Azure Information Protection Documentation Update for September 2018

The Documentation for Azure Information Protection has been updated on the web and the latest content has an September 2018 (or later) date at the top of the article.

This month sees supporting documentation for releases that you might have heard about at the Microsoft Ignite conference in Orlando. And of course, regular updates from your feedback and questions.  

Missed the announcements at Ignite?  Catch up with the rollup summary: Announcing availability of information protection capabilities to help protect your sensitive data

Apart from hearing about the new releases, and of course networking with the product groups and your peers, many people attend Ignite for the extremely useful hands-on labs.  Even if you didn't attend Ignite, you can access the lab information for Azure Information Protection, from https://aka.ms/aiplab.

We listen to your feedback and try to incorporate it whenever possible. Let me know if you have feedback about the technical documentation and I also encourage you to head over to our Yammer site to see what others are discussing. 

UPDATE: New documentation for Azure Information Protection Premium Government: Azure Information Protection Premium Government Service Description 

What's new in the documentation for Azure Information Protection, September 2018

What is Azure Information Protection?

- Updated the resource section for the recommended top 5 Microsoft Ignite sessions. If you couldn't join us in Ignite, these sessions were recorded and you can watch them in your own time. 

Requirements for Azure Information Protection

- Updated the Client devices section, to confirm support for virtualized desktop solutions (VDI), with the recommendation that you check with the software vendor for any additional configuration that might be needed.

The Applications section is also updated with a new bullet that you can now use a non-ProPlus edition of Office for labels that apply protection. For example, the edition of Word that comes with the popular Office 365 Business Premium subscription. Note that your Office build must be a minimum version of 1805, you must be using the latest general availability version of the Azure Information Protection client, and your account must be assigned a license for Azure Rights Management.  Unless all these three requirements are met, labels that apply protection do not display on the Information Protection bar unless you have a ProPlus edition of the Office apps. This new requirement is also noted in the prerequisites for the quick start tutorial, and how Windows computers support IRM. 

Configuring usage rights for Azure Rights Management

- In the usage rights and descriptions table, updated the information about the rights needed in addition to Forward, Reply, and Reply All: You need the "Edit Content, Edit" (EDIT) usage right to use these email actions, and the "Save" (DOCEDIT) right is also needed to prevent the original message being delivered as an attachment. The "Save As, Export" (EXPORT) is corrected to be part of the Full Control Office custom rights and not part of the Change options.

Deploying the Azure Information Protection scanner to automatically classify and protect files

- Updated throughout to reflect the recently released GA client.

How to migrate Azure Information Protection labels to the Office 365 Security & Compliance Center

- New article for the preview release for tenant migration to the unified label store. Do not use this option on a production tenant and be sure to read the considerations and current limitations before you test publishing the migrated labels from the Office 365 Security & Compliance Center.  

Central reporting for Azure Information Protection

- New article for the preview release of Azure Information Protection analytics, which collects and displays data in the Azure portal from your Azure Information Protection clients and scanners (current preview versions), and clients that support unified labeling.

Azure Information Protection client: Version release history and support policy

- New entries for the 1.37.19.0 GA release, and the new preview release that supports centralized reporting.

Admin Guide: Custom configurations for the Azure Information Protection client

- The advanced client configuration setting to modify the email address for the Report an Issue link is no longer preview, but this setting now applies only to preview versions of the client. The "Report an Issue" link is no longer available for GA versions of the client.

The configuration setting to support PDF files by using the ISO standard for PDF encryption is also no longer in preview but this support is off by default and must be enabled.  Instructions are added to this section to help you convert existing .ppdf files to .pdf files that are protected by using the ISO standard. 

The other new advanced client configuration settings that provide support for files protected by Secure Islands and remove headers and footers from other labeling systems both remain in preview.  The advanced client configuration setting to migrate from Secure Islands and other labeling solutions also remains in preview, and is not compatible with the setting to support the ISO standard for PDF encryption.

RMS protection with Windows Server File Classification Infrastructure (FCI)

- Updated for the following, with a callout to Jaroslav Zikmund (Senior Premier Field Engineer) for his help in making these updates:

• Added single quotes around the [Source File Owner Email] parameter in the file management task argument, after reports that this syntax seemed more reliable.
• Updated the troubleshooting tips to clarify that you can run the script by itself in Windows PowerShell ISE once per PowerShell session. If you try to connect a second time in the same session, you see a connection error.
• Added new section, Action required if you make changes to the Rights Management template, with the information that you must force a download of changed templates in the computer account context rather than your own user context (how it was previously documented). The script is also updated with a commented out line for this addition.

AzureInformationProtection PowerShell module

- Updated the scanner cmdlets for the recently released GA version.