Azure Information Protection / Reporting / Security

Azure Information Protection dashboards

Posted by

SharePoint Conference 2019 is nearing the end this week. And it provides us with a lot of new and highly anticipated enhancements. One of which is the announcement for the sensitivity labels private preview. Earlier this month these labels have become General Available (GA) in most Office 365 tenants. And Microsoft is now preview sensitivity labels for SharePoint sites and integration with SharePoint Online.

Yeah! No more error’s like “Document cannot be opened because it is protected by IRM”.

Well, with these kinds of developments getting all the limelight, one might forget that there’s still the Azure Information Protection environment and portal. And that environment also get’s regular updates. And I want to use this blog to quickly draw your attention to some preview functions.

Please note though, that although these are “preview” functions, they were first announced late 2018. So that’s quite some time for a preview 🙂

AzureIP Reporting

In some of my earlier posts (for example, this one) I reported (pun intended) on the integration between AzureIP and Log Analytics. In the meantime, this integration has resulted in more dashboards.

As an admin or compliance officer you now have the option to discover sensitive information, see how AzureIP is being used within the organisation and get recommendations based on scanned documents.

The data provided is gathered using the AzureIP client, scanner, sensitivity (unified) client and from Windows computers running Microsoft Defender ATP. If you don’t appreciate the gathering of this data, then you can simply turn this feature of with your AzureIP policy.

There’s some configuration to be done in orde to get this to work. For one, you will need a Log Analytics workspace to store the data. But after setting up, the data will appear on your dashboards.  In order to read the data in the dashboards, you will need at lease the Azure AD administrator Security reader role and the Log Analytics Reader role.

Usage report

The usage report is your starting-point dashboard. It contains an overview of activity within your environment.

Activity logs

The activity logs contain much more information. Any action by the AzureIP or unified client can be seen in this dashboard.

The information is quite extensive. Included is the path, application and information protection properties. When the client is used (for example, from Windows Explorer) this is noted as “MSIP.APP”.


Data discovery and recommendations

The data discovery and recommendations dashboards gets their information from the AzureIP Scanner or Microsoft Defender ATP. It shows information which has been scanned in one or more repositories. In one of the earlier incarnations of the scanner, you needed to access the logs to be able to get this kind of information. Now you can simply access it using the dashboard.

Wrapping up

I know that the new unified labeling solution also offers more insights into the usage of labels. But using this article I wanted to show that the original AzureIP portal now contains highly usable dashboards to manage your sensitive information and classification needs.

More information?

This article goes into the depth of AzureIP reporting: https://docs.microsoft.com/en-us/azure/information-protection/reports-aip

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s