azure-information-protection
$
npx mdskill add MicrosoftDocs/Agent-Skills/azure-information-protectionConfigure and deploy Azure Information Protection systems effectively.
- Selects between Azure RMS and AD RMS environments for projects.
- Manages key migration and policy configuration across systems.
- Retrieves documentation via Microsoft Docs or web fetch tools.
- Delivers guidance through local references and remote data access.
SKILL.md
.github/skills/azure-information-protectionView on GitHub ↗
--- name: azure-information-protection description: Expert knowledge for Azure Information Protection development including best practices, decision making, configuration, and deployment. Use when choosing Azure RMS vs AD RMS, migrating keys/policies, configuring RMS connector/MSIPC, or monitoring RMS logs, and other Azure Information Protection related development tasks. Not for Azure Key Vault (use azure-key-vault), Azure Security (use azure-security), Azure Defender For Cloud (use azure-defender-for-cloud), Azure Sentinel (use azure-sentinel). compatibility: Requires network access. Uses mcp_microsoftdocs:microsoft_docs_fetch or fetch_webpage to retrieve documentation. metadata: generated_at: "2026-02-28" generator: "docs2skills/1.0.0" --- # Azure Information Protection Skill This skill provides expert guidance for Azure Information Protection. Covers best practices, decision making, configuration, and deployment. It combines local quick-reference content with remote documentation fetching capabilities. ## How to Use This Skill > **IMPORTANT for Agent**: Use the **Category Index** below to locate relevant sections. For categories with line ranges (e.g., `L35-L120`), use `read_file` with the specified lines. For categories with file links (e.g., `[security.md](security.md)`), use `read_file` on the linked reference file > **IMPORTANT for Agent**: If `metadata.generated_at` is more than 3 months old, suggest the user pull the latest version from the repository. If `mcp_microsoftdocs` tools are not available, suggest the user install it: [Installation Guide](https://github.com/MicrosoftDocs/mcp/blob/main/README.md) This skill requires **network access** to fetch documentation content: - **Preferred**: Use `mcp_microsoftdocs:microsoft_docs_fetch` with query string `from=learn-agent-skill`. Returns Markdown. - **Fallback**: Use `fetch_webpage` with query string `from=learn-agent-skill&accept=text/markdown`. Returns Markdown. ## Category Index | Category | Lines | Description | |----------|-------|-------------| | Best Practices | L32-L36 | Monitoring and troubleshooting Azure RMS connector health, tracking Azure Rights Management usage, and interpreting logs/metrics for ongoing protection service reliability. | | Decision Making | L37-L41 | Guidance on choosing between Azure Rights Management and on-premises AD RMS, including feature, deployment, security, and migration considerations. | | Configuration | L42-L46 | Configuring and deploying the Windows RMS (MSIPC) client and setting required registry values for RMS connectors on servers for Azure Information Protection. | | Deployment | L47-L61 | Deploying the RMS connector and step-by-step guidance for migrating on-prem AD RMS (keys and policies) to Azure Information Protection, including HSM and software key migration. | ### Best Practices | Topic | URL | |-------|-----| | Monitor RMS connector health and Azure RMS usage | https://learn.microsoft.com/en-us/azure/information-protection/monitor-rms-connector | ### Decision Making | Topic | URL | |-------|-----| | Decide between Azure Rights Management and AD RMS | https://learn.microsoft.com/en-us/azure/information-protection/compare-on-premise | ### Configuration | Topic | URL | |-------|-----| | Configure RMS connector registry settings on servers | https://learn.microsoft.com/en-us/azure/information-protection/rms-connector-registry-settings | ### Deployment | Topic | URL | |-------|-----| | Configure on-premises servers to use the RMS connector | https://learn.microsoft.com/en-us/azure/information-protection/configure-servers-rms-connector | | Deploy Microsoft Rights Management connector for on-premises servers | https://learn.microsoft.com/en-us/azure/information-protection/deploy-rms-connector | | Install and configure the RMS connector for AIP | https://learn.microsoft.com/en-us/azure/information-protection/install-configure-rms-connector | | Prepare environment for Phase 1 AD RMS to AIP migration | https://learn.microsoft.com/en-us/azure/information-protection/migrate-from-ad-rms-phase1 | | Execute Phase 2 of AD RMS to AIP migration | https://learn.microsoft.com/en-us/azure/information-protection/migrate-from-ad-rms-phase2 | | Complete Phase 3 of AD RMS to AIP migration | https://learn.microsoft.com/en-us/azure/information-protection/migrate-from-ad-rms-phase3 | | Run Phase 4 tasks for AD RMS to AIP migration | https://learn.microsoft.com/en-us/azure/information-protection/migrate-from-ad-rms-phase4 | | Finalize Phase 5 of AD RMS to AIP migration | https://learn.microsoft.com/en-us/azure/information-protection/migrate-from-ad-rms-phase5 | | Migrate AD RMS deployments to Azure Information Protection | https://learn.microsoft.com/en-us/azure/information-protection/migrate-from-ad-rms-to-azure-rms | | Migrate HSM-protected AD RMS key to AIP HSM key | https://learn.microsoft.com/en-us/azure/information-protection/migrate-hsmkey-to-hsmkey | | Migrate software-protected AD RMS key to AIP HSM key | https://learn.microsoft.com/en-us/azure/information-protection/migrate-softwarekey-to-hsmkey | | Migrate software-protected AD RMS key to AIP software key | https://learn.microsoft.com/en-us/azure/information-protection/migrate-softwarekey-to-softwarekey |
More from MicrosoftDocs/Agent-Skills
- azure-active-directory-b2cExpert knowledge for Azure Active Directory B2C development including troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when building B2C user flows/custom policies, configuring IdPs/MFA, securing APIs, automating CI/CD, or monitoring with Sentinel, and other Azure Active Directory B2C related development tasks. Not for Azure Role-based access control (use azure-rbac), Azure Information Protection (use azure-information-protection), Azure Security (use azure-security), Azure Sentinel (use azure-sentinel).
- azure-advisorExpert knowledge for Azure Advisor development including best practices, decision making, limits & quotas, security, configuration, and integrations & coding patterns. Use when creating Advisor alerts, workbooks, Resource Graph queries, migration risk views, or sovereign-cloud setups, and other Azure Advisor related development tasks. Not for Azure Cost Management (use azure-cost-management), Azure Monitor (use azure-monitor), Azure Policy (use azure-policy), Azure Security (use azure-security).
- azure-ai-visionExpert knowledge for Azure AI Vision development including decision making, limits & quotas, configuration, integrations & coding patterns, and deployment. Use when using Image Analysis, Read OCR containers, smart-crop thumbnails, background removal, or video frame analysis, and other Azure AI Vision related development tasks. Not for Azure AI Custom Vision (use azure-custom-vision), Azure AI Video Indexer (use azure-video-indexer), Azure AI Document Intelligence (use azure-document-intelligence), Azure AI Immersive Reader (use azure-immersive-reader).
- azure-aks-edge-essentialsExpert knowledge for Azure Kubernetes Service Edge Essentials development including troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when managing AKS Edge/Arc clusters, Arc onboarding, SDN/AKS on Windows Server, IoT/AI workloads, or TPM/camera/OPC UA integration, and other Azure Kubernetes Service Edge Essentials related development tasks. Not for Azure Kubernetes Service (AKS) (use azure-kubernetes-service), Azure IoT Edge (use azure-iot-edge), Azure Stack Edge (use azure-stack-edge), Azure Container Apps (use azure-container-apps).
- azure-analysis-servicesExpert knowledge for Azure Analysis Services development including troubleshooting. Use when configuring server firewalls, VNets, gateways, client connection strings, or reviewing connection logs, and other Azure Analysis Services related development tasks. Not for Azure Synapse Analytics (use azure-synapse-analytics), Azure SQL Database (use azure-sql-database), Azure SQL Managed Instance (use azure-sql-managed-instance), SQL Server on Azure Virtual Machines (use azure-sql-virtual-machines).
- azure-anomaly-detectorExpert knowledge for Azure AI Anomaly Detector development including troubleshooting, best practices, limits & quotas, configuration, and deployment. Use when tuning Docker-based Anomaly Detector, ACI or IoT Edge deployments, univariate/multivariate APIs, or service limits, and other Azure AI Anomaly Detector related development tasks. Not for Azure AI Metrics Advisor (use azure-metrics-advisor), Azure Monitor (use azure-monitor), Azure Machine Learning (use azure-machine-learning).
- azure-api-centerExpert knowledge for Azure Api Center development including best practices, security, configuration, integrations & coding patterns, and deployment. Use when automating API linting/registration, syncing with API gateways, customizing the portal, or managing API inventory, and other Azure Api Center related development tasks. Not for Azure API Management (use azure-api-management), Azure App Service (use azure-app-service), Azure Functions (use azure-functions).
- azure-api-managementExpert knowledge for Azure API Management development including troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when integrating APIM with Event Hubs/Service Bus/LLMs, configuring policies, securing with Entra ID/OAuth2, or deploying self-hosted gateways, and other Azure API Management related development tasks. Not for Azure Application Gateway (use azure-application-gateway), Azure Front Door (use azure-front-door), Azure Web Application Firewall (use azure-web-application-firewall), Azure Service Bus (use azure-service-bus).
- azure-app-configurationExpert knowledge for Azure App Configuration development including troubleshooting, best practices, decision making, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when using feature flags, dynamic refresh, snapshots, geo-replication, or Key Vault–backed configurations, and other Azure App Configuration related development tasks. Not for Azure App Service (use azure-app-service), Azure Key Vault (use azure-key-vault), Azure Automation (use azure-automation).
- azure-app-serviceExpert knowledge for Azure App Service development including troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when choosing App Service plans, configuring VNet/ASE, setting auth/TLS, deploying via CI/CD/slots, or using WebJobs, and other Azure App Service related development tasks. Not for Azure Functions (use azure-functions), Azure Container Apps (use azure-container-apps), Azure Spring Apps (use azure-spring-apps), Azure Static Web Apps (use azure-static-web-apps).