The Documentation for Azure Information Protection has been updated on the web and the latest content has a November 2018 (or later) date at the top of the article.
The sharp-eyed among you might have noticed that the docs have had something of a refresh this month. We heard at Ignite that customers often didn't know where to start when it came to implementing Azure Information Protection. There are a lot of different ways that you can use this service to classify and protect your documents and emails, and although we offer a deployment roadmap, it was clear talking to people at Ignite that there isn't a single path that suits everybody. For example, some people wanted to start with email, whereas others wanted to focus on documents. Some people wanted to focus on internal sharing first, whereas others only cared about content that went outside their organization. Some people had already implemented other solutions for classifying and protecting their data, which they wanted to complement, rather than replace.
In response, we published our "top scenarios" that you can implement independently of each other - whichever is easiest or offers the most business value to your organization. And to help you get started, we published 4 "quickstarts" (procedures that you can complete on Day 1, in 5-10 minutes) and 2 tutorials (help you learn both the service configuration and the resulting client behavior).
These quickstarts and tutorials reflect the same style and structure that you might be familiar with from other EMS and Azure services, with a similar table of contents to organize the rest of the documentation. No two services are the same, but we hope this similarity in how the documentation is presented and organized can help you find the information you need more easily.
In addition to this doc refresh, this month also sees supporting documentation for the Azure Information Protection client GA release 18.104.22.168, which includes a new version of the scanner. One of the most important changes in this release is support for the new central reporting (analytics) that was announced at Ignite, although the reporting feature itself remains in preview. The reporting feature also has a new "Activity logs" report rolling out, which displays labeling actions from users, and on devices and file paths.
As our docs refresh shows, we listen to your feedback and try to incorporate it whenever possible. Let me know if you have feedback about the technical documentation, and especially about the changes this month for the refresh. I also encourage you to head over to our Yammer site to see what others are discussing.
What's new in the documentation for Azure Information Protection, November 2018
- In the Firewalls and network infrastructure section, removed the reference to informationprotection.hosting.portal.azure.net now that this dependent URL is included in the Office 365 URLs and IP address ranges article.
- New article, with steps to add Azure Information Protection to the Azure portal, confirm the protection service is activated, and view your organization's default policy. These steps were previously in the "Quick start tutorial for Azure Information Protection".
- New article, with steps to install and configure the Azure Information Protection scanner to find what sensitive information you have in files that are stored in on-premises data stores, such as file shares and SharePoint Server. Designed for a test environment so you can skip the configuration for non-interactive authentication, this quickstart can be completed in less than 10 minutes and doesn't require you to configure any labels.
- New article, with steps to configure an existing label to automatically apply the Do Not Forward protection setting for a label that displays only in Outlook.
- New article, with steps to create a new label that only specific users can see by configuring a scoped policy.
- Based on the previously published "Quick start tutorial for Azure Information Protection", this tutorial is now more targeted on the configuration steps to configure a label and policy settings, and to see them in action.
- New article, that takes you through configuring 4 policy settings and showing their combined effects for users. The policy settings chosen help you to establish a baseline classification, and also educate users about label selection so that they will be more likely to apply appropriate labels in the future.
- New article, with conceptual information that was previously in Configuring the Azure Information Protection policy.
- New article that lists the top scenarios for Azure Information Protection, which you can implement independently from each other.
- New entry to explain the Azure Information Protection alerts, currently in preview : I see Azure Information Protection is listed as a security provider for Microsoft Graph Security—how...
- New entry that explains how you can use the labeling metadata with customized formatting in document templates: Can I create a document template that automatically includes the classification?
- Updated Step 6. Configure imported templates: The information used to say that the ANYONE group, if specified in your AD RMS templates, was automatically converted into a hidden group named AllStaff-7184AB3F-CCD1-46F3-8233-3E09E9CF0E66 in Azure AD. This group is the closet equivalent to the ANYONE group, because it includes all users from your tenant. This automatic conversion is not happening and if you want this group mapping for migrated users, you must manually add the group yourself to the imported template.
- Updated the Signing in to the Azure portal section, with a note that if your tenant has been migrated to the unified labeling store, to manage labels from the Azure portal, your account must have permissions to access the Office 365 Security & Compliance Center.
- Updated to remove the limitation that in Excel, visual markings always display as black. This change requires you to use the new GA version of the client. In addition, this article is updated with the information that Word, Excel, and PowerPoint support multiple lines in a header and footer. In Outlook, however, multiple lines are not supported and the text is concatenated into a single line. As an alternative, consider using the configuration to set different visual markings per app.
- Updated the prerequisites section with guidance for database sizing. Also updated to include how to inspect TIFF images by using optical character recognition (OCR). This article is now updated throughout for the new scanner version that comes with the new GA version of the client. For example, you can now start a scan from the portal rather than use PowerShell, and use the portal to see scanning results.
- Updated the prerequisites section, to remove the preview release status of the Azure Information Protection client and the scanner. Note however, that the analystics feature itself remains in preview.
This article is also updated for the new Activity logs report that is rolling out to tenants, which lets you see labeling actions from users, and on devices and file paths.
- Updated for the new GA section: Version 22.214.171.124
The 126.96.36.199 release section is also updated to include multiple line support as a new feature in headers and footers for Word, Excel, and PowerPoint. Note that according to the support policy, this version is out of support at the end of this month.
- Updated the prerequisites section for a new entry that lists screen resolutions greater than 800x600 for the Classify and protect - Azure Information Protection dialog box.
- Updated for the following:
- Updated for the new client behavior that no longer exclude .msg, .rar, and .zip file name extensions for File Explorer (right-click) and PowerShell commands.
- Updated the Path parameter description to clarify that you must specify a path and a file name for the log.
- Updated the description to clarify that you must have sufficient usage rights (Export or Full Control) or be a super user for your organization to unprotect files.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.