The Documentation for Azure Information Protection has been updated on the web and the latest content has a March 2018 (or later) date at the top of the article.
A couple of quiet releases that you might have missed includes DNS redirection to help you more easily migrate from AD RMS, and the new Information Protection admin role lost its preview disclaimer because it was declared GA. We also have a new client customization option to help you migrate from another labeling solution, such as Secure Islands. We've had very positive feedback from customers using all these recent additions.
As the new Encrypt-Only option rolls out to Exchange Online, we've been getting more customer questions about this and the attached Office documents that become automatically protected. As a result, we've added more information to the description of this option, and how to configure a label for the same set of permissions (although you can't restrict the label to just Outlook and you must specify the recipients or domain in advance). We've also been asked to clarify the inherited permissions for an Office document that's attached to a Do Not Forward email.
Questions about subscriptions and licensing were also higher than usual this month. The technical documentation doesn't list specific subscriptions because these are managed by separate teams who are responsible for deciding what gets included or not in the subscriptions. They are also responsible for creating new subscriptions, and retiring older subscriptions. So the technical documentation links to their information, but we heard it wasn't always clear which features were included in a subscription. We passed that information on and you're invited to provide your own feedback with this Yammer post: https://www.yammer.com/askipteam/threads/1048644961. In the meantime, to help you more easily find the subscription information, we've added links to the Applies to: section at the top of each page.
We listen to your feedback and try to incorporate it whenever possible. Let me know if you have feedback about the documentation and I also encourage you to head over to our Yammer site to see what others are discussing.
What's new in the documentation for Azure Information Protection, March 2018
- Updated in line with the new support statement that this subscription is no longer supported for protecting documents and emails. Instead, use it for authentication only if the user's organization does not have an Azure AD tenant.
- Updates for the following sections:
- New section, Client reconfiguration by using DNS redirection. DNS redirection is the new and preferred method for client migration because it is simpler than using registry edits. However, this redirection requires Office 2016 click-to-run desktop apps for Windows computers. To configure this redirection method, you must create a new SRV record, and set an NTFS deny permission for users on the AD RMS publishing endpoint.
- Updated Step 8. Configure IRM integration for Exchange Online to incorporate DNS redirection for Exchange Online, and a warning that at this stage of the migration, all user accounts must be synchronized to Azure AD.
- Updated the user instructions to enable IRM-protection for OneDrive for Business, to match the OneDrive UI design change.
- Updated the sections for Do Not Forward option for emails and Encrypt-Only option for emails, to provide more information about these options and how Office attachments inherit the same permissions. Also updated the descriptions for some of the usage rights to explain how these are used with some real-world scenarios:
- Updated the Signing in the Azure portal section, to remove the preview disclaimer for the new Information Protection role. The status of this role is now generally available and the Azure Active Directory article, Assigning administrator roles in Azure Active Directory, is similarly updated.
- Updated to add the warning not to use the character # for a label name, in addition to the other characters that are automatically blocked in the Azure portal. The full list of characters that you should not use for labels because they cannot be used by all services and applications: < > % & / ? ; + \ : # This information is also added to Add-AadrmTemplate and Set-AadrmTemplateProperty.
- Updated with the clarification that you can configure a label for protection without configuring protection settings. This configuration results in a label that applies "Only for me" protection. In other words, only the person who applies the label can open the document or email with no usage restrictions. In some cases, this might be the required outcome, so that a user can save a file to any location and be assured that only they can open it. However, it's also possible to select this configuration in error, when you really want protection settings that support collaboration.
In addition, the Example configuration section is updated for Example 4: Label for protected email that supports less restrictive permissions than Do Not Forward. More detail is added how to create a label with the same usage rights as those in the new Encrypt-Only option.
- Updated for the new location of protection templates in the Azure portal.
- Updated to remove information about the 220.127.116.11 version now that it's out of support.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.