Enterprise Mobility and Security Blog

RSS

Hi everybody

Our technical writer, Carol Bailey, is letting you know what’s new and hot in the docs for July.

Reminders: Follow us on Twitter (@DanPlastina) and join in our peer community at www.yammer.com/AskIPTeam.

   Dan (on behalf of the Information Protection team)


The Documentation for Azure Information Protection has been updated on the web and the latest content has a July 2017 (or later) date at the top of the article.

Updates for this month include supporting documentation for the new and updated options in the Azure portal, the new preview versions of the Azure Information Protection client, updated support statements, and updates and clarifications as a result of your feedback. Need more information about the latest changes? Be sure to check out this month’s status summary: Azure Information Protection status update – July 2017

We value customer feedback and try to incorporate it whenever possible.  If you have feedback about the documentation, you can contact us by emailing AskIPTeam@Microsoft.com.

What’s new in the documentation for Azure Information Protection, July 2017

Documentation articles that have significant technical changes since the last update (June 2017):

How Office applications and services support Azure Rights Management

– Updated the DLP link for the latest information (and video): Data loss prevention. In the Next steps section, also included a link to File Protection Solutions in Office 365, which provides recommended capabilities for protecting files in Office 365.

Also updated the limitations list for SharePoint IRM to clarify what doesn’t work if you upload a previously protected document to a SharePoint library or OneDrive for Business: Co-authoring, Office Online, search, document preview, thumbnail, and eDiscovery.  This is because SharePoint IRM uses the Azure Rights Management service to protect documents when they are downloaded, and cannot read documents that are uploaded if they are already protected by Azure Rights Management. This limitation is also added to the documentation for configuring labels for protection, and for applying protection to documents.

Requirements for Azure Information Protection

– Updated for the following:

  • Support for additional Windows Server versions (starting with Windows Server 2008 R2)
  • Support for Remote Desktop Services when you do not delete the %Appdata%\Microsoft\Protect folder.
  • Office 2010 requires Service Pack 2.

Azure Active Directory requirements for Azure Information Protection

– Updated to clarify that the RMS connector does not support MFA and this information is also added to Installing and configuring the Azure Rights Management connector.

Client devices that support Azure Rights Management data protection

– Removed support for iOS 7 (minimum version is iOS 8).

Applications that support Azure Rights Management data protection

– Added GigaTrust to the iOS supported list for protected PDF files, and updated the More information about Azure RMS support for Office to include a new section for Office for Mac.

Information and support for Azure Information Protection

– Updated the Information and new releases and updated documentation section, with information about the new monthly status blogs to help you keep current with the latest changes and what’s coming. Use the link supplied in that section to more easily find these posts.

Quick start tutorial for Azure Information Protection

– Updated to accommodate the new default policy and protection options in the Azure portal.

Migration phase 2 – server-side configuration for AD RMS

– Added information about an alternative key management solution if you are using an HSM-protected key with your AD RMS cluster and you cannot export this key when you migrate to Azure Information Protection.

Preparing users and groups for Azure Information Protection

– Updated with the recent change in requirements that groups that you specify for scoped policies must be email-enabled.

Activating Azure Rights Management

– Updated for the new method, currently in preview, to activate the service using the Azure portal.

Configuring custom templates for the Azure Rights Management service

– Removed from the table of contents but retained to explain that templates are now managed from the Azure portal, with a link to the new documentation.

Configuring usage rights for Azure Rights Management

– Updated for the renamed default templates that new customers see.

The default Azure Information Protection policy

– Updated for the latest default policy.

How to configure a label for Rights Management protection

– Updated to include the new protection options and updated UI settings in the Azure portal.

Hold your own key (HYOK) requirements and restrictions for AD RMS protection

– Updated the limitations section for information about the Do Not Forward button in Outlook: In the preview client, Azure RMS is always used for this button.

Configuring and managing templates for Azure Information Protection

– New article, which explains how to manage templates in the Azure portal, changes in implementation from when you managed them in the Azure classic portal, and considerations before you convert your templates to labels.

Azure Information Protection client administrator guide

– Updated for the following:

  • New prerequisite to not disable the Microsoft Azure Information Protection add-in for Office applications if you have configured the group policy setting List of managed add-ins.  Even if you haven’t configured this group policy setting, you might need to configure the add-in as always enabled if you get reports that the Microsoft Azure Information Protection add-in is getting disabled.
  • New install parameter of AllowTelemetry=0 to disable the install option Help improve Azure Information Protection by sending usage statistics to Microsoft.
  •  Updated the information for the Help and Feedback section for changes in the current preview client: Run diagnostics is replaced with Reset Settings and the behavior for this option has changed.

Custom configurations for the Azure Information Protection client

– Updated for the following:

File types supported by the Azure Information Protection client

– Updated the maximum file sizes supported for the preview version of the client.

Using PowerShell with the Azure Information Protection client

– Updated for the following:

Classify and protect a file or email by using Azure Information Protection

– Updated the instructions for using custom permissions with File Explorer: The preview client supports the address book for selecting users and groups.

Track and revoke your documents when you use Azure Information Protection

– Updated to clarify that admins can track and revoke documents for users only when those users have previously registered their documents with the document tracking site.

Rights Management Sharing Application for Windows

– The end of support statement is updated to January 31, 2019.

House rules for comments on the Azure Information Protection documentation

– Updated with information about the new User Voice site, where you can post your product requests and vote for suggestions already posted.

Set-AIPFileClassification, Set-AIPFileLabel, and Set-AIPFileLabel

– Updated for the new parameters that are supported by the preview client: Owner, and PreserveFileDetails.