Forum Discussion
SharePoint Online with Azure RMS
Ignite is around the corner, I'm sure we will hear more information about the AIP/SPO integration there. If you can wait a few weeks that is.
In the meantime, nothing is stopping you from storing individually-protected files in SPO or anywhere else, and taking advantage of tracking/revoking. You will however loose the ability to "reason over data", as your applications will not be able to access those documents as well.
Hi,
sorry to sound like a total noob, what do you mean "reason over data"?
Agreed, Ignite could provide a better solution, but I need to have some options in place for the meantime.
Rather than protecting each file individually (as there are 200+ files), would it be a suitable solution to setup an FCI server and apply the RMS template via classification.... and then upload them to SPO?
To classify a large amount of files, you could write a script, for which you will require https://docs.microsoft.com/en-us/information-protection/deploy-use/install-powershell. In a computer where you have AIP client installed and configured, the PowerShell commands are automatically available for you to carry out automation using custom scripts. For example, you can use cmdlet (ref this https://docs.microsoft.com/en-us/powershell/module/azureinformationprotection/set-aipfileclassification?view=azureipps)
Set-AIPFileClassification
To automatically set an Azure Information Protection label on one or more file(s), according to conditions that are configured in the policy.
One thing to keep in mind, is that Microsoft's approach to Azure IP, is based on the premise that the person working on file understands the content and is therefore able to make the best judgement about the label that should be assigned. The approach also presume that the IT organization is best suited to determine what type of protection should be assigned to the various labels. By splitting the responsiblities like this, organization get much more control than they get with the all or nothing approach provide by IRM in SP.
It's a term, basically means "allowing the applications to work with the data". Which is not possible if you encrypt the files outside of SharePoint and upload them to a library.
sureley this would be feasible as I would want users to download the protcted files and use the desktop applications (rather than Word Online, for example). I doubt they would be using the search features or indexing in SharePoint Online.
As long as you are fine with SPO not being able to index the file and loosing some funcitonality (search, DLP processing, etc), yes, it's feasible.
