Forum Discussion
MicrosoftAIP Webinar Q&A
Many people have registered for our webinar (https://aka.ms/AIPWebinar). We're thrilled to see such interest, but it also means we'll likely get a large volume of questions on the call, and it may not be possible to respond to every one in real time.
We will do our best to get your question answered directly on the call, and we'll have several dedicated team members just to respond to the questions; however, I wanted to provide an additional mechanism for any questions we're unable to get to.
This post will be used for any questions that didn't get addressed on the call. We'll be reviewing the transcript of questions after the call and we'll post answers here. This may take a day or two, so please check back soon.
If you were unable to attend the call, note that you can find the recordings here: https://aka.ms/AIPRecordings. Feel free to reply to this post with any questions you have.
13 Replies
In AIP console, for a label when I apply protection, there is a protection level called "allow programmatic access to document".
Use case: User can only view but not print
If I have "allow programmatic access to document" selected & all other levels unchecked (except view), would the 3rd party (ex: C# code based) app be able to read content & export it other document. (where in it allows us to print the content - since its a new document)
OR
"allow programmatic access to document" - is only about letting 3rd party apps read OLE property sheet?
If I have a AIP label with 10 rules using OR operator (only OR is supported), would the scan stop once it finds a match for a rule or would it continue till all 10 rules are processed?
When I enable Unified labeling in AIP console, theory is that SCC & AIP would be in sync.
But in SCC, I can have labels with rules using AND operator.
How would this translate to AIP console in the UI (where only OR operator is supported)
- Nir Hendler
Conditions are not migrated between AIP and unified labeling. only the label itself is migrated. Conditions and policies need to be re-created.
When user utilizes AIP windows app's custom permissions - Does it use user's key or Organization key (BYOK / Ms provided) chosen inside AIP Console - Can Global admin read (decrypt) this file.
Q 1: Which key is used?
Q 2: (Got answer) - Super user can decrypt all docs.
- Nir Hendler
A1: The same key as configured in the tenant, BYOK or Microsoft Managed Key
A2: Yes
From AIP webinars,
the scoped policy setting will take precedence over the global setting.
When I have 2 custom scoped policies with opposite values to setting "Show AIP Bar" & User1 falls under both policies, which setting is considered here?
- Nir Hendler
The last scoped policy in the order it's configured in the AIP Portal will catch.
Can this label be exposed as a managed property in SP search results?
Webinar Answer was "Labels can be converted into managed properties in SharePoint via a metadata conversion feature in AIP. See https://docs.microsoft.com/en-us/azure/information-protection/rms-client/client-admin-guide-customizations#label-an-office-document-by-using-an-existing-custom-property
But we want the other way around where the applied label is pushed to a SP column instead. We want this for
1. Visual reference when user navigates to a SP library
2. For SP Search module tweak where we say NOT TO SCAN files with certain confidentiality (I know that permissions trimming should be used but things happen where entire SPSite is not secured)
Not sure if this will provide what you need but please take a look at this guidance and see if it will help. https://support.office.com/en-us/article/Create-a-managed-metadata-column-C2A06717-8105-4AEA-890D-3082853AB7B7
I've seen third party provide walk throughs on how to do this based on an AIP label but this hasn't been tested by Microsoft.
Would there be a possibility of setting up multiple AIP scanner instances in a single machine?
Hi Amanda, I'm afraid multiple scanner instances on a single machine is not possible today. Please follow our guidance on this link: https://docs.microsoft.com/en-us/azure/information-protection/deploy-aip-scanner
Looking forward to the next one. Ryan Heffernan
