The Documentation for Azure Information Protection has been updated on the web and the latest content has a November 2018 (or later) date at the top of the article.
The sharp-eyed among you might have noticed that the docs have had something of a refresh this month. We heard at Ignite that customers often didn't know where to start when it came to implementing Azure Information Protection. There are a lot of different ways that you can use this service to classify and protect your documents and emails, and although we offer a deployment roadmap, it was clear talking to people at Ignite that there isn't a single path that suits everybody. For example, some people wanted to start with email, whereas others wanted to focus on documents. Some people wanted to focus on internal sharing first, whereas others only cared about content that went outside their organization. Some people had already implemented other solutions for classifying and protecting their data, which they wanted to complement, rather than replace.
In response, we published our "top scenarios" that you can implement independently of each other - whichever is easiest or offers the most business value to your organization. And to help you get started, we published 4 "quickstarts" (procedures that you can complete on Day 1, in 5-10 minutes) and 2 tutorials (help you learn both the service configuration and the resulting client behavior).
These quickstarts and tutorials reflect the same style and structure that you might be familiar with from other EMS and Azure services, with a similar table of contents to organize the rest of the documentation. No two services are the same, but we hope this similarity in how the documentation is presented and organized can help you find the information you need more easily.
In addition to this doc refresh, this month also sees supporting documentation for the Azure Information Protection client GA release 1.41.51.0, which includes a new version of the scanner. One of the most important changes in this release is support for the new central reporting (analytics) that was announced at Ignite, although the reporting feature itself remains in preview. The reporting feature also has a new "Activity logs" report rolling out, which displays labeling actions from users, and on devices and file paths.
As our docs refresh shows, we listen to your feedback and try to incorporate it whenever possible. Let me know if you have feedback about the technical documentation, and especially about the changes this month for the refresh. I also encourage you to head over to our Yammer site to see what others are discussing.
What's new in the documentation for Azure Information Protection, November 2018
Requirements for Azure Information Protection
- In the Firewalls and network infrastructure section, removed the reference to informationprotection.hosting.portal.azure.net now that this dependent URL is included in the Office 365 URLs and IP address ranges article.
Quickstart: Get started in the Azure portal
- New article, with steps to add Azure Information Protection to the Azure portal, confirm the protection service is activated, and view your organization's default policy. These steps were previously in the "Quick start tutorial for Azure Information Protection".
Quickstart: Find what sensitive information you have in files stored on-premises
- New article, with steps to install and configure the Azure Information Protection scanner to find what sensitive information you have in files that are stored in on-premises data stores, such as file shares and SharePoint Server. Designed for a test environment so you can skip the configuration for non-interactive authentication, this quickstart can be completed in less than 10 minutes and doesn't require you to configure any labels.
Quickstart: Configure a label for users to easily protect emails that contain sensitive information
- New article, with steps to configure an existing label to automatically apply the Do Not Forward protection setting for a label that displays only in Outlook.
Quickstart: Create a new Azure Information Protection label for specific users
- New article, with steps to create a new label that only specific users can see by configuring a scoped policy.
Tutorial: Edit the Azure Information Protection policy and create a new label
- Based on the previously published "Quick start tutorial for Azure Information Protection", this tutorial is now more targeted on the configuration steps to configure a label and policy settings, and to see them in action.
Tutorial: Configure Azure Information Protection policy settings that work together
- New article, that takes you through configuring 4 policy settings and showing their combined effects for users. The policy settings chosen help you to establish a baseline classification, and also educate users about label selection so that they will be more likely to apply appropriate labels in the future.
Overview of the Azure Information Protection policy
- New article, with conceptual information that was previously in Configuring the Azure Information Protection policy.
How-to guides for common scenarios that use Azure Information Protection
- New article that lists the top scenarios for Azure Information Protection, which you can implement independently from each other.
Frequently asked questions for Azure Information Protection
- New entry to explain the Azure Information Protection alerts, currently in preview : I see Azure Information Protection is listed as a security provider for Microsoft Graph Security—how does this work and what alerts will I receive?
Frequently asked questions about classification and labeling in Azure Information Protection
- New entry that explains how you can use the labeling metadata with customized formatting in document templates: Can I create a document template that automatically includes the classification?
Migration phase 2 - server-side configuration for AD RMS
- Updated Step 6. Configure imported templates: The information used to say that the ANYONE group, if specified in your AD RMS templates, was automatically converted into a hidden group named AllStaff-7184AB3F-CCD1-46F3-8233-3E09E9CF0E66 in Azure AD. This group is the closet equivalent to the ANYONE group, because it includes all users from your tenant. This automatic conversion is not happening and if you want this group mapping for migrated users, you must manually add the group yourself to the imported template.
Configuring the Azure Information Protection policy
- Updated the Signing in to the Azure portal section, with a note that if your tenant has been migrated to the unified labeling store, to manage labels from the Azure portal, your account must have permissions to access the Office 365 Security & Compliance Center.
How to configure a label for visual markings for Azure Information Protection
- Updated to remove the limitation that in Excel, visual markings always display as black. This change requires you to use the new GA version of the client. In addition, this article is updated with the information that Word, Excel, and PowerPoint support multiple lines in a header and footer. In Outlook, however, multiple lines are not supported and the text is concatenated into a single line. As an alternative, consider using the configuration to set different visual markings per app.
Deploying the Azure Information Protection scanner to automatically classify and protect files
- Updated the prerequisites section with guidance for database sizing. Also updated to include how to inspect TIFF images by using optical character recognition (OCR). This article is now updated throughout for the new scanner version that comes with the new GA version of the client. For example, you can now start a scan from the portal rather than use PowerShell, and use the portal to see scanning results.
Central reporting for Azure Information Protection
- Updated the prerequisites section, to remove the preview release status of the Azure Information Protection client and the scanner. Note however, that the analystics feature itself remains in preview.
This article is also updated for the new Activity logs report that is rolling out to tenants, which lets you see labeling actions from users, and on devices and file paths.
Azure Information Protection client: Version release history and support policy
- Updated for the new GA section: Version 1.41.51.0
The 1.26.6.0 release section is also updated to include multiple line support as a new feature in headers and footers for Word, Excel, and PowerPoint. Note that according to the support policy, this version is out of support at the end of this month.
Admin Guide: Install the Azure Information Protection client for users
- Updated the prerequisites section for a new entry that lists screen resolutions greater than 800x600 for the Classify and protect - Azure Information Protection dialog box.
Admin Guide: Custom configurations for the Azure Information Protection client
- Updated for the following:
- A new table that lists all the available advanced client settings, for easier reference.
- An alternative method to configure support for disconnected computers by using an advanced client setting rather than editing the registry.
- A new advanced client setting, in preview, to configure a label to apply S/MIME protection when the label is applied in Outlook.
Admin Guide: File types supported by the Azure Information Protection client
- Updated for the new client behavior that no longer exclude .msg, .rar, and .zip file name extensions for File Explorer (right-click) and PowerShell commands.
PowerShell: Get-AadrmAdminLog
- Updated the Path parameter description to clarify that you must specify a path and a file name for the log.
PowerShell: Unprotect-RMSFile
- Updated the description to clarify that you must have sufficient usage rights (Export or Full Control) or be a super user for your organization to unprotect files.