![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 77%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
Azure Information Protection
An Azure service that is used to control and help secure email, documents, and sensitive data that are shared outside the company.
530 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Hi @Shim Kwan ,
As you correctly mentioned, by default, Azure Information Protection comes with a Global policy that is applied to all users in the tenant. You can edit this policy, but you can't delete it. You can also create new policies and configure them however you would like, but the Global policy will always be there.
We don't have a specific best practices guide around the Global policy, but we do have a deployment guide with best practices for business decision makers and IT implementers. The specific edits you might want to make will depend on your individual compliance standards. For example, you might decide that you want to add a "Top Secret" label to the Global policy. Then you can create a protected document labeled "Top Secret" and assign access rights to document viewers. Custom configuration options are listed here.
There are many scenarios where a user may want to have multiple AIP policies. For example, you might want to create a policy that states that "All documents and emails must have a label" and apply this policy only to Office documents and not to Outlook messages, but you may still want to have a separate policy that applies labels to emails with attachments.
With unified labeling a single label can be associated with multiple policies. This means that publication policies for each user set includes all of the relevant labels required rather than having to be constructed by adding labels to global and scoped policies.
Let me know if this helps answer your question.
-
If this answer helps resolve your question, please remember to "mark as answer" so that others in the community with similar questions can more easily find a solution.