AIP and Word "Track Changes" feature / Best way to deal with password protected excel files

Occasional Contributor

Hi All,

Can somebody give more information on limitation introducted with Azure Information Protection on Word and Excel Files? Which Excel and Word Features are still possible to use? Is there somewhere a list of limitations. My searches weren't successful for the specific situation below.

 

Situation:

I onboarded a customer to AIP. The setup is rather simplistic. All documents within certain location should have protection that only tenant members can open and edit them. We tought using AIP would be more targeted rather than DLP Policies because we would protect the files and not control sharing functionalities. We introduced one label with two assigned permission groups Co-Owner and Co-Author. Classification has been handled through Powershell because we don't know which content to protect only that files in that certain location should be protected.

 

1. Problem:
Protection worked fine on 95% of files but the customer heavily used password protection on some excel files. We understand that password protected files need to be unprotect before AIP Labels can be applied. But the usage is scattered. I'm currently looking into creating a powershell script which scan through the files unprotects workbooks and apply AIP Protection. Has somebody experience with this problem and already implemented a solution? Is this approach the best way to solve it or should I consider other paths?

2. Problem:
Protected Word files lose the ability to track changes if you are a CoAuthor. Is there a way to limit users from removing labels / protection but allowing them to use all word other word features? kind of CoOwner but without edit rights? I'm trying currently to work with a custom role where everything is checked expect edit rights, export content. Any experience with this situation?

pheeeling_0-1605313539707.png

 

@Mavi Etzyon-Grizer Do you know a person which has deeper insights?

Thanks for any help.

 

Best regards

Philipp

1 Reply

Problem 2 was very simple. Word Track Changes feature is only available with edit content rights permission within Office 365 ProPlus 1807 and higher (https://docs.microsoft.com/en-us/azure/information-protection/configure-usage-rights). I'm still open for any feedback related to problem 1.