I read this site, and skimmed https://docs.microsoft.com/en-us/azure/information-protectio... , and I still don't know how it works. If I copy a "protected" file to my disk, how can it block me from viewing it? Or, conversely, how does it allow me to view it? Are the files encrypted, and my computer would request a key from MS's servers? And Windows would apply some DRM to prevent me from intercepting the key, or copying the decrypted files from RAM?
As for the AIP client I don’t know the technicals details on how it’s protected , but for the Information rights management in Sharepoint , the file will be encrypted on download and office apps will handle the decryption and making sure every 10 days you are able to login (have valid credentials) and won’t open if you don’t. It’s still possible to open the files , copy and paste on an unprotected file and save it on external storage and it will always be accessible, but this would mean a lot of work and most office users wouldn’t know they needed to do it.
Btw, just read that Microsoft has stopped developping the client app used to encrypt files for the Azure Information Protection, concentrating in native integration on Office Desktop Apss (Information rights management in sharepoint). I've updated the blog post.
4 comments
[ 34.7 ms ] story [ 30.4 ms ] threadhttps://techcommunity.microsoft.com/t5/security-compliance-a...