HOW SMARTENCRYPT

COMPLEMENTS AND
ADDS VALUE TO
MICROSOFT SOLUTIONS

TM
SECURITY OFFERINGS BY PLAN
TM

OVERVIEW

Microsoft plan Security option SmartEncrypt value add

Microsoft apps for No native Microsoft security option for either SmartEncrypt enables granular folder and file-
business and for plan unless on Windows 10 Pro, which includes level encryption to protect high-value and
enterprise BitLocker Full Disk Encryption. sensitive files.

Business basic and Business Basic and Standard plans introduce basic SmartEncrypt enables granular folder and file-
business standard auditing however this feature provides not data level encryption to protect high-value and
protection capabilities. sensitive files.
As above, the only any path to any data protection
encryption is for these users to be on Windows 10
Pro which includes BitLocker Full Disk Encryption.

Business premium Introduces Microsoft security capabilities, starting SmartEncrypt enables granular folder and file-
with the inclusion of Azure Information Protection level encryption to protect high-value and
– Premium Plan 1. sensitive files.
A more detailed solution overview, including Microsoft data security solutions, if combined
strengths and limitations is available in the Microsoft and configured in the correct manner, can be
security technology comparison table. extremely effective in protecting ‘Microsoft-
friendly’ file types.
Note: Not all solutions are effective for all partners
and their customers. Combined and configured SmartEncrypt has the ability to protect ALL file
correctly, these technologies can be an extremely types with encryption while also being easy to
good and cost-effective solution for protecting set up, complementing existing infrastructure
mostly Microsoft Office file content managed and ensuring all files not just Microsoft files are
in the Microsoft ecosystem. safe.

2 rhipe.com
MICROSOFT SECURITY TECHNOLOGY
TM

COMPARISON

THE SMARTENCRYPT
Azure Information Protection (AIP) VALUE ADD
AIP P1 Provides manual file tracking and revocation of text, image files and Microsoft Office (Word, Excel,
PowerPoint) files, as well as limited protection of Portable Document Format (.pdf) files using Information AIP is great solution for Office files, but:

Rights Management technology. • Complex to setup;

• Manual to use (in this package)
IRM is a good technology to protect Office files when sending them externally as it allows users to apply
controls such as preventing copying or printing, or the ability to revoke access if required. • Has major limitations in the files types
it can protect.
SmartEncrypt is unlikely able to compete
if the customer data is predominantly Office
How does it work?
files*, BUT if they have files such as CAD files,
• Documents are selected for protection manually by the user accounting or payroll files, or medical files
(in AIP P1). requiring protection, SmartEncrypt is a
possible up sell.
• Permissions are set for who can access the document or image.
*Including files produced by Microsoft Office
• Once shared only authorised users can access the content. applications, text files, image files such as .jpg,
.png, .tiff, etc and .PDF files.

Strengths Limitations

• Great for controlling • Not file agnostic – limited to Office files, • Complex to setup – highly technical to deploy
shared Office files. text and images files. and manage.
• Has tracking and • Does not protect zip or rar archive files. • Creates a new file extension for protected
revocation of files. files, so they cannot work with general Office-
• Limitations with password-protected files
compatible applications.
• Can share a file and prevent and protected or form-based PDF files.
printing or revoke access • Manual protection with AIP P1, so users must
• Requires internet connection to access files.
at the push of a button. remember to manually protect the files.

3 rhipe.com
MICROSOFT SECURITY TECHNOLOGY
TM

COMPARISON

Windows Information Protection THE SMARTENCRYPT

VALUE ADD
(PART OF AIP PREMIUM PLAN 1)
Will ultimately provide similar outcomes to
This tool is similar to SmartEncrypt in terms of technology as it is designed to automatically SmartEncrypt but far more complex to setup
encrypt files to prevent theft. Due to some limitations, adoption has been slow. for the SMB market.
 martEncrypt is a good alternative for
S
organisations considering WIP as it is much
How does it work? easier to deploy and use, particularly for files
created by non-Microsoft as this avoids the
• Automatically encrypt files created from designated • A key piece of the design was to allow for BYOD usage, with
need to enlighten third-party applications.
applications using the Azure Tennant encryption key. users choosing data as personal or corporate.
This, however, is manual and not particularly successful.
• Default applications include Microsoft Office suite
and some windows applications such as notepad. • Requires Microsoft Intune, System Center Configuration
Manager 2016, or other mobile device management
• Third-party applications can be enlightened manually
(MDM) systems to configure, deploy, and manage.
to work with WIP.
• WIP file encryption is designed to protect data from
access from non-corporate users.

Strengths Limitations

• Ability to wipe corporate • Very complex to setup and requires a high level • Encrypted files cannot be uploaded via a browser
data from devices of technical knowledge. (eg to SharePoint On line) as this action is blocked.
remotely while leaving
• All users must be on line and connected to AD. • WIP is designed for use by a single user per device.
personal data intact.
• Files that are encrypted cannot be shared • Resilient File System (ReFS) isn’t currently
• No agent is required when
externally as it uses the Azure Tennant supported with WIP.
protecting data generated
Encryption key.
by Microsoft applications. • Only enlightened apps can be managed without
• Users cannot decrypt files once encrypted and device enrollment
cannot switch to personal if incorrectly flagged
• If Cortana (Windows 10 virtual assistant) is added
as corporate (hence unpopular with BYOD).
as a protected app, it can still cause data leakage.
• BYOD devices must be enrolled to work with
• Preview pane in File Explorer will not work for
non-Microsoft applications.
encrypted files.
• Uses NTFS EFS Encryption so does not work for
• Windows 10 only, so all devices must be
network files shares and FAT32 USB devices.
Windows 10 to open encrypted files.

4 rhipe.com
MICROSOFT SECURITY TECHNOLOGY
TM

COMPARISON

Microsoft Data Loss Prevention

THE SMARTENCRYPT
(PART OF AIP PREMIUM PLAN 1) VALUE ADD
With a data loss prevention (DLP) policy in the Office 365 Security & Compliance Center, Identify sensitive M365 DLP is not a complete DLP solution
information across many locations, such as Exchange On line, SharePoint On line, OneDrive for Business, and to protect data.
Microsoft Teams.  martEncrypt sits well as a complementary
S
product by being able to protect all files,
How does it work?
regardless of file type. Coupling SmartEncrypt
• Administrators create policies that define what is considered • Violations of predefined policies are detected and remediated with MS DLP means that text content
as ‘sensitive’ data (typically driven by predefined templates through actions such as blocking copy and paste, renaming or in messages in Outlook and Teams
such as credit card, fax file number and protection or moving files and preventing attaching or pasting text in emails. is also protected.
regulatory compliance).
If a company is more interested in protecting
the files themselves, regardless of file type,
then SmartEncrypt is better positioned
Strengths Limitations
to do so.

• Good for protecting Office • Limited ‘stop and block’ approach to DLP • Does not protect files from being copied to/
files in Exchange On to remove sensitive data based on data from network locations, USB media, Bluetooth
line, SharePoint On line, classification and policies. or uploaded to the cloud via non-Microsoft
OneDrive for Business, and web browsers.
• Like most DLP product requires up-to-date
Microsoft Teams.
policies that define what files need to be • Limited files that can be read with the
• Protect text in emails and protected, failure to maintain policies makes eDiscovery engine to classify and protect.
Office files attachments the technology obsolete, this is an ongoing
• Users can easily by-pass the system
leaving via emails task and add to the cost of ownership.
in organisations that are not heavily locked
• Limited to Office files and text in Exchange On down to Microsoft-only software.
line, SharePoint On line, OneDrive for Business,
and Microsoft Teams.

5 rhipe.com
CONTACT US
Australia 1300 751 723
New Zealand 0800 493 633

TM