Today, Microsoft announced Azure Information Protection (AIP), a new system to help protect sensitive data even as it moves between applications and organizations. AIP builds on the existing Azure Rights Management (RMS) system to add data labelling and classification to ensure that the right protection policies are applied to sensitive data at the time it is created, to help restrict data leaks.
Azure RMS provides a cloud-based system for performing rights management of sensitive information. With RMS, documents are encrypted and restricted in various ways; opening them requires authentication against Azure Active Directory (AD), allowing the usage of the documents to be tracked and recorded. Once opened, the documents can have their usage restricted to prevent, for example, printing or editing.
Unlike a traditional password-protected document, where knowing the password is sufficient to give permanent access to the file, the online authentication used by RMS means that access can be controlled on a more continuous basis. Accounts showing suspicious behavior such as impossible travel (where logins are made from different places around the world faster than one could travel between those places) can be locked out, blocking access to protected data.