This month sees another GA release of the client, which resolves the final problem of displaying the Azure Information Protection bar outside the latest Office 2016 (Click-to-Run). If you experience this problem, install this latest GA version. We also have an exciting new preview option in the Azure portal, that lets you set protection for any authenticated user. Consider using this option for any of the following scenarios:
You don't mind who views the content, but you want to restrict how it is used. For example, you do not want the content to be edited, copied, or printed. You don't need to restrict who accesses the content, but you want to be able to track who opens it and potentially, revoke it. You have a requirement that the content must be encrypted at rest and in transit, but it doesn't require access controls.
We also have a new article that explains how you can use the metadata from Azure Information Protection labels, with two example mail flow rules that apply protection when a label is identified in an email and also in an attachment. In both cases, the examples use the same condition of sending an email outside the organization, but you can obviously apply your own conditions and exceptions as needed. The examples are to get you started as a proof of concept, which you can then build on for your own business requirements.
Hopefully, these documentation updates help you to protect more documents and emails that contain sensitive data. One of the goals in the Azure Information Protection team is that you secure 100% of your sensitive documents and if you're falling short of that goal, let us know why. Your responses to a short survey about document protection, with an opportunity to provide your own comments, can influence the direction of the product:
We listen to your feedback and try to incorporate it whenever possible. In addition to taking the survey, let me know if you have feedback about the technical documentation and I also encourage you to head over to our Yammer site to see what others are discussing.
What's new in the documentation for Azure Information Protection, June 2018
- Updated the entry What's the difference between Windows Server FCI and the Azure Information Protection scanner? to clarify the different approaches to protecting all file types: Windows Server FCI protects all file types by default, and the scanner protects just Office file types by default. For both, you can change the default behavior by editing the registry. When you protect files other than Office documents, the file becomes read-only and changes the file name extension.
The information in the description for the usage right View, Open, Read (VIEW). Previously, the description said that Edit Content, Edit (EDIT) was need to sort and filter data in Excel. Now updated to say that to sort data in Excel you need Edit Content, Edit (EDIT), but to filter you also need Copy (EXTRACT).
The Encrypt-Only option for emails section includes information about the recently announced configuration option that an automatically protected Office document is decrypted on download.
New entry for sufficient disk space to create temporary files for each file that the scanner inspects, four files per core. The recommended disk space of 10 GB allows for 4 core processors scanning 16 files that each have a file size of 625 MB.
Reminder that the service account for the scanner must be included in any onboarding controls that you've configured.
New section for alternative configurations if you have to install the scanner in production environments that do not allow servers to have Internet connectivity, or servers have Internet connectivity but service accounts cannot be synchronized to Azure Active Directory. It also covers restrictions for using Sysadmin rights, and service accounts that are not allowed to have the Log on locally right.
- Updated with a tip to use a new group policy setting if you use the cmdlets with path lengths greater than 260 characters. We've had a few customers run into this limitation recently and were unblocked by using this solution.