Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

AIP Webinar Q&A

Microsoft

Many people have registered for our webinar (https://aka.ms/AIPWebinar). We're thrilled to see such interest, but it also means we'll likely get a large volume of questions on the call, and it may not be possible to respond to every one in real time.

 

We will do our best to get your question answered directly on the call, and we'll have several dedicated team members just to respond to the questions; however, I wanted to provide an additional mechanism for any questions we're unable to get to. 

 

This post will be used for any questions that didn't get addressed on the call. We'll be reviewing the transcript of questions after the call and we'll post answers here. This may take a day or two, so please check back soon. 

 

If you were unable to attend the call, note that you can find the recordings here: https://aka.ms/AIPRecordings. Feel free to reply to this post with any questions you have. 

13 Replies

Looking forward to the next one. @Ryan Heffernan 

@Ryan Heffernan 

Would there be a possibility of setting up multiple AIP scanner instances in a single machine?

@Ryan Heffernan 

Can this label be exposed as a managed property in SP search results?

Webinar Answer was "Labels can be converted into managed properties in SharePoint via a metadata conversion feature in AIP.  See https://docs.microsoft.com/en-us/azure/information-protection/rms-client/client-admin-guide-customiz...

 

But we want the other way around where the applied label is pushed to a SP column instead. We want this for 

1. Visual reference when user navigates to a SP library

2. For SP Search module tweak where we say NOT TO SCAN files with certain confidentiality (I know that permissions trimming should be used but things happen where entire SPSite is not secured)

@Ryan Heffernan 

From AIP webinars, 

the scoped policy setting will take precedence over the global setting.

 

When I have 2 custom scoped policies with opposite values to setting "Show AIP Bar" & User1 falls under both policies, which setting is considered here?

 

@Ryan Heffernan 

When user utilizes AIP windows app's custom permissions - Does it use user's key or Organization key (BYOK / Ms provided) chosen inside AIP Console - Can Global admin read (decrypt) this file.

 

Q 1: Which key is used?

Q 2: (Got answer) - Super user can decrypt all docs.

@Ryan Heffernan 

When I enable Unified labeling in AIP console, theory is that SCC & AIP would be in sync.

But in SCC, I can have labels with rules using AND operator.

How would this translate to AIP console in the UI (where only OR operator is supported)

@Ryan Heffernan 

If I have a AIP label with 10 rules using OR operator (only OR is supported), would the scan stop once it finds a match for a rule or would it continue till all 10 rules are processed?

@Ryan Heffernan 

In AIP console, for a label when I apply protection, there is a protection level called "allow programmatic access to document". 

 

Use case: User can only view but not print

If I have "allow programmatic access to document" selected & all other levels unchecked (except view), would the 3rd party (ex: C# code based) app be able to read content & export it other document. (where in it allows us to print the content - since its a new document)

 

OR

"allow programmatic access to document" - is only about letting 3rd party apps read OLE property sheet?

 

Hi Amanda, I'm afraid multiple scanner instances on a single machine is not possible today. Please follow our guidance on this link: https://docs.microsoft.com/en-us/azure/information-protection/deploy-aip-scanner

@Ananda Prasad Bandaru 

 

Not sure if this will provide what you need but please take a look at this guidance and see if it will help. https://support.office.com/en-us/article/Create-a-managed-metadata-column-C2A06717-8105-4AEA-890D-30...

 

I've seen third party provide walk throughs on how to do this based on an AIP label but this hasn't been tested by Microsoft. 

@Ananda Prasad Bandaru 

Conditions are not migrated between AIP and unified labeling. only the label itself is migrated. Conditions and policies need to be re-created.

@Ananda Prasad Bandaru 

A1: The same key as configured in the tenant, BYOK or Microsoft Managed Key

A2: Yes

@Ananda Prasad Bandaru 

The last scoped policy in the order it's configured in the AIP Portal will catch.