Microsoft Security Product Hub

Information Protection and Governance


Protect your data and ensure compliance with security standards and regulations across Microsoft 365 apps and services, Power BI, Edge, Windows 10 and more. Classification and unified management of policies. Information Protection and Governance covers information governance, information protection, data loss prevention and records management with multiple sub components and well as Trainable Classifiers and Endpoint DLP that are covered in the Security Halo as separate sections.

Advanced Message Encryption provides policies and branding templates for encrypting email communications with third parties. Additional functionality includes scheduled expiration of access and immediate revocation of access if necessary.

Customer Key lets Microsoft 365 customers add extra protection against viewing data by letting organisations bring their own encryption keys for use in encrypting Microsoft 365 data and meeting regulatory or compliance requirements.

Double Key Encryption for Microsoft 365 uses a key Microsoft stores in Azure and another key the customer holds. Double Key Encryption supports cloud and on-premises deployments.

Information Governance helps to keep what has to be kept and delete what does not using retention policies and retention labels. After a retention policy or retention label time period has passed, the data can be deleted automatically.

Records Management is for content that needs to be defined as a record for regulatory, legal or internal requirements. This places restrictions on the records, logs activities on the item and can provide proof of disposition if records must be deleted after the retention period.

Rules based classification is made up of two components. For Office 365 content, rules based classification can assign a sensitivity label to content when it matches specified rules, so users do not need to classify content themselves. For content on SharePoint Server or file shares, AIP Scanner can be used to scan repositories and if required, classify content that matches specified rules.

Teams Data Loss Prevention extends Data Loss Prevention to Microsoft Teams channel and chat messages (in addition to Teams document storage in SharePoint Online) for licensed users.


  • Gain visibility and control data usage, and revoke access if necessary
  • Leverage machine learning to automatically classify unique data
  • Manage your content lifecycle to keep what you need and delete what you do not
  • Secure communications through encryption
  • Prevent data loss in Exchange, SharePoint, OneDrive and Teams
  • Meet regulatory, legal, and business-critical records compliance requirements
Secure Remote Work
Zero Trust