Enterprise Mobility and Security Blog

RSS

Hi everybody

Our technical writer, Carol Bailey, is letting you know what’s new and hot in the docs for this month. Happy Halloween!

Reminders: Follow us on Twitter (@TheRMSGuy) and join in our peer community at www.yammer.com/AskIPTeam.

   Dan (on behalf of the Information Protection team)


The Documentation for Azure Information Protection (formerly Azure Rights Management) has been updated on the web and the latest content has an October 2016 (or later) date at the top of the article.

In addition to the doc updates listed below, the RMS Protection Cmdlets documentation is also updated for a recent release of the RMS Protection Tool (version 2.2.0.0 of the PowerShell module, now on the Download Center). I’m happy to report that most of the doc updates were for removing limitations that were documented for the previous version: You can now unprotect protected voice mails (Unified Messaging), unprotect .eml files, and there’s no longer a dependency on Microsoft Outlook when you unprotect .pst files.

This new version also gives you more control for retaining the original file, with a new -InPlace parameter. When you specify this parameter with Protect-RMSFile or Unprotect-RMSFile, the existing file is overwritten if you do not specify an output folder. In previous versions that didn’t have this parameter, this was the default behavior, which meant you might accidentally overwrite the original file. Now, you have to specify a parameter before the original file is overwritten. However, to retain the same behavior as before, you might need to add the -InPlace parameter to your commands and scripts. This change, including all the examples, is updated through the documentation and is noted on the main page as a breaking change for this version.

There are additional improvements in this version, which include performance and support for inline pictures and documents in emails. You can read more information about this new version from Tom Moser on the Azure Information Protection Yammer site: Updated: RMS Protection Tool

One more new release that’s worth noting with some updates to the documentation is the Azure Information Protection client. You can read more about this new version from Eyal Manor, also on the Azure Information Protection Yammer site: Azure Information Protection client update (v1.2.4.0)

With so many releases, new features, better integration support, and exciting improvements on the horizon, it can be challenging to keep up. If you weren’t able to get to Microsoft Ignite 2016, which had lots of great sessions for Azure Information Protection, you can catch up by viewing the on-demand sessions that are now added to the Resources section of What is Azure Information Protection? but also included here, for convenience:

For feedback about the documentation for the RMS Protection tool and Azure Information Protection: Email AskIPTeam@Microsoft.com. We value customer feedback and try to incorporate it whenever possible.

What’s new in the documentation for Azure Information Protection, October 2016

What is Azure Information Protection?

– Updated the Resources section, with links to the GA announcement, Enterprise Mobility + Security E5 free trial, and the Microsoft Ignite 2016 on-demand sessions for Azure Information Protection.

Frequently asked questions about classification and labeling in Azure Information Protection

– New entry about the difference features supported for the Azure Information Protection Premium subscriptions: Which options in the Azure portal are P1 or P2?

Frequently asked questions about data protection in Azure Information Protection

– New entry about revocation and the use license: When I test revocation in the document tracking site, I see a message that says people can still access the document for up to 30 days—is this time period configurable?

Requirements for Azure Information Protection

– Updated the Azure Active Directory section for the statement that forms-based authentication is not supported for federated accounts. A similar update is added to the Active Directory Rights Management Services Mobile Device Extension article.

Applications that support Azure Rights Management data protection

– Removed the .pfile support for the Azure Information Protection app for iOS and Android. This file type is not support by this app and similar updates have been made in the Active Directory Rights Management Services Mobile Device Extension article and the Frequently Asked Questions page for users.

Migrating from AD RMS to Azure Information Protection

– Added a new section, Recommended reading before you migrate to Azure Information Protection. Although you don’t need to know this background information to successfully migrate from AD RMS, we found many customers who were migrating ask questions that were covered by these recommended documentation links. Having a better understanding of how things work can also help you make better decisions, and result in more efficient troubleshooting.

Migration phase 2 – client-side configuration

– Added information that you might need to include the port number 443 when you edit the redirection script (Redirect_OnPrem.cmd) to point to your new Azure Information Protection tenant. This additional value is most likely required if you upgraded from Windows Rights Management Services, but you can confirm by checking the Cluster Details in the Active Directory Rights Management Services console.

BYOK pricing and restrictions

– Added a new section, Benefits of using Azure Key Vault. Although Azure Key Vault is now a requirement if you want to manage your own tenant key for Azure Information Protection (the “bring your own key”, or BYOK configuration), this Azure service provides many benefits that you might not be familiar with.

Create, configure, and publish a custom template

– Updated for the additional information that you should not include a colon or semicolon in the template name or description. We’ve had reports that these characters can cause problems for some services.

RMS client deployment notes

– Updated for support for Windows 10 and Windows Server 2016. The RMS service discovery section is also updated with additional information about how service discovery works for the cloud. Understanding how discovery works is particularly useful when you migrate from AD RMS to Azure Information Protection.

Installing the Azure Information Protection client

– Updated the To verify installation, connection status, or report a problem section for the latest release, which includes the new Run diagnostics option.

Azure Information Protection client: Version release history

– New article that documents changes in new releases for the Azure Information Protection client since General Availability (GA).

Windows PowerShell script for Azure RMS protection by using File Server Resource Manager FCI

– Updated for the new -InPlace parameter as noted in this post’s introduction, and updated the script version number for this change.

Rights Management sharing application administrator guide

– Updated to clarify the section To install the RMS sharing application and Office add-in only: When you run the documented commands, the folder that you specify for the log file must already exist. If the folder does not already exist, the installation does not create it for you and the installation fails to complete. Because of the /quiet parameter, you do not see the message that the installer failed to run because it could not locate the folder or did not have write permissions to it.

FAQs for Azure Information Protection app for iOS and Android

– New entry: How do I get started with the viewer app?

End users will typically use the Azure Information Protection app automatically when they need to open a protected email or file. But if you are an admin who wants to test the app for your users, or simply want to try it out before you need it, these instructions step you through how to do that. These instructions will also be accessible from a new Get started link when you first open the app and haven’t yet signed in.