We all feel that it is necessary to protect sensitive information, regulations like GDPR or not, there is no discussion about it. We can achieve that by adding permissions so only well-specified people can read or change the content. With Azure Information Protection we take it a step further. By classifying the content we can also define additional protection. The content is protected by using an encryption mechanism based on rights management. When somebody wants to open the document the Azure Information Protection plugin will connect back with Azure Information Protection, decrypting the document if the user has the permission to do so.
We use these different layers of permissions, encryptions but in the end, all these mechanisms don’t mean anything if your authentication is not of the same strength. We can do that using multi-factor authentication. However, sometimes organizations don’t want such a strict authentication process. Sensitive information needs more security and if you feel you need it, you can increase your authentication process selectively for Azure Information Protection. With Conditional Access, we can increase the authentication to a multi-factor authentication based on an application, in this case, the application is Azure Information Protection.
With this setup, even if the basic authentication does not require multi-factor authentication, because the application that asks Azure Active Directory for an authentication is Azure Information Protection, the Conditional Access will require the authentication process to be increased with multi-factor.
What is the procedure for this?
- Login to portal.azure.com
- Go to Azure Active Directory
- Go to Conditional Access
- Click New Policy
- Give the policy a name
- Click Cloud Apps and Select the Cloud App Azure Information Protection
- Click Grant and check Require multi-factor authentication
- Enable the policy
So since we are building custom layers of permissions and security, it only makes sense we customize our authentication process based on our requirements. With conditional access, you can. One side note, for conditional access you need Azure Active Directory Premium. In my opinion, it is worth the additional cost.