This month sees a new preview release of the client, with supporting documentation for the changes. For example, support for GDPR sensitive information types and some important updates for the Azure Information Protection scanner. In addition, the documentation is updated for a small but much-requested change: When you have the latest subscription Office version, Track Changes in protected Word documents no longer requires the Full Control usage right. Note that in this scenario, the Lock Tracking option can be used to prevent people from disabling Track Changes (via password protection).
We listen to your feedback and try to incorporate it whenever possible. Let me know if you have feedback about the technical documentation and I also encourage you to head over to our Yammer site to see what others are discussing.
What's new in the documentation for Azure Information Protection, July 2018
- Added a new section, Classifying and protecting existing documents, which provides an overview of using the Azure Information Protection scanner for on-premises data stores, and provides links to Microsoft Cloud App Security for cloud data stores.
- Updated the description for the Edit Content, Edit (DOCEDIT) usage right with the information that Full Control is no longer needed for Track Changes when you have the latest Office version. You can read confirmation about this change from the Word: Feature updates section in the Office Release notes for version 1807.
- Updated for the new sensitive information types that are becoming available in the Azure portal, to help you identify personal data in documents and emails. To detect these new information types, you must use the preview client.
- Updated throughout to include the changes for the preview version. There's also a new prerequisite added to clarify that to discover and label Office documents, they must be in 97-2003 file formats or Office Open XML file formats.
Support for disconnected computers clarifies that exporting the policy does not support the scenario where a user belongs to more than one scoped policy. The policy versioning table is also updated for the preview client.
Protect PDF files by using the ISO standard for PDF encryption is a new advanced client setting that's supported only by the preview client. When this setting is enabled and the Azure Information Protection client protects a PDF file, this action creates a protected PDF document that doesn't change the file name extension and that adheres to the ISO standard for PDF encryption. The resulting protected PDF file can be opened with the preview version of the Azure Information Protection client for Windows, and other PDF readers that support the ISO standard for PDF encryption.
Support for files protected by Secure Islands is a new customization that requires a registry edit and the preview client. This configuration enables the client to decrypt non-Office files that were protected by Secure Islands. This ability lights up many new scenarios, such as using the Azure Information Protection scanner to inspect these protected files for sensitive information, and using PowerShell scripts to unprotect or reprotect these files by using Azure Information Protection labels.
- Updated to clarify that the Office file formats supported are the 97-2003 file formats and Office Open XML formats. Unless you have the preview client, Strict Open XML isn't supported. Also added the statement that the maximum file size supported to unprotect .pst files is 5 GB, and this information is also added to Unprotect-RMSFile. Information about PDF files is updated throughout this article, to include the difference in behavior when the preview client is configured for the ISO standard for PDF encryption.