Azure Information Protection - How to identify and reassign ownership to files when staff leave?
Hi there - just implementing Azure information protection for the first time and I'm trying to find out the best way to deal with the scenario where a users leaves a company and the business/IT administrator wants to be able to find all the files that user had protected using AIP labels and that the ex employee was the sole owner of and then wishes to reassign the ownership of those files (either automatically or manually) to another user in the company. I know the super user can be created who can take ownership of an AIP protected file however the problem is (i) how do you identify all the files a particular person was the sole owner of across both an on premise file server (where scanner has been deployed) and SharePoint? (ii) how do then use the output from (i) and reassign ownership to all the relevant files. Thanks GerryAzure Information Protection - How to identify and reassign ownership to files when staff leave?
Hi there - just implementing Azure information protection for the first time and I'm trying to find out the best way to deal with the scenario where a users leaves a company and the business/IT administrator wants to be able to find all the files that user had protected using AIP labels and that the ex employee was the sole owner of and then wishes to reassign the ownership of those files (either automatically or manually) to another user in the company. I know the super user can be created who can take ownership of an AIP protected file however the problem is (i) how do you identify all the files a particular person was the sole owner of across both an on premise file server (where scanner has been deployed) and SharePoint? (ii) how do then use the output from (i) and reassign ownership to all the relevant files. Thanks GerryAIP - Am I missing something with "Recipient Only" label used with "View only" AIP permissions?
Am I missing something here or how do you handle this? I am implementing AIP for the first time. I have a "Specific Recipients" sub label under "Highly Confidential" that allows the user to define custom permissions for users. From my testing it looks like a user cannot assign an external user “view only” permissions on a document (via their PC) as when they share a link to that file with that user via SharePoint/OneDrive – the user won’t be able to read it in Office on the web as it won’t support this type of “specific permission” defined method for this external user and the external user can’t download it either and read it locally as they only have view only permissions which restricts download. Resulting in the user not being able to access or read the file. How do you give an external user "view only" permissions via a label that is set to allow "custom permission" (in a way that results in them being able to view the file either via office on the web or locally through their desktop office application)?
AIP justification before changing label question
Hi, The Azure Information Protection Policy has an option for "Users to provide a justification before removing a label or replacing it with a one that has a lower-order number". However, is there a built-in workflow that can send this request to the data owner for approval? Or is there an add-on to achieve this objective? Or is it currently just not possible? Thank you, SK
Azure Information Protection labels being overrided
I recently implemented the Azure Information Protection P1 in my tennant. When I label a document as "Confidential - All Employees" it becomes available to all employees. If I share the document by rightclicking the document and using the "Azure information Protection" Client - and then I classify the Document as "Confidential - All Employees" - and check the "Protect with custom permissions" and choose an email from outside my organisation, it will then override that label and not allow Employees to open the document. Is this intended? Does the "Custom Permissions" override these labels on purpose, or is this a mistake on my part? Thanks in advanced.