Home

We would like to announce the general availability of Adobe Acrobat Reader integration with Microsoft Information Protection solutions – which we originally announced in September Your feedback during the development of this integration was both insight and useful.  You can download the new Adobe Acrobat Reader  that supports Microsoft Information Protection capabilities at the following location

 

Adobe GA Graphics (2).png

 

 

Figure 1: Page to download the Adobe integration Plug-in

Installation instructions

Prior to downloading the latest Adobe Acrobat, please make sure that your labels are visible in the Security and Compliance center UI @ https://protection.office.com . If the labels are visible and are published by a label policy from the Security and Compliance center, the Adobe Integration will function.  

 

Note: The instructions on how to replicate your existing AIP labels to Security and Compliance center is at the following link

 

After you have validated the label being visible in the Security and Compliance center, please proceed to download your Adobe Acrobat Reader from the Adobe site. Once you have installed the Reader then please proceed to the link and download the integration plug-in for installation.  Please make sure that you close the Adobe Acrobat solution prior to installing the plug-in, otherwise it will not work. 

 

If have an older installation then please make sure to read the general terms of use and uninstall any old Reader and plug-in installation before installing the new reader and the plug-in.  The integration works with the 2019.010.20064 version of Acrobat Reader DC and Acrobat DC. Please do not use the plug-in with an earlier version of Acrobat.

 

After you have installed the plug-in, please try to label and protect a PDF document using the Azure Information Protection client and then open with Adobe Acrobat Reader that has the integration enabled. 

 

Organizations with restrictive install permissions within their tenant

In case you receive the following error as shown in Figure 2, when opening the secure PDF document with Adobe, It is due to the fact that the tenant administrator in your organization does not want users to authorize applications within your organizations tenant .  This is an additional security measure that your tenant administrator might have enabled .

Adobe GA Admin Consent.png

 Figure 2: Admin Consent page that shows if you have not authorized the Adobe applications

 

In such cases, please have your tenant administrators consent to the Adobe Acrobat App-id which is as follows:

cad2910c-3b55-4610-ba7e-dda581063c91

 

Once the administrative consent happens, then you should be ready to consume protected PDF content via Adobe’s Acrobat Reader. If you would like to understand what consent flows are, please read the information at the following link:

 

https://techcommunity.microsoft.com/t5/Microsoft-Information-Protection/Consent-flows-for-applicatio...

 

 

 

Viewing the label ribbon when PDF is labeled or labeled and protected

 

 To view the label ribbon in Acrobat reader interface please update or create the following registry entry on your computer

 

Computer\HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\MicrosoftAIP

Create a DWORD value name called : bShowDMB with a Hexadecimal value of 1 

 

 

Label and Sublabel pic adobe.png

 Figure 3: Label banner on a PDF

 

 

  That will allow the ability to view the label ribbon within the Acrobat interface

 

Issues in viewing labels with Adobe Reader

Even after making the changes in registry you are not seeing the labels. Then the issue could be the following:

  • Have your labels been replicated from the AIP portal to Security and Compliance center?
  • Have you published your labels to the users in your tenant from the Security and Compliance center?

If your answer is no, to the above questions, then you will not see the labels. The Adobe integration is enabled with Microsoft Information Protection and the policies for those labels comes the Security and Compliance center at https://protection.office.com

 

Please check if your AIP labels manifest within Security and Compliance center and if they are visible then please make sure that your labels are published.

 

If you have done the above steps please make sure that the registry entry for the label banner is done as Adobe\Acrobat Reader\DC and not under Adobe\DC

Computer\HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\MicrosoftAIP

And the value is a DWORD not a QWORD

 

 

We at both Adobe and Microsoft look forward to your engagement and feedback to improve the product experience.

 

 

84 Comments
Senior Member

@Deleted can you kindly let know:

  • On clicking the menu Help->About Adobe Plug-Ins, MSRMS.api entry is present.
  • On clicking the menu Edit->Preferences, in the General tab's Application Startup section, value of Currently in Certified Mode is Yes.
  • $AdobeReaderInstallDirectory\Reader\plug_ins directory contains four DLLs starting with mip_.

Thanks.

 

CC: @Mohd_Kashif

Deleted
Not applicable

Hi @Rajneesh_Chavli and @Mohd_Kashif,

 

I do not think MSRMS.api is present

The value of Currently in Certified Mode is Yes.

And C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins contains 4 dll files

Pls see the attached screenshots:

 

Adpbe plugins.PNGAdobe dll files.PNGAdobe app startup.PNG

Thank you

 

 

Senior Member

@Deleted please let know:

  • if you're seeing this issue on multiple machines or a specific machine?
  • if you've tried on just one machine can you please try on another machine and let us know the behavior?
  • what's the environment of the affected machine (i.e. physical/virtual, operating system etc)?
  • if the behavior is specific to multiple PDFs or a single PDF?
  • if you've protected the PDF with a custom label and if yes, please try opening a PDF which has been protected with one of the pre-configured labels (e.g. Confidential/All Employees).
  • if you can share the screenshot of Computer\HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\MicrosoftAIP from the affected machine?
  • while opening the PDF, do you receive an email dialog? And then a password dialog?
  • if you can open the same PDF with all protection removed?

 

Thanks for your help.

 

CC: @Mohd_Kashif

Deleted
Not applicable

Hi @Rajneesh_Chavli and @Mohd_Kashif,

Thanks for your reply. The answers below:

  • if you're seeing this issue on multiple machines or a specific machine? - We tried on 2 PCs.
  • if you've tried on just one machine can you please try on another machine and let us know the behavior? - same as on my machine - same on the other PC.
  • what's the environment of the affected machine (i.e. physical/virtual, operating system etc)? - They are all Win 10 laptops, physical machines
  • if the behaviour is specific to multiple PDFs or a single PDF? - the issue is for all PDFs. The solution was supposed to protect documents on SharePoint Online site. It has IRM activated, so documents are allowed to print only, but not emailed, downloaded, modified etc.. It works on Word documents, but not on PDFs
  • if you've protected the PDF with a custom label and if yes, please try opening a PDF which has been protected with one of the pre-configured labels (e.g. Confidential/All Employees). - Sorry for my ignorance - how to protect a PDF? Using Azure Information Protection client? I thought uploading the document to SP site with IRM activated will protect it automatically... Shall I install Azure Information Protection client and protect the PDF before uploading it to SP?

Also - can I set up the label applying to be applied while uploading documents to that SP site?

  • if you can share the screenshot of Computer\HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\MicrosoftAIP from the affected machine? - Screen shot of registry is attached below. Please note that key was not created while installing Adobe or the plugin. I created it manually.
  • while opening the PDF, do you receive an email dialog? And then a password dialog? - No I do not receive any dialog. Adobe PDF reader opens straight away with "This PDF file is Protected..." message. There is no label ribbon in Adobe Acrobat Reader - see the screenshot below.
  • if you can open the same PDF with all protection removed? - Not sure what you mean.. Before I upload that document to SP site, I could open without problems. I Cannot if I open the document from the SP Site. Also I can open the original document stored on my laptop.

I am not sure whether the whole set up is done correctly. I.e. I have labels published in tenant Security and Compliance center. So far I do not see a way to apply a label to a document - the IRM protection seems to be applied to Office docs and PDFs by uploading the file to a site where IRM is active, but I do not see labels to either PDFs or Office docs..

Do I need to install Azure Information Protection client on my laptop and apply the label to the PDF before uploading to that site? In order to apply the label?

So perhaps start from scratch - list of items to install, and in what order...? Bare in mind - all that is needed for a SPOnline site containing sensitive documents..for the time being.

Thanks a bunch!

 

Adobe reg settings.PNGAdobe protected message.PNG

Senior Member

@Deleted thanks for your response.

Request you to please send a protected PDF (which you're unable to open in Adobe Reader) to "rchavli [at] adobe [dot] com" and "kashif [at] adobe [dot] com".

Thanks.

 

CC: @Mohd_Kashif

Senior Member

Hello,

 

When I try to log in with the email from my domain I get 401 unauthorized page.  If I log with a external test gmail account I get an error "User account from identity provider does not exist in tenant 'Adobe Inc' and cannot access the application.  This account needs to be added as an external user in the tenant first."  If I close the box it will allow me to access the pdf file, the bookmark titles are missing but can still view the content and click on the bookmarks.  On my domain account it just closes the pdf file.

 

adobe error 1.JPGStep 1adobe error 2.JPGStep 2adobe error 3.JPGStep 3

 

In the Azure portal I see two sign in from my domain account one successful one interrupted.  My gmail only show one successful.

interrupted.JPG

Same ID Successful same time.

suc.JPG

 

AFAIK all the permissions are there.

 

Permission.JPG

 

FYI: AIP Viewer and Foxit Reader work just fine viewing the document.

 

Also, is there anyway to undo the auto sign in?  Now that I've signed in with my gmail account I can't find a way to sign out so I can test my domain account.

 

aip stay signed in.JPGWay to undo this?

 

Thanks,

 

 

 

 

Deleted
Not applicable

Hi @Rajneesh_Chavli,

As requested 1 post before - I have sent a file.

I hope it helps.

Regards

Senior Member

@Tim_Lehman credentials can be cleared via Edit->Preferences->Security->Microsoft Information Protection->Clear remembered account information.

Thanks.

 

CC: @Mohd_Kashif

Senior Member

Thanks @Rajneesh_Chavli.  Couldn't get much easier than that, I don't know how I overlooked that.  

 

I don't what has changed this morning, but I'm able to log into the plugin using username@domain.com but not email@domain.com.  My test gmail account still gives me this error though.  Closing the window (screenshot below) allows me to view the pdf. 

 

Any help would be greatly appreciated.

 

gmail error.JPGgmail error

 

Thanks,

 

 

 

 

Senior Member

Sorry if this is a repost but thanks for the help @Rajneesh_Chavli

 

I'm able to log in now using user@domain.com but not email@domain.com.  I get the token error when I use email@domain.com.  I would like to have this fixed but worst case I can tell my users to use user@domain.com

 

However, I'm still having an issue with my test external gmail account.  I get an error "Selected user account does not exist in tenant 'Adobe Inc' and cannot access the application 'cad2910c-3b55-4610-ba7e-dda581063c91' in that tenant. The account needs to be added as an external user in the tenant first. Please use a different account."  If I close this window it opens up the pdf just fine and I can view it, but it doesn't go any further until I close the window.

 

This is an external user in my tenant and I have granted them permission to the application via the Azure portal.  I'm not sure what the 'Adobe Inc' tenant in the error message means.

 

gmail error.JPG

 

This is an issue for us because we need to be able to share protected documents with external users.

 

Thanks,

@Tim Lehmann , I am the PM at Microsoft. We will need to look at this issue in a little more depth. May I ask you open a ticket with Microsoft support please.
@Steve Light - Can you keep an eye on this support request that may be coming your way. This is pertaining the MIP SDK.

Senior Member

@Kartik Kanakasabesan I have one opened with them since 1/8/19 did you want the ticket # or should I opened a new one? Because some of the issues in the details we have fixed, that way it will be more focused on the current issue.

Deleted
Not applicable

Hi  @Rajneesh_Chavli and @Mohd_Kashif,

Do you have any feed back on our issue after I sent you a locked PDF file as requested on 15/01/19?

Please update.

Many thanks.

Visitor

This is a great inspiring article.I am pretty much pleased with your good work.You put really very helpful information.

norton.com/setup

office.com/setup

mcafee.com/activate

Occasional Visitor

Hello,

We have a problem with every scanned document from Konica Minolta devices. I tried to change the scan settings but it still did not work. The pdf is displayed correctly before applying the label.

Zrzut ekranu 2019-02-28 o 14.25.08.png

In the program Foxit and Azure Information Protection Viewer displays correctly.

Thanks a lot if someone could help

@root129  can you please open a support ticket please so we can better understand. The support ticket needs to be opened with Adobe. @Rajjeet Kadian  can you please advise

Regular Visitor

@root129 could you please share the document on rkadian@adobe.com? Please send a document which has no protection but just a label and one with protection & label.

New Contributor

@Kartik Kanakasabesan @Rajneesh_Chavli   I have problem with the Office 365 authentication. In my tenant, some users use certificate to sign into Office 365 (authenticated by ADFS), and some other users sign in with Office 365 password (authenticated online by Office 365 - no MFA, no federation, no SSO, just plain default). When opening an AIP-protected .pdf file, the MIP plug-in works as expected, i.e. it asks users credential. After entering the email address and Office 365 password, the user authenticated by Office 365 could open the .pdf file. The problem is, the user authenticated with ADFS could not complete authentication, as the certificate prompt window doesn't show up.

Do MIP plug in support this kind of authentication scenario as well?

Occasional Visitor

@null null  currently we donot have scope for ADFS authentication in the MIP plugin 

 

 

Contributor

@Kartik Kanakasabesan I do not even get the consent prompt. I enter my email and then I get redirected straight to the PDF content without showing any ribbon. Could you help me troubleshoot? Thank you much. Maria Y.

@myacaman  can you reach out to @Steve Light in Microsoft support, and we can get going from there. 

Occasional Visitor

I don't see anywhere regarding the visual marking for the PDF reader. Does the adobe reader support Unified labeling watermarking?

Visitor

@Tim_Lehman  Did you get that issue resolved when using external accounts to open protected PDF files?. I had the same issue when trying to open a PDF file on my personal laptop using an outlook.com address. When i try opening the same PDF file on a different laptop I get an error about not being able to read the network location (both laptops have the same OS, Adobe DC version, Plugin version).

Senior Member

@sf_blue 

 

I have not had my issue resolved yet.  Microsoft had me reach out to Adobe, Adobe said there was a Microsoft Sync issue they were looking into.  The "network location error" is a new for me, which I'm also getting this same error.

Visitor

@Tim_Lehman

 

yeah, does seem to be an Adobe issue. I can open the PDF file using the Foxit Reader and the AIP viewer.

Visitor

Hi @Tim_Lehman

 

Can you explain the steps you have followed. Also please attach a screenshot of error dialog.

 

Senior Member

 

 

Hi @Aman_Gupta 

 

Kartik wanted me to open a ticket which I'll be doing when I get a spare moment but the steps are:

 

1. Apply a label

2. Open the file and put in my gmail address when prompted ( It doesn't prompt me to put in my Microsoft Account credentials, it used to take me to the Microsoft login splash page.)

3. Asks if I want to stay signed in.

4. Gives me an error " The network location cannot be reached."

 

Capture.PNG

 

I actually recently got a new computer, reloaded all the software and got the "Select user isn't part of the tenant error" on the first test, but today it's giving me the network location error.

 

If I close the "Isn't part of the tenant" error it will let me view the content.  The network location error does nothing.

 

In the portal it logs it as a successful attempt though.

 

Capture.PNG

 

Thanks,

 

 

Occasional Visitor

@Kartik Kanakasabesan , 

 

I am also facing the same issue @Tim_Lehman has mentioned. This issue is stopping us to perform the deployment for more than 5000 users.

 

Kindly assist.

@Yasser Ahmed 

Regards

Aditya

@imaditya , can you please open a support ticket on the matter so that we can trouble shoot accordingly. 

 

Kartik

Contributor

Hola Everyone, I am not been asked to save my credentials.

Does anyone know how can I get it to do that?

Visitor

Hi @myacaman 

 

Please try clearing your MIP saved preferences inside Acrobat/Reader. To do that open "Preferences" and select "Security" tab. Here click on "Clear remembered account information" under "Microsoft Azure Information Protection" section.

Restart the product and try to open any MIP protected file

 

-Aman

Occasional Visitor

@Kartik Kanakasabesan Hi Kartik,

 

Any plan to support the new protected PDF format on mobile platform (Android, iOS)?

 

Also is there any documentation on the details of the new protected PDF format? For example, where is the publishing license and other metadata is stored etc. As a third party developer, we would like to be able to generate the new protected format from mobile devices. However, it looks like the new PDF format is only available on the desktop via the C++ SDK (IpcfEncryptFileStream etc)? Please let me know if I missed anything.

 

Thanks!

 

Qi

Occasional Visitor

Every time we open a protected document, it prompts to enter email address for validation.

Yes, we've selected the option 'remember me for faster login'

Yes, we've tried clearing remembered account info from security --> azure IP

 

Is there any way to get this to use the signed-in windows user for SSO?

Occasional Visitor

@Kartik Kanakasabesan I followed all instructions and I am able to open protected PDF files in the Adobe Reader DC, but PDF files encrypted using SharePoint online I am still not able to read them in the Adobe Reader. Still getting, This PDF file is protected. Could you let me know whether SPO AIP encrypted file are supported or not in the Adobe Reader DC? Or is there any additional step required?