Organizations across all industries handle sensitive information, making data protection a top priority. With the sheer volume of data created daily, manually labeling each item with an appropriate sensitivity label is impractical. Thankfully, Azure Information Protection (AIP) offers a solution with automatic data classification. This blog will guide you through setting up AIP automatic data classification.
Understanding Automatic Data Classification
Azure Information Protection includes a feature that automatically classifies new files based on predefined ‘conditions’ or ‘policies.’ For example, if a file contains certain keywords or phrases, is sent to an unknown recipient, or lacks email content, AIP can apply specific labels to manage what happens to the file. These labels can enforce actions such as preventing the data from leaving the company or requiring encryption before viewing. Labels can also be simpler, such as requiring recipients to attach their names to their replies.
Predefined Information Types
Azure Information Protection supports numerous predefined information types, including:
- Social security numbers
- Driver’s license numbers
- Credit card numbers
- National identification numbers
- Passport numbers
These predefined types help meet various regulatory requirements worldwide by providing comprehensive data protection.
Configuring Automatic Data Classification via AIP
To configure automatic data classification in Azure Information Protection, follow these steps:
- Open Azure Portal: Sign in to the Azure portal.
- Access AIP: Navigate to Azure Information Protection by searching for it under “View all services.”
- Select Label: In the labels section, select the label you want to update and enable automatic classification for.
- Add Condition: From the ‘Policy’ window, click ‘Add a new condition’ under ‘Configure conditions for automatically applying this label.’
- Specify Industry and Information Type: Choose the industry (e.g., Financial) and the type of information (e.g., Credit Card Number) you are targeting.
- Set Minimum Occurrences: Define the minimum occurrences for your condition to hold. For instance, setting this to 1 will trigger the classifier if any document contains at least one credit card number.
- Save Condition: Save the configured condition.
- Apply to Label: Apply it to the selected label and choose ‘Automatic’ under ‘Select how this label is applied.’ Optionally, customize the text for the label application tip.
- Confirm Changes: Confirm and save the label changes.
Testing Automatic Data Classification
After configuring automatic data classification, test its functionality to ensure it works correctly:
- Generate Test Document: Create or obtain a document with sensitive information that matches the configured condition.
- Upload Test File: Upload the test file to a storage container.
- Check Classification: Use the Azure Information Protection add-in to view the classification data. Ensure the document is classified automatically according to the specified condition.
Automatic data classification enables organizations to systematically protect sensitive data using Azure Information Protection. By evaluating fields in JSON content and matching them to predefined information types and custom conditions, AIP automates the process of identifying and classifying data. This automation speeds up the protection of sensitive content and mitigates potential legal, financial, or reputational risks.