The Documentation for Azure Information Protection has been updated on the web and the latest content has a January 2019 (or later) date at the top of the article.
Most of the documentation updates this month have been to support the new preview of the client (released Jan 15), which brings an exciting update to configure the scanner in the Azure portal rather than using PowerShell. For more information about this change, see the following blog post: Azure Information Protection scanner gets new central management, and many new other features! If you were previously using the scanner, be sure to carefully read the upgrade instructions before you install the latest preview client.
Support statements are also updated throughout for Office 2019 - for the Azure Information Protection client (applies also to the Azure Information Protection unified labeling client), and to the RMS client if you are protecting documents and emails directly with the Azure Rights Management service, rather than using labels. References to out-of-support products, Windows Phone 8.1 and Windows RT are also removed. Remember that January 31 is end of support for the Rights Management sharing application for Windows, so expect this documentation to also be removed soon and the download page removed from the Microsoft Download Center.
We listen to your feedback and try to incorporate it whenever possible. Let me know if you have feedback about the technical documentation for Azure Information Protection. I also encourage you to head over to our Yammer site to see what others are discussing.
What's new in the documentation for Azure Information Protection, January 2019
Requirements for Azure Information Protection
- Updated the Applications section to clarify that the Office 365 apps that are not ProPlus and can support protection come with Office 365 Business and Microsoft 365 Business subscriptions. The Office team has recently posted information that some customers have been experiencing problems applying protection with these Office 365 apps, but are working on a fix. If you think this might apply to you, see Some Office 365 Business users unable to apply IRM protection.
Frequently asked questions for Azure Information Protection
- Updated the entry I see Azure Information Protection is listed as an available cloud app for conditional access—how do... to add the following new bullet in the additional information list:
How to configure conditions for automatic and recommended classification for Azure Information Prote...
- Updated the Sensitive information types that require a minimum version of the client section, for new information types that are supported by the preview client, and information types that are no longer supported by the preview client (and removed from the Azure portal).
Deploying the Azure Information Protection scanner to automatically classify and protect files
- Updated for the following:
- The prerequisites section now lists 8 GB of RAM rather than 4 GB of ram for the Windows Server computer that runs the scanner.
- The section How files are scanned is revised to logically walk through the different process steps that the scanner takes, and details about inspecting file types other than Office documents and PDFs is now moved to a new section in the admin guide, File types supported for inspection.
- A new tip that might explain why scanning doesn't complete, typically for a data repository in production that has a large number of files on SharePoint that has been hardened by an admin. This scenario produces a very distinctive error message in the logs to help you identify the root cause.
Deploying the preview version of the Azure Information Protection scanner to automatically classify ...
- New article, specifically to accommodate the changes for the new preview version of the client (and scanner). Changes include the ability to have multiple configuration databases on the same SQL Server instance and configuration from the Azure portal before you install (or upgrade) the scanner. The List of cmdlets for the scanner section lists the reduced number of cmdlets that are supported for the scanner, now that configuration for data repositories and file types is moved to the Azure portal.
Logging and analyzing usage of the Azure Rights Management service
- Updated the description for the Certify request type in the How to interpret your Azure Rights Management usage logs section, for the following wording: "The client is certifying the user for the consumption and creation of protected content."
Azure Information Protection client: Version release history and support policy
- Added the new section for the latest preview version of the client.
Azure Information Protection client administrator guide
- Updated the Upgrading the Azure Information Protection scanner section, for recommended upgrade instructions for the preview version. Customers who don't follow this recommended path often have problems with a scanner profile mismatch, which means that their scanner can't download the scanner settings configured in the Azure portal.
There also a new section, Moving the scanner configuration database to a different SQL Server instance, which is specific to the new preview version.
Admin Guide: Configuring and using document tracking for Azure Information Protection
- New section, Using PowerShell to register labeled documents with the document tracking site, which explains how you can use the new EnableTracking parameter from the preview client, as an addition method to register a protected document with the document tracking site.
Admin Guide: File types supported by the Azure Information Protection client
- Updated the Limitations for container files, such as .zip files section, with the information that PDF files that contain attachments are another example of container files and that the Azure Information Protection viewer cannot open these attachments.
The Changing the default protection level of files section is also updated with the information that if you have 64-bit Windows, you must also update the registry path for 32-bit Windows. Some components of the client always operate in 32-bit mode. After making the registry edits, for PowerShell, you must start a new session.
Admin Guide: Custom configurations for the Azure Information Protection client
- Added a new advanced client setting to change the local logging level. You might need to do this if you've been instructed by Microsoft Support to help investigate a problem, or because you want to turn off local logging to help conserve disk space, or prevent personal data from being saved locally. For this last scenario, the section Usage logs for the Azure Information Protection client and RMS client is also updated in Manage personal data for Azure Information Protection.
- Updates for the preview version, include:
- Set-AIPFileLabel has a new parameter, EnableTracking, which lets you register a protected document with the document tracking portal.
- Import-AIPScannerConfiguration is a new cmdlet for the scanner, for servers that cannot have Internet connectivity to download settings from Azure.
- Cmdlets that configure data repositories and file types for the scanner have a deprecation note in the description.