Did you know the Azure Information Protection (AIP) client can now be used for co-authoring files with sensitivity labels? We cover this optional feature in this blog post, providing an overview of its advantages, prerequisites, and limitations. This allows organizations to make a conscious decision on whether to enable co-authoring for files with sensitivity labels.
Advantages of enabling Co-Authoring for files with sensitivity labels
This feature has mainly the following two advantages:
When saving new protected documents in OneDrive for Business, the documents can be immediately opened in Office Online. (When the feature is not enabled, it may take ten minutes or longer until the document is available in Office Online.)
Users with compatible rich clients are able to work simultaneously on a protected document stored in OneDrive or SharePoint Online.
Check this before enabling Co-Authoring on the tenant
(Information in this section was last checked in November 2021, see our documentation for updates.)
Please observe that the Office version requirements and other limitations listed here apply to all clients that handle labeled content – not only clients that will actually co-author protected documents.
Make sure that all Windows clients have a compatible version of Microsoft Apps for Enterprise installed. Both for Current Channel and for Monthly Enterprise Channel, version 2107 or higher is required. The feature is not yet available in the Semi-Annual Channel. If you’re using AIP client, make sure the AIP unified labeling client version 12.62 or higher is installed.
All Mac users require Microsoft Apps for Enterprise version 16.51 or higher.
Office Mobile must not be used to handle any documents with sensitivity labels. [Compatible versions are expected to enter preview in January 2022.]
The Double Key Encryption [DKE] feature must not be used/tested in the same tenant, nor can using DKE be planned. [An Office version compatible with both Co-Authoring and DKE is not expected before the second half of 2022.]
Make sure any custom services based on the MIP SDK are compatible with co-authoring, i.e. they are based on MIP SDK 1.7 or later.
Please observe that the metadata location for label information changes after enabling co-authoring on the tenant – you will no longer find the label information in Office custom properties. More details on the changed location for storing label information can be found in our documentation.
As described here, documents cannot be co-authored if they’re either protected with user-defined permissions or if they have User access to content expires set to a value other than Never.
There are also limitations related to the AIP feature removing external content marking in apps and Office 97-2003 format support (.doc, .ppt, and .xls) per our documentation.
Enable the feature on the tenant
Before enabling Co-Authoring, keep in mind that this feature cannot be disabled easily. A support case would be required for disabling Co-Authoring, which will take several days, and during this process you need to prove that you’re a global admin.
We suggest you double-check the prerequisites and limitations described in this blog post and the referenced documentation before enabling the feature since it can be disrupted if enabled without proper evaluation.
To enable the feature, perform the following steps:
Sign in to the Microsoft 365 compliance center as a global admin for your tenant.
From the navigation pane, select Settings > Co-authoring for files with sensitivity files.
Then select Turn on co-authoring for files with sensitivity labels, and Apply:
Due to a delay in replication, it’s suggested to wait 24 hours before using the Co-Authoring features in applications.
Disabling Co-Authoring requires you to raise a ticket with Microsoft support.
This request might take several days and you will need to prove that you are a global administrator for your tenant. Also expect the usual support charges to apply.