Forum Discussion
SharePoint Online with Azure RMS
Thanks.
So further to this the only way i can utilise the Track and Revoke (AIP) client is to have the file protected using an AzRMS Template (or cutom - AIP) for each file in the SharePoint site.
Those only protected by IRM dont seem to have that feature. ie. when selecting Track and Revoke for a document protected by IRM
We can’t find that document.
You can only track documents that you protected using the Azure Information Protection app on Windows.
This only seems to work with those protected with AzRMS.
At present, is this the only option or would FCI with the AzRMS connector be a suitable instance for storing highly confidential data?
Ignite is around the corner, I'm sure we will hear more information about the AIP/SPO integration there. If you can wait a few weeks that is.
In the meantime, nothing is stopping you from storing individually-protected files in SPO or anywhere else, and taking advantage of tracking/revoking. You will however loose the ability to "reason over data", as your applications will not be able to access those documents as well.
- alphadeltaromeoSep 11, 2017Copper Contributor
Hi,
sorry to sound like a total noob, what do you mean "reason over data"?
Agreed, Ignite could provide a better solution, but I need to have some options in place for the meantime.
Rather than protecting each file individually (as there are 200+ files), would it be a suitable solution to setup an FCI server and apply the RMS template via classification.... and then upload them to SPO?
- Dean_GrossSep 11, 2017Silver Contributor
One thing to keep in mind, is that Microsoft's approach to Azure IP, is based on the premise that the person working on file understands the content and is therefore able to make the best judgement about the label that should be assigned. The approach also presume that the IT organization is best suited to determine what type of protection should be assigned to the various labels. By splitting the responsiblities like this, organization get much more control than they get with the all or nothing approach provide by IRM in SP.
- VasilMichevSep 11, 2017MVP
It's a term, basically means "allowing the applications to work with the data". Which is not possible if you encrypt the files outside of SharePoint and upload them to a library.
- alphadeltaromeoSep 11, 2017Copper Contributor
sureley this would be feasible as I would want users to download the protcted files and use the desktop applications (rather than Word Online, for example). I doubt they would be using the search features or indexing in SharePoint Online.
- Rajesh KhanikarSep 11, 2017Copper Contributor
To classify a large amount of files, you could write a script, for which you will require Windows PowerShell for Azure Rights Management. In a computer where you have AIP client installed and configured, the PowerShell commands are automatically available for you to carry out automation using custom scripts. For example, you can use cmdlet (ref this link)
Set-AIPFileClassification
To automatically set an Azure Information Protection label on one or more file(s), according to conditions that are configured in the policy.