Forum Discussion

James Escober's avatar
James Escober
Copper Contributor
Feb 04, 2019
Solved

AIP Tracking and Revocation

We are working with AIP tracking and revocation. When a file is accessed outside the organization it is not being logged in the tracking portal. Is the behaviour normal? Thanks
information protection and governance
microsoft information protection
  • markwarnes's avatar
    markwarnes
    Jan 16, 2020

    cpsecurityJoe McGiven Corban - As far as I can tell, the classic "Track & Revoke" functionality that is curently available with the classic AIP client is not coming to the unified labelling (UL) client at any point on the roadmap.

     

    The approach that you should probably be taking now is to make use of central reporting to check for user activities on labelled documents.

     

    From the AIP documentation (https://docs.microsoft.com/en-us/azure/information-protection/rms-client/use-client#compare-the-labeling-clients-for-windows-computers) :

     

    "The document tracking site that's supported by the classic client isn't supported by the unified labeling client. However, without the need to first register the document for tracking, administrators can use https://docs.microsoft.com/en-us/azure/information-protection/reports-aip to identify whether protected documents are accessed from Windows computers, and whether access was granted or denied."

     

    This basically means the the UL client on Windows computers will report activity to the configured Log Analytics workspace when a protected document has been accessed. It's not the same as the dedicated T&R portal but it does offer opportunities to alert on particular document access (either through alerts on the analytics workspace or through monitoring using Azure Sentinel if linked up).

     

    Rafael Dominguez wrote a series of blogs about creating a custom AIP tracking portal that uses the central reporting data -(https://techcommunity.microsoft.com/t5/azure-information-protection/how-to-build-a-custom-aip-tracking-portal/ba-p/875849). Definitely worth a look if you've not seen them already.

     

    That said, there is a limitation currently - only the UL and classic clients on Windows devices can report their activity to the central reporting workspace. That means native AIP functionality in Office applications and any activity from MacOS, iOS and Android does not get reported. I'm hoping this is one of the gaps of functionality between the native and UL clients that is going to be closed in the near future.

VasilMichev's avatar
VasilMichev
MVP
Feb 04, 2019

Well, depends. Generally speaking files must be "registered" with the tracking portal by selecting the corresponding option in the client. It does not happen automatically for all files.

thesmilingguru's avatar
thesmilingguru
Copper Contributor
Jul 31, 2019

VasilMichev  we have E3 + EMS licenses, so do we still need E5 for track and Revoke?

 

I have heard that MS is going to launch a new portal for track and revoke. So by any chance would it available by enterprises with E3+EMS

James Escober 

  • James Escober's avatar
    James Escober
    Copper Contributor
    Oct 11, 2019

    thesmilingguruYou need to have minimum of EMS E3 license for tracking and revocation

Resources