Jun 28 2019
- last edited on
May 24 2021
I have a question about this section of the documentation.
Migration phase 2 - server-side configuration for AD RMS - https://docs.microsoft.com/en-us/azure/information-protection/migrate-from-ad-rms-phase2
If your templates in AD RMS used the ANYONE group, the closest equivalent group in Azure Information Protection is named AllStaff-7184AB3F-CCD1-46F3-8233-3E09E9CF0E66@<tenant_name>.onmicrosoft.com. For example, this group might look like the following for Contoso: AllStaff-7184AB3F-CCD1-46F3-8233-3E09E9CF0E66@contoso.onmicrosoft.com. This group contains all users from your Azure AD tenant.
When you manage templates and labels in the Azure portal, this group displays as your tenant's domain name in Azure AD. For example, this group might look like the following for Contoso: contoso.onmicrosoft.com. To add this group, the option displays Add <organization name> - All members.
Should I keep the ANYONE group in the template imported to Azure RMS / AIP or should I remove the ANYONE group permission on the template?
If I should keep the ANYONE group, when is this entry being used?
Jul 01 2019 02:46 PM
On the AIP template, you may delete entry for the ANYONE group and add the group "AllStaff-7184AB3F-CCD1-46F3-8233-3E09E9CF0E66@<tenant_name>.onmicrosoft.com" instead.