Get started with the default DLP policy
Learn about Endpoint data loss prevention Extends DLP capabilities to items that are used and shared on Windows 10 computers. Get started with Endpoint data loss prevention
Learn about the Microsoft Compliance Extension (preview) Extends DLP capabilities to the Chrome browser Get started with the Microsoft Compliance Extension (preview)
Learn about Microsoft 365 data loss prevention on-premises scanner (preview) Extends DLP monitoring of file activities and protective actions for those files to on-premises file shares and SharePoint folders and document libraries. Get started with Microsoft 365 data loss prevention on-premises scanner (preview)
Protect sensitive information in Microsoft Teams chat and channel messages Extends some DLP functionality to Teams chat and channel messages Learn about the default data loss prevention policy in Microsoft Teams (preview)