News

Microsoft Ending Azure Information Protection Connections to Microsoft Defender for Endpoint

• By Kurt Mackie
• 02/17/2021

Microsoft is planning to end the integration of the Microsoft Defender for Endpoint security solution with the Azure Information Protection service on March 29, 2021, according to a Wednesday announcement.

Microsoft Defender for Endpoint was previously known as "Microsoft Defender Advanced Threat Protection." Microsoft made that product name change, and a few others, back in September. Microsoft also has a Data Loss Protection (DLP) service, which is used for protecting "sensitive data" in organizations. The DLP service works with Microsoft Defender for Endpoint to prevent the inadvertent disclosure of information, such as the appearance of credit card numbers and Social Security numbers in company e-mails.

Deprecation and Removal
Microsoft Defender for Endpoint reached "general availability" commercial-release status back in November. At that time, Microsoft had explained that Azure Information Protection was mostly just a holdover security solution for organizations that hadn't started using Microsoft 365 Apps for Enterprise, formerly known as "Office 365 ProPlus," a suite of familiar Office applications (Excel, PowerPoint and Word) that Microsoft sells on a subscription basis.

Now, it seems that organizations soon won't have the option to use the Azure Information Protection service to protect the data used with those Office apps. Microsoft wants organizations to use the Microsoft Defender for Endpoint's Data Loss Prevention (DLP) service instead. Next month, it'll end the Azure Information Protection connection, which had never progressed beyond the preview stage.

Microsoft is "deprecating" the integration. Usually, deprecation means Microsoft is stopping product development, and the solution may or may not continue to work. However, in this case, the integration will get removed from the Microsoft Defender Security Center portal. Microsoft is planning to kill that feature's on/off button in the portal in March.

"When deprecated, this setting [in the Microsoft Defender Security Center portal] will be removed, and Microsoft Defender for Endpoint will not forward signals to Azure Information Protection," the announcement explained.

Use DLP Instead
Despite its name, the Azure Information Protection service is just designed to protect Windows-based Office 365 application data. Microsoft argued that the Microsoft Defender for Endpoint DLP service is a more comprehensive protective solution.

"Endpoint DLP incorporates an improved discovery and protection solution for sensitive data stored on endpoint devices that facilitates greater visibility and integration between solutions," the announcement claimed.

The visibility enabled by Microsoft Defender for Endpoint DLP happens via "telemetry information and data discovery capabilities" that are built into the product. It checks file content for sensitive data, and it also tracks what users do with such data.

"Endpoint DLP monitors sensitive data for file access, copy, paste, print and saving to removable media, file shares and uploads via browsers for Office 365, PDF, and CSV files without requiring the configuration of policies," the announcement explained.

Microsoft's notice may seem like a short one for organizations using the Azure Information Protection service. However, under the terms of Microsoft's Modern Lifecycle Policy, which applies to its services, Microsoft only has to give a 30 days advance notice, at best, when it plans to end a product, provided that no alternative service is offered.