Enterprise Mobility and Security Blog

RSS

Hi everybody

Our technical writer, Carol Bailey, is letting you know what’s new and hot in the docs for May.

Reminders: Follow us on Twitter (@DanPlastina) and join in our peer community at www.yammer.com/AskIPTeam.

   Dan (on behalf of the Information Protection team)


The Documentation for Azure Information Protection has been updated on the web and the latest content has a May 2017 (or later) date at the top of the article.

Updates for this month include the supporting documentation for templates moving to the Azure portal. Miss the announcements?  See Azure Information Protection unified administration now in Preview and Azure Information Protection unified administration phase two. We also have great news if you were one of the many customers who requested a .msi version of the client to install – this is now available to download but please do read the accompanying documentation in the admin guide for restrictions and additional steps needed for this deployment.

The sharp-eyed among you might have noticed a new feature appearing on the Microsoft Docs site: Download PDF. You’ll see this option at the bottom of the table of contents, on the left. This is a nice option for people who want to more easily reuse the online documentation, read documentation in sequence, or search just the documentation for Azure Information Protection. This feature was first implemented for Azure documentation, and now it’s our turn.  Unfortunately, we’ve had a few teething problems that stopped it from working when it first went live, but these should be fixed very soon. Give it a try and remember that the design and functionality of the Docs site has its own feedback site where you can post requests/issues and vote on other peoples’ requests.

Have feedback about the documentation content for Azure Information Protection?  We value customer feedback and try to incorporate it whenever possible. If you have feedback about our documentation, let us know by emailing AskIPTeam@Microsoft.com.

What’s new in the documentation for Azure Information Protection, May 2017

Documentation articles that have significant technical changes since the last update (April 2017):

Requirements for Azure Information Protection

– Updated the client devices supported to include Windows Server versions (Windows Server 2012 R2 and Windows Server 2012, and Windows Server 2016 for PowerShell only).

Azure Active Directory requirements for Azure Information Protection

– Updated the Scenarios that have specific requirements section, for an entry that can stop a deployment in its tracks: Users’ UPN value doesn’t match their email address

Frequently asked questions for Azure Information Protection

– New entry: What is the role of identity management for Azure Information Protection? A reminder that securing your data relies on good identity management and that Azure Information Protection is not designed to protect against compromised accounts or malicious users.

Preparing users and groups for Azure Information Protection

– Substantially revised for more detailed information about how users and groups are used for Azure Information Protection, and how to verify that these accounts will work as intended for this service.

Activating Azure Rights Management

– Removed the references and links to using the Office 365 classic portal now that the new portal is GA. Just in case you’re still using the classic portal, the instructions for this are still published but when support for the old Office 365 portal stops, this article will be redirected to How to activate Azure Rights Management from the Office 365 admin center.

Configuring Azure Information Protection policy

– Updated to include information that you can sign in to the Azure portal by using a security admin account as an alternative to a global admin account, information about the different subscription levels of support for options that you can configure (not yet enforced), and a note about waiting up to 15 minutes for the downloaded policy to be fully functional.

How to create a new label for Azure Information Protection

– Updated with information about how to change the label color (the default is black for a new label) by using the hex triplet code option.

How to configure a label for Rights Management protection

– Updated for the new Custom (Preview) option, that lets you create new custom templates in the Azure portal, with many of the configuration options that are currently in the Azure classic portal. Unlike configuration in the Azure classic portal, you can also specify external users, external groups, and all users in another organization.

Configuring and managing templates in the Azure Information Protection policy

– New article to support the new preview feature for managing existing templates and converting them to labels. Note that this feature is temporarily unavailable in the portal but will be re-enabled again soon.

Azure Information Protection client administrator guide

– Updated to include new instructions for the recent addition of the .msi version of the client. For more information, see How to install the Azure Information Protection client for users. In addition, the specific version that is supported for the Microsoft Online Services Sign-in Assistant (version 7.250.4303.0) is added to the general prerequisites because later versions that might be installed are not supported and must be uninstalled before you install the client on computers that run Office 2010.

Custom configurations for the Azure Information Protection client

– This information was previously in a section in the admin guide after the installation instructions, and is now in its own article. Use this information for exceptions and advanced configurations that you might need for specific scenarios or a subset of users.

File types supported by the Azure Information Protection client

– New section added, File sizes supported for protection, which lists the maximum file sizes supported for Office documents and all other documents. Note that the currently documented 1 GB file size restriction for all other documents is a temporary restriction that will be removed with a later version of the Azure Information Protection client.  If you try to protect files larger than this size with the current GA version of the client (1.4.21.0),  the file might become corrupted.

RMS protection with Windows Server File Classification Infrastructure (FCI)

– Updated to make the prerequisites clearer. The script is also updated (to version 3.3) to include the DoNotPersistEncryptionKey parameter for better performance and to prevent the server’s local disk from filling up with files that start with “EUL”. For more information about this parameter, see the updated description in the cmdlet help for Protect-RMSFile.