1. The user can identify data via manual tagging -- a user in Word tags a document as, for example, PCI-sensitive information. The administrator can also define automatic tags so that any document stored on a particular share is instantly tagged and classified a certain way. You can also tag based on applications.

2. Via these tags, central access policies are defined. You can use a regular Express-based language to define conditions for access based on claims for a user, claims from a device and the file tags themselves. Users can also request remediation when they are denied access, instead of just being booted and left wondering.

3. As the tags and access policies develop on the infrastructure, administrators can define central audit policies across all of their file servers. Much like the set of policy tools that has been included in Windows Server for group policy for many years, there is a what-if simulation tool that lets you see the effects of proposed changes to access, tags or both.

4. Data is automatically protected, in that Office documents get Rights Management Service (RMS)-based protection based on their tags, and non-Office file objects can have RMS protectors written for them.