Freigeben über


(RDS) Tip of the Day: Azure Information Protection Documentation Update for March 2017

Today’s Tip…

Azure Information Protection: Control and help secure email, documents, and sensitive data that you share outside your company walls. From easy classification to embedded labels and permissions, enhance data protection at all times, no matter where it’s stored or who it’s shared with.

The documentation has been updated on the web and the latest content has a March 2017 (or later) date at the top of the article.

What’s new in the documentation for Azure Information Protection, March 2017

Applications that support Azure Rights Management data protection

  • Previously, this article contained information about client apps, only. It now contains a new section for server-side solutions from software vendors.

On-premises servers that support Azure Rights Management data protection

  • Added Windows Server 2016 support for file servers that run Windows Servers and use File Classification Infrastructure (FCI)

Frequently asked questions for Azure Information Protection

Frequently asked questions about classification and labeling in Azure Information Protection

  • Revised the instructions for Exchange message classification and included a screenshot of configuring an Exchange Online transport rule to set a message header for an Azure Information Protection label.  In addition, the entry “How do I sign in as a different user?” is removed, and this information is now in the new Custom configurations section of the Azure Information Protection client admin guide.

Frequently asked questions about data protection in Azure Information Protection

Quick start tutorial for Azure Information Protection

  • Updated throughout, to reflect the new, default policy for customers who are connecting to the Azure Information Protection service for the first time.

Preparing for Azure Information Protection

  • Added a new section about considerations if email addresses change.

Refreshing templates for users

  • Updated the information to include the Azure Information Protection client and Office 2016 for Mac, and revised the information for Office 2010.

Configuring usage rights for Azure Rights Management

  • Updated the description for Save As, Export (common name) to clarify that if this right is not granted, Office applications let a user save a document to a new name if the selected file format supports Rights Management protection. For example, when an authorized user opens Report.docx that has been protected but the Save As, Export right is not granted, she can save the document as NewReport.docx because Word supports Rights Management for that file type, but she can’t save the document as Report.pdf because Word doesn’t support Rights Management for that file type.
  • In addition, this page is updated for information that Outlook and the Outlook web app requires the Edit Content, Edit (common name) right with Reply or Reply All when the recipient is in another organization.

The default Azure Information Protection policy

  • Updated for the revised default policy that was deployed March 21, 2017.  If you were already using Azure Information Protection before the default policy was revised, your earlier version of the default policy is not updated because you might have configured it and deployed into production. However, you can use this information to update your policy to the latest values.

How to configure the policy settings for Azure Information Protection

  • Updated for the new setting: For email messages with attachments, apply a label that matches the highest classification of those attachments

How to configure a label for visual markings for Azure Information Protection

  • Updated to clarify that visual markings are not applied when the label is applied by using File Explorer and the right-click action, or when a document is classified by using PowerShell.

Logging and analyzing usage of the Azure Rights Management service

  • Updated to clarify that the file-name field is populated only for protected documents that are tracked by using the Azure Information Protection client for Windows or the Rights Management sharing application for Windows, and is also blank if the request type is RevokeAccess. Other fields are updated to clarify when they are similarly blank if the request type is RevokeAccess.

Installing Windows PowerShell for Azure Rights Management

  • Updated to clarify that if you have the minimum required version of PowerShell (v2.0), you must manually load the module (Import-Module AADRM) before you can use any of the Azure RMS cmdlets in your PowerShell session.  Because most people have a later version of PowerShell, other documentation pages do not include the step to manually import module before running the cmdlets.

Azure Information Protection client: Version release history

  • Updated for information about the 1.4.21.0 release this month.

Azure Information Protection client administrator guide

  • Updated for information about prerequisites and custom installs, with a new section for Additional checks and troubleshooting.  There’s also a new section, Custom configurations, which contains advanced configurations that you might need for specific scenarios or a subset of users.  Suitable for administrators but not for end users, these configurations will often require deleting files or editing the registry, so please do this carefully!  Note that the information previously published as an FAQ entry (“How do I sign in as a different user?”) is now moved to this new section.

File types supported by the Azure Information Protection client

  • Updated for PDF files that now support labels that can apply classification-only.

Using PowerShell with the Azure Information Protection client

  • Removed the statement that you can use New-AzureADServicePrincipal from the latest Azure AD PowerShell module to create the service principal account for Set-RMSServerAuthentication. Currently, this cmdlet is not supported for the Azure Rights Management service and instead, you must use New-MsolServicePrincipal from the MSOL PowerShell module.

Classify and protect a file or email by using Azure Information Protection

  • Updated for the new functionality to set custom permissions for a document.

RMS protection with Windows Server File Classification Infrastructure (FCI)

  • Updated to clarify that you must run the Get-RMSTemplate on the file server before running the script, and again with the -force parameter if you make changes to the template you’re using for FCI. Also clarified that this configuration does not support scoped templates.

Unprotect-RMSFile

  • Updated to clarify that you can run this command concurrently when you specify a different path for the -LogFile parameter for each command that runs in parallel.  Protect-RMSFile does not currently support running concurrently;  Set-AIPFileLabel does support running concurrently.

References: