The offering is based on Redmond's October 2015 acquisition of Israeli firm Secure Islands, whose technology is being integrated into Azure Rights Management (RMS).
The aim, quoth Microsoftie Dan Plastina, is to use employee identity as the basis for protecting corporate information. The product, Azure Information Protection, will hit public preview in July.
Plastina says AIP will be designed to protect data from the time it's created.
At creation, data will be classified (either by the user, automatically, or by recommendation). The idea is that once data is labelled, protection follows it around (at least on iOS, Android and Windows), so that if a file is shared, the sender can allow it to be viewed, but not printed or forwarded.
Data access rights can be revoked, and there's logging and reporting to help track what's happening to data.
(Of course, someone of malicious intent can still go the long way around, and type their own copy of a datum if they wish, but nobody's every going to plug the QWERTY hole.)
The Technet post says when the new capabilities reach general availability, current Azure RMS customers will start to see the new functionality. ®