Azure Active Directory Azure Information Protection Sensitive Information

Increase authentication for sensitive content by adding Multi-Factor Authentication to Azure Information Protection

We all feel that it is necessary to protect sensitive information, regulations like GDPR or not, there is no discussion about it. We can achieve that by adding permissions so only well-specified people can read or change the content. With Azure Information Protection we take it a step further. By classifying the content we can also define additional protection. The content is protected by using an encryption mechanism based on rights management. When somebody wants to open the document the Azure Information Protection plugin will connect back with Azure Information Protection, decrypting the document if the user has the permission to do so.

We use these different layers of permissions, encryptions but in the end, all these mechanisms don’t mean anything if your authentication is not of the same strength. We can do that using multi-factor authentication. However, sometimes organizations don’t want such a strict authentication process. Sensitive information needs more security and if you feel you need it, you can increase your authentication process selectively for Azure Information Protection. With Conditional Access, we can increase the authentication to a multi-factor authentication based on an application, in this case, the application is Azure Information Protection.

With this setup, even if the basic authentication does not require multi-factor authentication, because the application that asks Azure Active Directory for an authentication is Azure Information Protection, the Conditional Access will require the authentication process to be increased with multi-factor.

What is the procedure for this?

    1. Login to portal.azure.com
    2. Go to Azure Active Directory
    3. Go to Conditional Access
    4. Click New Policy
    5. Give the policy a name
    6. Click Cloud Apps and Select the Cloud App Azure Information ProtectionScreen Shot 2018-04-04 at 5.42.05 PM
    7. Click Grant and check Require multi-factor authenticationScreen Shot 2018-04-04 at 6.24.48 PM
    8. Enable the policy

 

So since we are building custom layers of permissions and security, it only makes sense we customize our authentication process based on our requirements. With conditional access, you can. One side note, for conditional access you need Azure Active Directory Premium. In my opinion, it is worth the additional cost.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s