Forum Discussion
AAD Encryption question.
The way i read this:
But very importantly, authorized people and services (such as search and indexing) can continue to read and inspect the protected data. This capability is not easily accomplished with other information protection solutions that use peer-to-peer encryption. You might have heard this capability referred to as "reasoning over data" and it is a crucial element in maintaining control of your organization’s data.
It means that when using Azure RMS (reasoning over data) you can have 3rd party services like sharepoint search indexer access the data?
Have i read that wrong? The page makes it sound like the Microsoft solution bypasses the problem (as described) of using symmetric encryption. (and not being able to access the data, except for by the user).
Robert
No, not exactly right. Exchange works fine with Azure RMS/AIP, but SharePoint only works in specific scenarios. You cannot upload an encrypted doc and expect it just work, as in the example I gave above. You can however enable IRM protection on a per-library basis, with SPO managing the keys and having full access to the data.
And this is one of the major complaints about AIP currently, even Microsoft's own solutions have trouble working together with AIP in some cases. This should all get better once we have the unified labeling experience, or at least one can hope so.