The Documentation for Azure Information Protection has been updated on the web and the latest content has a February 2018 (or later) date at the top of the article.
Despite the fewer number of days in this month, we're not short on doc updates to support new releases or requests for clarifications. So this is the place to check for anything you might have missed. For example, these doc updates include:
Help bot update: After announcing the introduction of the help bot for Azure Information Protection last month, we've had a good uptake on people turning to this resource for fast help. If your question isn't answered, the bot gives you the option of searching the docs or opening a support case. But the bot is also learning with each question. If your question is scoped to Azure Information Protection, the help bot learns that this is a new question and it might be answered another day you ask it. Your questions help us understand what you need help with, so keep those legitimate questions coming even if they aren't answered immediately. And take advantage of typing #feedback in the bot, to send us your free-form comments.
We listen to your feedback and try to incorporate it whenever possible. Let me know if you have feedback about the documentation and I also encourage you to head over to our Yammer site to see what others are discussing.
What's new in the documentation for Azure Information Protection, February 2018
- Updated the Subscription for Azure Information Protection section with a tip for people looking to confirm whether their Office 365 plan or Exchange Online plan includes support for the new capabilities with Office 365 Message Encryption.
- New entries:
- New entry:
- The main article that contains information about new tenants that have the protection service automatically activated for them. This change started to roll out to tenants towards the end of February and is expected to be complete by the beginning of March. If your subscription was purchased during February, use the documented instructions to confirm the status. Other articles that previously stated you must manually activate the service are also updated for this change.
- New section specifically for customers with new tenants who must deactivate the Azure Rights Management service if they also have AD RMS. This article is linked to from the Azure portal and the Deployment planning checklist for Office 365.
- Updated the description for Save As, Export (common name) to clarify that this right is required to change or remove an Azure Information Protection label from a protected document or email. If you want to prevent people from changing an applied label, do not grant them this usage right. This article is also updated for a new section, Encrypt-Only for emails, which provides more information about this new option that is starting to roll out for Exchange Online.
- Updated to clarify that there is no timing dependency for when you enable or disable this feature, or when you add or remove super users.
- Updated the section for Exchange Online, with step-by-step instructions how to check if your tenant is already configured to use the new capabilities from Office 365 Message Encryption. This configuration is automatically rolling out to new tenants, so you might not have to do any configuration before you can use BYOK with Exchange Online, and send protected emails to personal email accounts such as Gmail. The migration instructions are also updated for this change.
- Updated for a new section that explains the different admin roles you can use to edit the Azure Information protection policy. The policy instructions are also updated throughout for a minor change to the Azure hub menu.
- Updated to clarify the effect on a parent label when you create the first sublabel. If you want users in the same policy (global or scoped) to select a label that has the same settings as the parent label, create a new sublabel with the same settings.
- Updated for the following:
- New section, Setting different visual markings for Word, Excel, PowerPoint, and Outlook. This new configuration is available only with the latest preview client.
- Updated with a useful link to help you define custom expressions: Perl Regular Expression Syntax from Boost.
- Updated to reflect the recent change of location for the Protection templates, which used to be on the Azure Information Protection - Global policy blade, and is now located on the All - cross policy view blade.
- Updated for the following:
- Previously titled "Installing Windows PowerShell for Azure Rights Management", this article is updated with the new instructions how to install the module from the PowerShell Gallery. Previously, the only way to install the module was by installing the Azure Rights Management Administration Tool from the Microsoft Download Center. This tool will remain on the Download Center for a limited time. Note that the version on the PowerShell Gallery is a minor version later than the version in the tool, but there is no customer-impacting change. The minor change was to support publication on the PowerShell Gallery. The listed minimum version of PowerShell required is now version 3.0.
- Updated for changes in the new preview version, 184.108.40.206.
Updated the prerequisites section for information that the new preview client addresses the problem with the Azure Information Protection bar sometimes displaying outside Office apps.
- New entry: Suppress the initial "Congratulations!" welcome page.
- Updated the list of file types supported for classification only, for the full list of Office file types. In addition, the File sizes supported for protection section is updated with the information that the current preview client no longer has a 20 MB maximum for text-based files.
- New information in the section How to label files non-interactively for Azure Information Protection, which explains how to use the new Token parameter with Set-AIPAuthentication, for a completely non-interactive experience for an account. You will most likely use this parameter when you run the scanner in a production environment because it uses a service account, which might not be allowed to log in interactively.
- Updated step 4 in the procedure with a change of behavior to Save As for the current preview client, which addresses a problem if you try to reprotect the saved file.
- Updated to include the new scenario that might be part of a controlled rollout of Azure Information Protection: "Your organization has a subscription for Azure Information Protection but you do not have any labels configured for you".
PowerShell reference: Azure Information Protection
- This overview page for the PowerShell modules for Azure Information Protection no longer references the RMSProtection module now that this older module is out of support. Support for RMSProtection stopped February 10. Other references to this module are also removed from the documentation and any links automatically redirect to the equivalent cmdlet in the AzureInformationProtection module.
- Updated to identify the latest technical version of the module, 220.127.116.11.
- The output from the example is updated to reflect the latest parameters that are typically returned.
- Updated the description for EnableInLegacyApps to clarify that this parameter has no effect for Outlook on the web that uses Exchange Online rather than Exchange on-premises. For this scenario, departmental templates (and protection settings in scoped policies for Azure Information Protection) are never displayed to users.
- Updated the list of cmdlets on the page to include all the cmdlets for the scanner, which were previously in preview.
- To reflect the latest preview client and the general availability version of the Azure Information Protection scanner, the output of this cmdlet in the example now includes Type. This parameter is set with Set-AIPScannerConfiguration, and determines whether the scanner inspects only new or modified files since the service started, or all files.
- Updated for the new Token parameter, to be used with the new preview client or the Azure Information Protection scanner. This parameter eliminates the initial sign-in prompt for Azure Information Protection.
- New cmdlet that installs with the current preview client or the Azure Information Protection scanner. This cmdlet lets you set configuration settings for each data repository, which includes a default label and whether to override an existing label. In conjunction with this change, these parameters are no longer available in Set-AIPScannerConfiguration and the help for this cmdlet is updated accordingly.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.