The Documentation for Azure Information Protection has been updated on the web and the latest content has an October 2018 (or later) date at the top of the article.
This month continues to see supporting documentation for releases that you might have heard about at the Microsoft Ignite conference in Orlando. For example, the preview release of the Azure Information Protection unified labeling client that downloads labels and policy from the Office 365 Security & Compliance Center. And as usual, we have regular updates from your feedback and questions.
Final reminder: Catch up with the rollup summary for Ignite 2018: Announcing availability of information protection capabilities to help protect your sensitive data
We listen to your feedback and try to incorporate it whenever possible. Let me know if you have feedback about the technical documentation and I also encourage you to head over to our Yammer site to see what others are discussing.
What's new in the documentation for Azure Information Protection, October 2018
- New documentation that was published at the beginning of the month, but so important that we also added a quick update for it in last month's post after it was published. The Enterprise Mobility + Security for US Government Service Description is also updated to include information about Azure Information Protection in the Parity with EMS Commercial Offerings section.
- New entry to help address any confusion around "Microsoft Information Protection": What's the difference between Azure Information Protection and Microsoft Information Protection?
Also updated the entry for using Azure AD conditional access (still in preview for Azure Information Protection), with a new bullet to clarify that if you use MFA in your conditional access policies for collaborating with other organizations ("B2B"), you must use Azure AD B2B collaboration and manually create guest accounts.
- Updated the table in the RMS-enlightened application section, to remove the PDF column. This information is now moved to the new page, Supported PDF readers for Microsoft Information Protection.
- Updated the deployment roadmap for classification, labeling, and protection. The steps now include how you might deploy the scanner using different configurations for different stages of your deployment:
- Updated the Instructions for BYOK to include the Azure portal configuration steps for authorizing the Azure Rights Management service to use the key in Key Vault.
- Updated the Encrypt-Only option for emails section, to include this option as a newly available Office 365 DLP action.
- New section, Guidance for using Unprotect-RMSFile for eDiscovery.
- Updated the description of the All documents and emails must have a label setting (also known as mandatory labeling) to clarify that this option does not apply to PowerShell.
- Updated to remove the preview statements for the Add any authenticated users option, now that the release status for this feature has changed to generally available (GA).
- Updated the additional information list with information about maximum string lengths supported, and a warning that Excel's lower string length supported can result in truncated text.
- Updated for the Azure Information Protection unified labeling client and Office apps that natively support unified labels by using the Sensitivity feature.
- New section for organizations who use the Azure AD roles of Security Administrator or Information Protection Administrator, Important information about administrative roles. If you have users who are granted either of these roles to manage Azure Information Protection, grant them the Compliance Administrator role for the Office 365 Security & Compliance Center if you want them to continue to have access to the labels and policies in the Azure portal. Also added the prerequisite that you must be signed in as a global admin to migrate your labels.
Also updated the Clients that support unified labeling section to include the Azure Information Protection unified labeling client for Windows.
- Updated for the following:
- Updated the How to modify the reports section, with the information that the logged data is stored in the InformationProtectionLogs_CL table.
- New page for end users who need to open classified and protected PDFs. This page provides high-level information about the collaboration between Microsoft and Adobe that resulted in the recently released new Adobe reader (in preview), links to download readers that support the ISO standard for PDF encryption, and information about older formats and supported readers for these.
- Now that version 126.96.36.199 is out of support, the section for this release is now removed. In addition, the preview release section is updated for known issues with the scanner, and a link to the information about the new preview release of the unified labeling client.
- Added a new section for the scanner, To scan .zip files.
- New article, which covers what's included and excluded in this first preview version of the unified labeling client that downloads policy and sensitivity labels from the Office 365 Security & Compliance Center.
- New article, with instructions for an interactive user install.
- Updated with the clarification that the Save As button in the viewer is available only for protected files.
- Updated the possible values for the current version of the scanner:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.