Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
What’s New in Information Protection?
Published Jun 25 2021 12:27 PM 10.2K Views
Microsoft

Throughout the last several months there have been many new features, updates, and happenings in the world of Information Protection at Microsoft. As we continue to build out more of this story, we wanted to use this opportunity to connect with customers, partners, and more on some of these updates to keep you informed and provide a single pane of glass on everything we have been working on for the last several months. In addition, we hope to give you some insight into the next big things being built within MIP overall.  

 

Microsoft Information Protection: 

 

General Availability: Mandatory Labeling  

 

Arvind_Chandaka_0-1624560766587.png

 

 

 

General Availability: Improvements for Exchange Online service side auto-labeling 

Arvind_Chandaka_1-1624560766589.png

 

 

 

Public Preview: Co-authoring

  • Co-authoring and AutoSave on Microsoft Information Protection-encrypted documents 
  • Client-based automatic and recommended labeling on Mac 
  • Mandatory labeling requiring users to apply a label to their email and documents 
  • Availability of audit label activities in Activity Explorer 
  • Native support for variables and per-app content marking 
  • You can leverage co-authoring using: 
    • Production or test tenant 
    • Microsoft 365 apps with the following versions: 
      • Windows – Current Channel 16.0.14026.20270+ (2105) 
      • Mac: 16.50.21061301+  
  • If AIP Unified Labeling Client Version is in use, verify that in addition to the updated Microsoft 365 app, you use version 2.10.46.0 of the Unified Labeling client. 
  • PLEASE NOTE: That Co-authoring for Native/Built-In Labeling will be added in the upcoming Current Channel within 2 weeks 

Read more about the feature at Enable co-authoring for documents encrypted by sensitivity labels in Microsoft 365 - Microsoft 365 C... 

 

Arvind_Chandaka_2-1624560766572.gif

 

 

 

Public Preview: AIP Audit Logs in Activity Explorer 

Arvind_Chandaka_3-1624560766594.png

 

 

 

General Availability: Dynamic Markings with Variables within native labeling across all platforms 

 

Arvind_Chandaka_4-1624560766591.png

 

 

GA: DLP Alerts 

Microsoft announces the General Availability of the Microsoft Data Loss Prevention Alerts Dashboard. This latest addition in the Microsoft’s data loss prevention solution provides customers with the ability to holistically investigate DLP policy violations across: 

  • Exchange 
  • SharePoint Online 
  • OneDrive 
  • Teams 
  • Devices 
  • Cloud apps 
  • On-premises file shares 

Learn more about the feature at: Learn about the data loss prevention Alerts dashboard - Microsoft 365 Compliance | Microsoft Docs 

Arvind_Chandaka_7-1624560766593.png

 

 

Azure Information Protection: 

GA: Track and Revoke 

  • Document tracking provides information for administrators about when a protected document was accessed.  
  • If necessary, both admins and users can revoke document access for protected tracked documents. 
  • This feature is available for AIP UL clientversion 2.9.111.0or later 

Arvind_Chandaka_8-1624560766582.png

 

 

Public Preview: DLP On-Prem 

  • The DLP on-premises scanner crawls on-premises data-at-rest in file shares and SharePoint document libraries and folders for sensitive items that, if leaked, would pose a risk to your organization or pose a risk of compliance policy violation  
  • This gives you the visibility and control you need to ensure that sensitive items are used and protected properly, and to help prevent risky behavior that might compromise them 
  • You need to leverage the Scanner binaries from AIP UL Client Version 2.10.43.0 

Arvind_Chandaka_9-1624560766597.png

 

 

11 Comments
Copper Contributor

Super article , thank you.

Iron Contributor

Hi @Arvind_Chandaka just checking, but track and revoke is only available via the AIP Client? is that correct?
And from what I can see it's only available via Powershell?

 

Regards,

Dave C

Bronze Contributor

Hello @Arvind_Chandaka 

 

Thanks for the nice recap

 

Just a question when the auditlog for AIPSuperUSer activation and group add will be available for Sentinel/MCAS or simply in AAD audit logs?

 

Thanks

Microsoft

@David Caddick that is correct. End user revocation is only available for the AIP UL client. Admins can track and revoke documents that was protected by the AIP UL client  using PowerShell cmdlts.

FYI - For end-users that have the AIP Unified Client, they can revoke shared docs via their Office Apps/UI (i.e. 'not only PowerShell'): Revoke document access - Azure Information Protection | Microsoft Docs

Copper Contributor

Encrypt document with Office Web/Office 365 Built-In client, is that possible? I have asked MS Support and I havn´t got any real good answers about it. (Running mixed environment Windows, MacOS, Linux).

 

Microsoft

@Magnus Tengmo - Yes, encryption is available to all MIP native labeling experiences which includes Office on the Web and the Office desktop native labeling. 

Copper Contributor

Great Article. Thank you

Copper Contributor

Thanks for the updates on MIP. I se quite many improvements over the past some months.

We are using AIP as an "sensitivity marking tool", mean currently we do not use content protection. As a part of our cloud initiative we currently migrate our 5500 users (Insurance & Pensions) to MS Teams and therefore EXO & SPO. To comply, mean to store data in the cloud, we have to encrypt information marked with our highest sensitivity label (documents, e-mails). We use just four sensitivity labels, "strictly confidential" labels (the highest one) count for a low one digit percentage over all. This in mind we do face following significant limitations:

 

Incomplete decryption capability in eDiscovery on e-mail messages

AFAIK messages with custom protection configuration cannot be decrypted by advanced eDiscovery (core cannot do that as well). Furthermore this is the only known configuration where users can send protected email to any email-address.

 

Incomplete labelling & protection capability cross-platform

Lately labels were made available on mobile & web client. However,

  • web & mobile cannot handle protected content.
  • enforcement of labelling is working in web, but not on mobile
  • protected content is not working in web & not working on mobile

Using this MIP behaving, we create content ourselves that does not ensure labelling nor protection in a cross platform setup - users cannot work in a compliant way, this is not satisfactory. 

 

If you could provide any hint how to mitigate above points or information on plans on your roadmap, this would be really helpful.

 

Thanks for your time & assistance.

Max

 

Brass Contributor

Hey @Arvind_Chandaka, thanks for posting that.

Following up on the variables being able to be used in Watermarks.  Wouldn't it make more sense to have available the username of the person viewing the content and the time they were viewing it?  Watermarking is generally used to identify who and when content was leaked.  Having the name and time a person labelled it, doesn't really help.

Thanks

 

Brass Contributor

Hi @Arvind_Chandaka Thanks for this post.

 

We have deployed the AIP UL client to all our users and it works great. However, since upgrading to Windows 11 I seem to have lost the "classify and protect" option in file explorer.  (Client version:  2.11.58.0)

ChristoDeLange_1-1631109978487.png

 

I did see there is a new client (2.12.62.0) - however I am struggling to install this at the moment as I am receiving an error during install. 

 

Point here is: Has anyone else had the same experience on Windows 11 with the AIP/UL client? And does Microsoft know about it? 

 

I don't see any information about fixes/added compatibility for Windows 11 for the latest client in the documentation either - In fact in the "applies to" section it mentions only: (No mention of Windows 11)

 

ChristoDeLange_2-1631110145586.png

Link to latest client fixes:

https://docs.microsoft.com/en-us/azure/information-protection/rms-client/unifiedlabelingclient-versi...

 

Looking forward to get some feedback

 

Thanks in advance

Regards

Christo 

 

Version history
Last update:
‎Nov 02 2021 08:13 AM
Updated by: