The Documentation for Azure Information Protection has been updated on the web and the latest content has an August 2018 (or later) date at the top of the article.
This month sees an updated preview release of the client, with supporting documentation for the changes. The biggest change in this version is that protecting PDF files by using the ISO standard for PDF encryption is now the default rather than a configuration option that you enable with an advanced client setting. You can use the advanced client setting if you need to revert to the GA behavior.
We listen to your feedback and try to incorporate it whenever possible. Let me know if you have feedback about the technical documentation and I also encourage you to head over to our Yammer site to see what others are discussing.
What's new in the documentation for Azure Information Protection, August 2018
- Updated the Firewalls and network infrastructure section to reflect the recent redesign of the Office article, Office 365 URLs and IP address ranges. You can read more about the redesign on the Office blog post, New Office 365 IP/URL tables published. If you have questions or feedback about the new design, use GitHub Issues at the bottom of the Office article.
The redesign no longer has a separate section for "Azure Rights Management (RMS)" and the URLs that are marked as Required (which include those needed for Azure Rights Management protection) do not list the relevant services. In line with this strategy, our documentation no longer lists mobile.pipe.aria.microsoft.com because this URL is listed as Required for other services. Azure Information Protection uses this URL to periodically send usage data. Note that unlike other URLs that the client requires, if this one is blocked, the client does work but it affects its performance because it keeps trying to send the data. Other changes to this section:
- Added new entries for Azure Information Protection components, which include the client, scanner, viewer, policy, label, and protection templates.
- Updated the Instructions for BYOK section with the information that for Azure Information Protection to use the key, all Key Vault operations must be permitted for the key. This is the default configuration and the operations are encrypt, decrypt, wrap, unwrap, sign, and verify. You can use the Key Vault PowerShell cmdlet, Get-AzureKeyVaultKey to verify the key-ops values.
- Updated the Encrypt-Only option for emails section, with information about the new parameter, DecryptAttachmentForEncryptOnly, which removes protection from Office attachments after the protected email message is opened.
- Remove the note that the new sensitive types that help you find personal data might not be displayed for all tenants in the Azure portal. This deployment is now complete and these new options should be displayed for all tenants.
- Updated the How files are scanned section:
- Updated the Rekey section to clarify that when you rekey an HSM-protected key that you create on-premises, you can use the same security world and access cards as you used for your current key.
- Updated for the new preview release, which includes the following new fixes with the latest version:
- The Upgrading the Azure Information Protection scanner section is updated with the information that Update-AIPScanner must be run one time after upgrading from the GA version (126.96.36.199) and earlier. In other words, if you are upgrading from the last preview version and previously ran Update-AIPScanner, you do not need to run it again.
- Updated the following entries:
New entries that require the current preview client:
- Added the statement that files in WebDAV locations are not supported. Updated throughout for the new behavior of the preview client when it protects PDF files. In addition, the file types of .msg, .rar, and .zip are added to the list of file types excluded by default for the preview version of the scanner.
AzureInformationProtection PowerShell module:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.