Azure Information Protection (AIP) helps classify and protects all of your documents and emails by applying labels. Labels can be applied by administrators after carefully defining conditions and rules.
The picture below shows Azure Information Protection applied on a document. The global administrator has configured rules in order to detect sensitive data for example, credit card information. Once a user try to save a document that includes a credit card number or financial information, a custom tooltip recommends a label that was applied by the global administrator. This label classifies the document and protects it.
You can now apply / enable Azure Information Protection labels on SharePoint Online and OneDrive. SharePoint distinguishes AIP sensitivity labels applied to Ms Office files in SharePoint / OneDrive and put into effect all the settings accordingly.
Whenever a particular file containing AIP sensitivity label is downloaded, the sensitivity label moves and stays with file and hence all settings stay enforced.
If you wish to work online on Ms word (web version of Ms Word), then you can make use of Auto labeling while editing documents.
In Office 365 you can set up a Data Loss Prevention (DLP) policy in order to enforce Azure Information Protection on SharePoint and One drive.
There is one major limitation while using Azure Information Protection encryption labels on SharePoint / Onedrive files.
After applying Azure Information Protection encryption to the files stored in office 365, Co-authoring, and other collaborative features stop working.
Data Loss Prevention (DLP) policies does not work with the contents of files.
The resolution involves user to decide on a label that applies the protection from Azure Information Protection. If you need automatic encryption and you need SharePoint to index and scrutinize the files, then you should consider using Information Rights Management (IRM) in SharePoint Online as it automatically encrypts the files. For more legit source of information, please see Mirosoft’s article that explains how to Set up Information Rights Management (IRM) in SharePoint admin center.
In view of the aforementioned, Azure Information Protection does offer protection on office 365 features including SharePoint Online and OneDrive for Business and offers encryption for files in three tiers of protection for data which is basic, sensitive and confidential.