Enterprise Mobility and Security Blog

RSS

Hi everybody

Our technical writer, Carol Bailey, is letting you know what’s new and hot in the docs for this month.

Reminders: Follow us on Twitter (@TheRMSGuy) and join in our peer community at www.yammer.com/AskIPTeam. 

Dan (on behalf of the Information Protection team)


The Documentation for Azure Information Protection (formerly Azure Rights Management) has been updated on the web and the latest content has an November 2016 (or later) date at the top of the article.

Doc updates for this month are mainly to incorporate customer feedback for clarifications. We value customer feedback and try to incorporate it whenever possible. If you have feedback about the documentation, you can contact us by emailing AskIPTeam@Microsoft.com.

What’s new in the documentation for Azure Information Protection, November 2016

The following information lists the articles that have significant technical changes since the last update (October 2016).

Compliance and supporting information for Azure Information Protection

– Updated the Security, compliance, and auditing section, with a link to How does Azure RMS work? for people looking for in-depth technical information for the service.

Requirements for Azure Information Protection

– Updated to clarify that Office 365 ProPlus with 2016 apps or 2013 apps are supported for classification, labeling, and protection. There is no requirement or dependency on how these apps are installed (Click-to-Run or traditional .MSI files).

Applications that support Azure Rights Management data protection

– Updated footnote 5 for Office for iOS and Android, to clarify that iOS supports viewing and editing protected documents, while Android supports only viewing protected documents.

Frequently asked questions about classification and labeling in Azure Information Protection

– New entry: How do I sign in as a different user?

Frequently asked questions about data protection in Azure Information Protection

– New entry: What’s the difference between Azure Rights Management encryption and encryption in other Microsoft cloud services?

Azure Information Protection deployment roadmap

– Updated the first step for assigning licenses to clarify that you should not assign the free RMS for individuals license to users, which displays as Rights Management Adhoc in the Office 365 admin center, and RIGHTSMANAGEMENT_ADHOC when you run the Azure AD PowerShell cmdlet, Get-MsolAccountSku.

Migration phase 1 – server-side configuration for AD RMS

– Updated to clarify that configuration data from AD RMS (in the form of trusted publishing domains) includes archived keys that will still be needed to decrypt documents and emails when the migration is complete. It’s therefore important to export (and later to import into Azure) all the trusted publishing domains from your AD RMS cluster. If you miss this step and only export/import the current trusted publishing domain, you risk having documents and emails that cannot be opened after users are migrated to Azure Information Protection.

Planning and implementing your Azure Information Protection tenant key

– Updated the Prerequisites for BYOK section, to clarify that the free Azure subscription that provides access to configure Azure Active Directory is not sufficient for Azure Key Vault. To help you check this prerequisite, we’ve added instructions about how to use the Get-AzureRmSubscription cmdlet.

Activating Azure Rights Management

– Updated the onboarding controls section to clarify how to find the GUID for the group, for the first example that shows how you might use onboarding controls to restrict protecting content to your IT department in the early phases of your rollout.

How to configure the global policy settings for Azure Information Protection

– Updated for the new option Provide a custom URL for the Azure Information Protection client “Tell me more” web page.

How to configure a label to apply Rights Management protection

– Updated to clarify that Exchange does not have to be configured for information rights management (IRM) before users can apply labels in Outlook to protect their emails. However, until Exchange is configured for IRM, you will not get the full functionality of using Azure Rights Management protection with Exchange.

Configuring servers for the Azure Rights Management connector

– Updated the Exchange section, with clarifying information about how to confirm the RMS client version.

Monitor the Azure Rights Management connector

– Updated the RMS Analyzer section, with additional information how to use the tool.

Installing the Azure Information Protection client

– Updated the section To verify installation, connection status, or report a problem, for information about the new Tell me more link and the Run diagnostics option.

Azure Information Protection client: Version release history

– Updated for the latest release, version 1.2.4.0.

Disable-AadrmDocumentTrackingFeature

– Updated with the additional information that for the time period when document tracking is disabled by running this cmdlet, activity related to shared documents (who opened them, when, from which location) is not shown in the document tracking site, if document tracking is later enabled. The description for Enable-AadrmDocumentTrackingFeature is similarly updated for this clarification.