Our technical writer, Carol Bailey, is letting you know what’s new and hot in the docs for this month. Happy Halloween!
Dan (on behalf of the Information Protection team)
The Documentation for Azure Information Protection (formerly Azure Rights Management) has been updated on the web and the latest content has an October 2016 (or later) date at the top of the article.In addition to the doc updates listed below, the RMS Protection Cmdlets documentation is also updated for a recent release of the RMS Protection Tool (version 188.8.131.52 of the PowerShell module, now on the Download Center). I’m happy to report that most of the doc updates were for removing limitations that were documented for the previous version: You can now unprotect protected voice mails (Unified Messaging), unprotect .eml files, and there’s no longer a dependency on Microsoft Outlook when you unprotect .pst files.
This new version also gives you more control for retaining the original file, with a new -InPlace parameter. When you specify this parameter with Protect-RMSFile or Unprotect-RMSFile, the existing file is overwritten if you do not specify an output folder. In previous versions that didn’t have this parameter, this was the default behavior, which meant you might accidentally overwrite the original file. Now, you have to specify a parameter before the original file is overwritten. However, to retain the same behavior as before, you might need to add the -InPlace parameter to your commands and scripts. This change, including all the examples, is updated through the documentation and is noted on the main page as a breaking change for this version.
There are additional improvements in this version, which include performance and support for inline pictures and documents in emails. You can read more information about this new version from Tom Moser on the Azure Information Protection Yammer site: Updated: RMS Protection Tool
One more new release that’s worth noting with some updates to the documentation is the Azure Information Protection client. You can read more about this new version from Eyal Manor, also on the Azure Information Protection Yammer site: Azure Information Protection client update (v184.108.40.206)
With so many releases, new features, better integration support, and exciting improvements on the horizon, it can be challenging to keep up. If you weren’t able to get to Microsoft Ignite 2016, which had lots of great sessions for Azure Information Protection, you can catch up by viewing the on-demand sessions that are now added to the Resources section of What is Azure Information Protection? but also included here, for convenience:
- BRK2127: Adopt a comprehensive identity-driven solution for protecting and sharing data securely
- THR2107: Collaborate securely using Azure Information Protection
- THR2108: Ensure comprehensive protection of your data with Azure Information Protection
- BRK3095: Learn how classification, labeling, and protection delivers persistent data protection
- BRK2128: Send secure email to anyone with the power of Microsoft Office 365 and Azure Information Protection
For feedback about the documentation for the RMS Protection tool and Azure Information Protection: Email AskIPTeam@Microsoft.com. We value customer feedback and try to incorporate it whenever possible.
What’s new in the documentation for Azure Information Protection, October 2016
– Updated the Resources section, with links to the GA announcement, Enterprise Mobility + Security E5 free trial, and the Microsoft Ignite 2016 on-demand sessions for Azure Information Protection.
– New entry about the difference features supported for the Azure Information Protection Premium subscriptions: Which options in the Azure portal are P1 or P2?
– New entry about revocation and the use license: When I test revocation in the document tracking site, I see a message that says people can still access the document for up to 30 days—is this time period configurable?
– Updated the Azure Active Directory section for the statement that forms-based authentication is not supported for federated accounts. A similar update is added to the Active Directory Rights Management Services Mobile Device Extension article.
– Removed the .pfile support for the Azure Information Protection app for iOS and Android. This file type is not support by this app and similar updates have been made in the Active Directory Rights Management Services Mobile Device Extension article and the Frequently Asked Questions page for users.
– Added a new section, Recommended reading before you migrate to Azure Information Protection. Although you don’t need to know this background information to successfully migrate from AD RMS, we found many customers who were migrating ask questions that were covered by these recommended documentation links. Having a better understanding of how things work can also help you make better decisions, and result in more efficient troubleshooting.
– Added information that you might need to include the port number 443 when you edit the redirection script (Redirect_OnPrem.cmd) to point to your new Azure Information Protection tenant. This additional value is most likely required if you upgraded from Windows Rights Management Services, but you can confirm by checking the Cluster Details in the Active Directory Rights Management Services console.
– Added a new section, Benefits of using Azure Key Vault. Although Azure Key Vault is now a requirement if you want to manage your own tenant key for Azure Information Protection (the “bring your own key”, or BYOK configuration), this Azure service provides many benefits that you might not be familiar with.
– Updated for the additional information that you should not include a colon or semicolon in the template name or description. We’ve had reports that these characters can cause problems for some services.
– Updated for support for Windows 10 and Windows Server 2016. The RMS service discovery section is also updated with additional information about how service discovery works for the cloud. Understanding how discovery works is particularly useful when you migrate from AD RMS to Azure Information Protection.
– Updated the To verify installation, connection status, or report a problem section for the latest release, which includes the new Run diagnostics option.
– New article that documents changes in new releases for the Azure Information Protection client since General Availability (GA).
– Updated for the new -InPlace parameter as noted in this post’s introduction, and updated the script version number for this change.
– Updated to clarify the section To install the RMS sharing application and Office add-in only: When you run the documented commands, the folder that you specify for the log file must already exist. If the folder does not already exist, the installation does not create it for you and the installation fails to complete. Because of the /quiet parameter, you do not see the message that the installer failed to run because it could not locate the folder or did not have write permissions to it.
– New entry: How do I get started with the viewer app?
End users will typically use the Azure Information Protection app automatically when they need to open a protected email or file. But if you are an admin who wants to test the app for your users, or simply want to try it out before you need it, these instructions step you through how to do that. These instructions will also be accessible from a new Get started link when you first open the app and haven’t yet signed in.