What’s New in Information Protection?

Throughout the last several months there have been many new features, updates, and happenings in the world of Information Protection at Microsoft. As we continue to build out more of this story, we wanted to use this opportunity to connect with customers, partners, and more on some of these updates to keep you informed and provide a single pane of glass on everything we have been working on for the last several months. In addition, we hope to give you some insight into the next big things being built within MIP overall.  

Microsoft Information Protection: 

General Availability: Mandatory Labeling  

• Office apps (Word, Excel, PowerPoint, Outlook) will now respect the Admin policy setting to require users to apply a label to documents and emails on Windows, Mac, iOS, and Android (for the Office 365 subscription version of the apps). 
• Read more about the feature at Manage sensitivity labels in Office apps - Microsoft 365 Compliance | Microsoft Docs 

General Availability: Improvements for Exchange Online service side auto-labeling 

• Automatic classification with sensitivity labels emails in transit in Exchange Online 
• Improved capabilities on top of existing service-based auto-labeling include: 
  • Additional predicates with Exchange Online auto-labeling  
  • Encrypt only and Do Not Forward support
  • Context-based detections
• Read more about the feature at: Automatically apply a sensitivity label to content in Microsoft 365 - Microsoft 365 Compliance | Microsoft Docs 

Public Preview: Co-authoring

• Co-authoring and AutoSave on Microsoft Information Protection-encrypted documents 
• Client-based automatic and recommended labeling on Mac 
• Mandatory labeling requiring users to apply a label to their email and documents 
• Availability of audit label activities in Activity Explorer 
• Native support for variables and per-app content marking 
• You can leverage co-authoring using: 
  • Production or test tenant 
  • Microsoft 365 apps with the following versions: 
    • Windows – Current Channel 16.0.14026.20270+ (2105) 
    • Mac: 16.50.21061301+  
• If AIP Unified Labeling Client Version is in use, verify that in addition to the updated Microsoft 365 app, you use version 2.10.46.0 of the Unified Labeling client. 
• PLEASE NOTE: That Co-authoring for Native/Built-In Labeling will be added in the upcoming Current Channel within 2 weeks 

Read more about the feature at Enable co-authoring for documents encrypted by sensitivity labels in Microsoft 365 - Microsoft 365 Compliance | Microsoft Docs 

Public Preview: AIP Audit Logs in Activity Explorer 

• Azure Information Protection client audit logs are now available in Activity Explorer for existing AIP Analytics customers and this functionality is in public preview.
• Read more about Activity Explorer audit events at: https://docs.microsoft.com/en-us/microsoft-365/compliance/data-classification-activity-explorer?view=o365-worldwide  
• This preview requires registration via: https://aka.ms/Register-AIPActivityExplorerPublicPreview  

General Availability: Dynamic Markings with Variables within native labeling across all platforms 

• Configure sensitivity labels for content markings by using variables in the text string for your header, footer, or watermark 
• Read more about the feature at Manage sensitivity labels in Office apps - Microsoft 365 Compliance | Microsoft Docs 

GA: DLP Alerts 

Microsoft announces the General Availability of the Microsoft Data Loss Prevention Alerts Dashboard. This latest addition in the Microsoft’s data loss prevention solution provides customers with the ability to holistically investigate DLP policy violations across: 

• Exchange 
• SharePoint Online 
• OneDrive 
• Teams 
• Devices 
• Cloud apps 
• On-premises file shares 

Learn more about the feature at: Learn about the data loss prevention Alerts dashboard - Microsoft 365 Compliance | Microsoft Docs 

Azure Information Protection: 

GA: Track and Revoke 

• Document tracking provides information for administrators about when a protected document was accessed.  
• If necessary, both admins and users can revoke document access for protected tracked documents. 
• This feature is available for AIP UL client version 2.9.111.0 or later 

Public Preview: DLP On-Prem 

• The DLP on-premises scanner crawls on-premises data-at-rest in file shares and SharePoint document libraries and folders for sensitive items that, if leaked, would pose a risk to your organization or pose a risk of compliance policy violation  
• This gives you the visibility and control you need to ensure that sensitive items are used and protected properly, and to help prevent risky behavior that might compromise them 
• You need to leverage the Scanner binaries from AIP UL Client Version 2.10.43.0