New Zealand | Azure Information Protection - Deployment - Part 1

Insentra - 10.06.2020

New Zealand | Azure Information Protection - Deployment - Part 1

Join our community of 1,000+ IT professionals, and receive tech tips and updates once a week.

Azure Information Protection – Deployment – Part 1

New Zealand | Azure Information Protection - Deployment - Part 1


Azure Information Protection (AIP) is a product from Microsoft which allows classification (or labelling, if you prefer) of information such as documents or emails. The service has now expanded (in preview at the time of writing) to allow classification of Office 365 Groups, Teams and SharePoint sites which adds critical functionality to assist with your data protection strategy.

In this blog; part 1 of a 4 part series, we will answer the questions: Why AIP? and How do I deploy AIP in a controlled way?

Important to note: Rolling out AIP can be quite different depending on the license type you have. This blog assumes you have Microsoft 365 E3 at a minimum which gives you the following :

  • Azure AD Premium P1
  • (DLP)

Upgrading to E5 adds a LOT of functionality, the main ones being Microsoft Cloud App Security (MCAS) and AIP P2 which adds automatic classification. Throughout this blog I will make it clear when referring to E5 features.

This blog helps to identify in more detail, the steps you can take to implement AIP in the correct order, ensuring a risk-managed and controlled outcome.

For Microsoft’s guidance on how to deploy AIP please refer to this guide


From working with several clients on their information and data protection strategies, we have adopted a Crawl, Walk, Run strategy for successful deployment, this is for a few reasons:

  1. Implementing products or features all at once can be challenging and in some cases impact productivity
  2. A lot of businesses don’t understand what data they have or access behaviour patterns etc.
  3. Statistics and data insights are required before you can make impactful decisions
  4. To be successful, user education and enablement is hugely important and this takes time

The phases we use are not hard and fast and tasks within each one can be moved around however, most of the Crawl tasks must be completed early on in the project.


With the majority of businesses moved to remote working, keeping control or governance of data has become increasingly difficult. AIP is one tool which forms part of a large strategy covering Information Protection as a whole. It’s not like the risk didn’t exist previously, but the global Covid-19 crisis has exacerbated and highlighted the situation.

Here are some of the risks:

  • Using work PC’s on unverified networks
  • (Shadow IT) such as a user using Box or Gmail for data when it should be in Office 365
  • No visibility into risk


Deploying AIP as part of an overall data protection strategy by adding things like conditional access (risk-based access control), MCAS, DLP, correct governance and, optionally, Torsion Information Security can assist with all of the above.

A valuable outcome from deploying AIP is visibility; beginning to understand your environment, how information is created, accessed, and shared. Finally, AIP can be addressed separately to other projects which focus on security and compliance, but we have found it is best addressed in conjunction with a wider security and compliance strategy in mind.

So its best to keep across the M365 roadmap. In part two we dive deeper into the Crawl segment of our Crawl, Walk, Run strategy.

Join the Insentra Community with the Insentragram Newsletter

Hungry for more?

If you’re waiting for a sign, this is it.

We’re a certified amazing place to work, with an incredible team and fascinating projects – and we’re ready for you to join us! Go through our simple application process. Once you’re done, we will be in touch shortly!

New Zealand | Azure Information Protection - Deployment - Part 1

Who is Insentra?

Imagine a business which exists to help IT Partners & Vendors grow and thrive.

Insentra is a 100% channel business. This means we provide a range of Advisory, Professional and Managed IT services exclusively for and through our Partners.

Our #PartnerObsessed business model achieves powerful results for our Partners and their Clients with our crew’s deep expertise and specialised knowledge.

We love what we do and are driven by a relentless determination to deliver exceptional service excellence.

New Zealand | Azure Information Protection - Deployment - Part 1

Insentra ISO 27001:2013 Certification

SYDNEY, WEDNESDAY 20TH APRIL 2022 – We are proud to announce that Insentra has achieved the  ISO 27001 Certification.