Protect and Encrypt Documents

As Microsoft ended support for classic protection templates at the end of March 2021, you need to install the AIP client described later to protect files with the volume license editions of Microsoft Office. Note that file protections you have already set are still valid.


Azure Information Protection (AIP) is a cloud-based encryption service that uses the authentication of Microsoft 365 to protect files and emails.

Azure Information Protection is available to all the members of Kyushu University and supported on various devices (Windows, macOS, iOS / iPadOS, Android). Authorized users only can decrypt the content. You can also set protection conditions (print, transfer, copy, edit, screen capture, deadline, and so on).

Please use this service to securely store and share information classified to confidential level 2 or 3 of the Kyushu University regulations on information clasifications and restrictions (2017 Kyushu University Regulations No. 58).


  • If you are using Microsoft 365 Apps for enterprise on Windows, or if you are using Office for Mac, you don’t need to install additional software.
  • If you are using volume license editions of Office on Windows, you need to install the following AIP client.
  • To protect PDF files, you need to use the following AIP client on Windows.
  • You cannot encrypt PDF files on macOS, but you can view protected PDF files using Acrobat Reader with installing the following plug-in.

AIP client for Windows

Download and install from the following Microsoft official download center.

Plug-in for Acrobat Reader

To view protected PDF files with Adobe Acrobat or Acrobat Reader, download and install the following MIP plug-in.

How to protect Office files

Manual by Microsoft:
Apply sensitivity labels to your files and email in Office

How to protect PDF files

Please install the AIP client on Windows and protect the files.
For more information, see “User Guide - Using File Explorer to classify and protect files.”

Sensitivity labels

Check the predefined permissions for each sensitivity label.

  • Confidentiality 1
    No protection (no encryption)
  • Confidentiality 2
    Protected for Microsoft accounts (encrypted)
    • All Members:
      All users who can sign in to Microsoft 365 of Kyushu University (including the grace period after leaving from the university such as graduation and retirement)
    • All Faculty and Staff:
      All present faculty and staff members (category A & B)
    • All Employees:
      Faculty and staff in category A
  • Confidentiality 3
    Protected for Microsoft accounts (encrypted)

Categories of faculty and staff on the sensitivity labels

  • Category A: Faculty and staff with personal numbers for human resources and payroll
  • Category B: Professors emeritus and members who have obtained SSO-KID by application
Collaborative Infrastructure Working Group, Information Infrastructure Initiative, Kyushu University