Azure Information Protection: Control and help secure email, documents, and sensitive data that you share outside your company walls. From easy classification to embedded labels and permissions, enhance data protection at all times, no matter where it’s stored or who it’s shared with.
The documentation has been updated on the web and the latest content has a March 2017 (or later) date at the top of the article.
What’s new in the documentation for Azure Information Protection, March 2017
- Previously, this article contained information about client apps, only. It now contains a new section for server-side solutions from software vendors.
- Added Windows Server 2016 support for file servers that run Windows Servers and use File Classification Infrastructure (FCI)
- New entry: Is the Azure Information Protection client only for subscriptions that include classification and labeling? Information about how the client detects and operates in protection-only mode.
- Revised the instructions for Exchange message classification and included a screenshot of configuring an Exchange Online transport rule to set a message header for an Azure Information Protection label. In addition, the entry “How do I sign in as a different user?” is removed, and this information is now in the new Custom configurations section of the Azure Information Protection client admin guide.
- New entry: How do I send a protected email to a Gmail or Hotmail account? We’ve had a lot of questions asking how to configure Azure Information Protection as shown in the Ignite session Send secure email to anyone with the power of Microsoft Office 365 and Azure Information Protection. This feature is still in private preview.
- Updated throughout, to reflect the new, default policy for customers who are connecting to the Azure Information Protection service for the first time.
- Added a new section about considerations if email addresses change.
- Updated the information to include the Azure Information Protection client and Office 2016 for Mac, and revised the information for Office 2010.
- Updated the description for Save As, Export (common name) to clarify that if this right is not granted, Office applications let a user save a document to a new name if the selected file format supports Rights Management protection. For example, when an authorized user opens Report.docx that has been protected but the Save As, Export right is not granted, she can save the document as NewReport.docx because Word supports Rights Management for that file type, but she can’t save the document as Report.pdf because Word doesn’t support Rights Management for that file type.
- In addition, this page is updated for information that Outlook and the Outlook web app requires the Edit Content, Edit (common name) right with Reply or Reply All when the recipient is in another organization.
- Updated for the revised default policy that was deployed March 21, 2017. If you were already using Azure Information Protection before the default policy was revised, your earlier version of the default policy is not updated because you might have configured it and deployed into production. However, you can use this information to update your policy to the latest values.
- Updated for the new setting: For email messages with attachments, apply a label that matches the highest classification of those attachments
- Updated to clarify that visual markings are not applied when the label is applied by using File Explorer and the right-click action, or when a document is classified by using PowerShell.
- Updated to clarify that the file-name field is populated only for protected documents that are tracked by using the Azure Information Protection client for Windows or the Rights Management sharing application for Windows, and is also blank if the request type is RevokeAccess. Other fields are updated to clarify when they are similarly blank if the request type is RevokeAccess.
- Updated to clarify that if you have the minimum required version of PowerShell (v2.0), you must manually load the module (Import-Module AADRM) before you can use any of the Azure RMS cmdlets in your PowerShell session. Because most people have a later version of PowerShell, other documentation pages do not include the step to manually import module before running the cmdlets.
- Updated for information about the 188.8.131.52 release this month.
- Updated for information about prerequisites and custom installs, with a new section for Additional checks and troubleshooting. There’s also a new section, Custom configurations, which contains advanced configurations that you might need for specific scenarios or a subset of users. Suitable for administrators but not for end users, these configurations will often require deleting files or editing the registry, so please do this carefully! Note that the information previously published as an FAQ entry (“How do I sign in as a different user?”) is now moved to this new section.
- Updated for PDF files that now support labels that can apply classification-only.
- Removed the statement that you can use New-AzureADServicePrincipal from the latest Azure AD PowerShell module to create the service principal account for Set-RMSServerAuthentication. Currently, this cmdlet is not supported for the Azure Rights Management service and instead, you must use New-MsolServicePrincipal from the MSOL PowerShell module.
- Updated for the new functionality to set custom permissions for a document.
- Updated to clarify that you must run the Get-RMSTemplate on the file server before running the script, and again with the -force parameter if you make changes to the template you’re using for FCI. Also clarified that this configuration does not support scoped templates.
- Updated to clarify that you can run this command concurrently when you specify a different path for the -LogFile parameter for each command that runs in parallel. Protect-RMSFile does not currently support running concurrently; Set-AIPFileLabel does support running concurrently.
- Azure Information Protection Documentation Update for March 2017 - https://blogs.technet.microsoft.com/enterprisemobility/2017/03/31/azure-information-protection-documentation-update-for-march-2017/
- Applications that support Azure Rights Management data protection - https://docs.microsoft.com/en-us/information-protection/get-started/requirements-applications
- On-premises servers that support Azure Rights Management data protection - https://docs.microsoft.com/en-us/information-protection/get-started/requirements-servers
- Frequently asked questions for Azure Information Protection - https://docs.microsoft.com/en-us/information-protection/get-started/faqs
- Frequently asked questions about classification and labeling in Azure Information Protection - https://docs.microsoft.com/en-us/information-protection/get-started/faqs-infoprotect
- Frequently asked questions about data protection in Azure Information Protection - https://docs.microsoft.com/en-us/information-protection/get-started/faqs-rms
- Quick start tutorial for Azure Information Protection - https://docs.microsoft.com/en-us/information-protection/get-started/infoprotect-quick-start-tutorial
- Preparing for Azure Information Protection - https://docs.microsoft.com/en-us/information-protection/plan-design/prepare
- Refreshing templates for users - https://docs.microsoft.com/en-us/information-protection/deploy-use/refresh-templates
- Configuring usage rights for Azure Rights Management - https://docs.microsoft.com/en-us/information-protection/deploy-use/configure-usage-rights
- The default Azure Information Protection policy - https://docs.microsoft.com/en-us/information-protection/deploy-use/configure-policy-default
- How to configure the policy settings for Azure Information Protection - https://docs.microsoft.com/en-us/information-protection/deploy-use/configure-policy-settings
- How to configure a label for visual markings for Azure Information Protection - https://docs.microsoft.com/en-us/information-protection/deploy-use/configure-policy-markings
- Logging and analyzing usage of the Azure Rights Management service - https://docs.microsoft.com/en-us/information-protection/deploy-use/log-analyze-usage
- Installing Windows PowerShell for Azure Rights Management - https://docs.microsoft.com/en-us/information-protection/deploy-use/install-powershell
- Azure Information Protection client: Version release history - https://docs.microsoft.com/en-us/information-protection/rms-client/client-version-release-history
- Azure Information Protection client administrator guide - https://docs.microsoft.com/en-us/information-protection/rms-client/client-admin-guide
- File types supported by the Azure Information Protection client - https://docs.microsoft.com/en-us/information-protection/rms-client/client-admin-guide-file-types
- Using PowerShell with the Azure Information Protection client - https://docs.microsoft.com/en-us/information-protection/rms-client/client-admin-guide-powershell
- Classify and protect a file or email by using Azure Information Protection - https://docs.microsoft.com/en-us/information-protection/rms-client/client-classify-protect#set-custom-permissions-for-a-document
- RMS protection with Windows Server File Classification Infrastructure (FCI) - https://docs.microsoft.com/en-us/information-protection/rms-client/configure-fci
- Unprotect-RMSFile - https://docs.microsoft.com/en-us/powershell/azureinformationprotection/vlatest/unprotect-rmsfile