Blog Post

Security, Compliance, and Identity Blog
4 MIN READ

Azure Information Protection Documentation Update for July 2018

Carol Bailey's avatar
Carol Bailey
Icon for Microsoft rankMicrosoft
Jul 31, 2018

The Documentation for Azure Information Protection has been updated on the web and the latest content has a July 2018 (or later) date at the top of the article.

 

This month sees a new preview release of the client, with supporting documentation for the changes. For example, support for GDPR sensitive information types and some important updates for the Azure Information Protection scanner. In addition, the documentation is updated for a small but much-requested change: When you have the latest subscription Office version, Track Changes in protected Word documents no longer requires the Full Control usage right. Note that in this scenario, the Lock Tracking option can be used to prevent people from disabling Track Changes (via password protection). 

 

We listen to your feedback and try to incorporate it whenever possible. Let me know if you have feedback about the technical documentation and I also encourage you to head over to our Yammer site to see what others are discussing. 

 

What's new in the documentation for Azure Information Protection, July 2018

 

What is Azure Information Protection?

- Added a new section, Classifying and protecting existing documents, which provides an overview of using the Azure Information Protection scanner for on-premises data stores, and provides links to Microsoft Cloud App Security for cloud data stores.

 

Frequently asked questions for Azure Information Protection

- Updated the entry What's the difference between Windows Server FCI and the Azure Information Protection scanner? to update the scanner information that SharePoint Server 2010 is now supported with the preview version of the scanner. 

  

Configuring usage rights for Azure Rights Management

- Updated the description for the Edit Content, Edit (DOCEDIT) usage right with the information that Full Control is no longer needed for Track Changes when you have the latest Office version. You can read confirmation about this change from the Word: Feature updates section in the Office Release notes for version 1807.

 

How to configure conditions for automatic and recommended classification for Azure Information Protection

- Updated for the new sensitive information types that are becoming available in the Azure portal, to help you identify personal data in documents and emails. To detect these new information types, you must use the preview client.

 

Deploying the Azure Information Protection scanner to automatically classify and protect files

- Updated throughout to include the changes for the preview version. There's also a new prerequisite added to clarify that to discover and label Office documents, they must be in 97-2003 file formats or Office Open XML file formats.

 

 Azure Information Protection client: Version release history and support policy

- Updated for the new preview release.

 

Azure Information Protection client administrator guide

- Added a new section, Post installation tasks, which includes instructions to modify macros in Excel spreadsheets. Updated the Upgrading the Azure Information Protection scanner section to include instructions for the new preview version.

 

Admin Guide: Custom configurations for the Azure Information Protection client

- Updated for the following entries:

  • Support for disconnected computers clarifies that exporting the policy does not support the scenario where a user belongs to more than one scoped policy. The policy versioning table is also updated for the preview client.
  • Protect PDF files by using the ISO standard for PDF encryption is a new advanced client setting that's supported only by the preview client. When this setting is enabled and the Azure Information Protection client protects a PDF file, this action creates a protected PDF document that doesn't change the file name extension and that adheres to the ISO standard for PDF encryption. The resulting protected PDF file can be opened with the preview version of the Azure Information Protection client for Windows, and other PDF readers that support the ISO standard for PDF encryption.
  • Support for files protected by Secure Islands is a new customization that requires a registry edit and the preview client. This configuration enables the client to decrypt non-Office files that were protected by Secure Islands. This ability lights up many new scenarios, such as using the Azure Information Protection scanner to inspect these protected files for sensitive information, and using PowerShell scripts to unprotect or reprotect these files by using Azure Information Protection labels. 

Admin Guide: File types supported by the Azure Information Protection client

- Updated to clarify that the Office file formats supported are the 97-2003 file formats and Office Open XML formats. Unless you have the preview client, Strict Open XML isn't supported.  Also added the statement that the maximum file size supported to unprotect .pst files is 5 GB, and this information is also added to Unprotect-RMSFile. Information about PDF files is updated throughout this article, to include the difference in behavior when the preview client is configured for the ISO standard for PDF encryption.

 

AzureInformationProtection PowerShell module:

- New cmdlets for the preview version: Get-AIPScannerStatus, Start-AIPScan, and Update-AIPScanner.

- Cmdlets that are updated to include changes for the preview version: Add-AIPScannerRepository, Get-AIPScannerRepositorySet-AIPScannerConfiguration, and Set-AIPScannerRepository


 

Updated May 11, 2021
Version 7.0
  • Jesper West's avatar
    Jesper West
    Brass Contributor

    We have tested the lock tracking with password because it is the main feature in contracts we sell to our customers and it is broken ie overrided by the lowered permissions so now everyone can disable track changes without providing a password... Please look into this asap and drop me a PM for contact details

  • Dean_Gross's avatar
    Dean_Gross
    Silver Contributor

    This is very helpful and does a great job of summarizing what has changed. Where can we find something similar for upcoming changes? This is helpful for planning purposes.

  • Hi Jesper West, I'm from the Office team. I could not reproduce this issue where recipients can disable Track Changes without providing a password if Lock Tracking is enabled. I've PM'd you to follow up. Thanks!