This post has been republished via RSS; it originally appeared at: Azure Information Protection Blog articles.
The Documentation for Azure Information Protection has been updated on the web and the latest content has a June 2018 (or later) date at the top of the article.
This month sees another GA release of the client, which resolves the final problem of displaying the Azure Information Protection bar outside the latest Office 2016 (Click-to-Run). If you experience this problem, install this latest GA version. We also have an exciting new preview option in the Azure portal, that lets you set protection for any authenticated user. Consider using this option for any of the following scenarios:
- You don't mind who views the content, but you want to restrict how it is used. For example, you do not want the content to be edited, copied, or printed.
You don't need to restrict who accesses the content, but you want to be able to track who opens it and potentially, revoke it.
You have a requirement that the content must be encrypted at rest and in transit, but it doesn't require access controls.
To try out this setting for yourself, see the new example, Example 5: Label that encrypts content but doesn't restrict who can access it and click the link at the beginning of the example for more information about the setting.
We also have a new article that explains how you can use the metadata from Azure Information Protection labels, with two example mail flow rules that apply protection when a label is identified in an email and also in an attachment. In both cases, the examples use the same condition of sending an email outside the organization, but you can obviously apply your own conditions and exceptions as needed. The examples are to get you started as a proof of concept, which you can then build on for your own business requirements.
Hopefully, these documentation updates help you to protect more documents and emails that contain sensitive data. One of the goals in the Azure Information Protection team is that you secure 100% of your sensitive documents and if you're falling short of that goal, let us know why. Your responses to a short survey about document protection, with an opportunity to provide your own comments, can influence the direction of the product:
- Take the survey: Azure Information Protection: Document protection survey
We listen to your feedback and try to incorporate it whenever possible. In addition to taking the survey, let me know if you have feedback about the technical documentation and I also encourage you to head over to our Yammer site to see what others are discussing.
What's new in the documentation for Azure Information Protection, June 2018
- Updated the entry What's the difference between Windows Server FCI and the Azure Information Protection scanner? to clarify the different approaches to protecting all file types: Windows Server FCI protects all file types by default, and the scanner protects just Office file types by default. For both, you can change the default behavior by editing the registry. When you protect files other than Office documents, the file becomes read-only and changes the file name extension.
- Updated for the following:
- Information about the labeling experience that users see when the collaborating organizations both have Azure Information Protection.
- Information about the new protection setting for any authenticated user (currently in preview).
- Updated the prerequisites section to include Virtual Network Service Endpoints for Key Vault, announced in preview this week.
- Updated for the following:
- For Step 8 and Exchange Online configuration: Clarified why the DNS redirection configuration is needed.
- For Step 9 and Exchange configuration for the connector: Revised the wording for the registry edits to clarify that the new entries are in addition to (and do not replace) the entries that were added during the preparation step.
- Updated the Do you need to activate Azure Rights Management? section, for the information that the service is being automatically activated for Office 365 tenants with eligible subscriptions.
- Updated for the following:
- The information in the description for the usage right View, Open, Read (VIEW). Previously, the description said that Edit Content, Edit (EDIT) was need to sort and filter data in Excel. Now updated to say that to sort data in Excel you need Edit Content, Edit (EDIT), but to filter you also need Copy (EXTRACT).
- The Encrypt-Only option for emails section includes information about the recently announced configuration option that an automatically protected Office document is decrypted on download.
- Updated for the information that visual markings that are configured for colors always display as black in Excel.
- New article to help you configure mail flow rules in Exchange Online to use Azure Information Protection labels.
- Updated the prerequisites section for the following:
- New entry for sufficient disk space to create temporary files for each file that the scanner inspects, four files per core. The recommended disk space of 10 GB allows for 4 core processors scanning 16 files that each have a file size of 625 MB.
- Reminder that the service account for the scanner must be included in any onboarding controls that you've configured.
- New section for alternative configurations if you have to install the scanner in production environments that do not allow servers to have Internet connectivity, or servers have Internet connectivity but service accounts cannot be synchronized to Azure Active Directory. It also covers restrictions for using Sysadmin rights, and service accounts that are not allowed to have the Log on locally right.
- Updated for the 126.96.36.199 GA release.
- Updated the Upgrading and maintaining the Azure Information Protection client section for corrections that the client is always automatically upgraded if you are using Windows Update .
- Updated for the following entries:
- Label an Office document by using an existing custom property now includes an example of configuring a sublabel.
- Integration with Exchange message classification for a mobile device labeling solution now clarifies that this solution is for users within your organization only.
- Updated to clarify that the Azure AD global administrator for your tenant is required for the Admin mode and that other administrator roles do not support this mode for the document tracking site.
- Updated to remove the file name extensions of .xla and .xlam from the list of file types that support classification only.
- Updated with a tip to use a new group policy setting if you use the cmdlets with path lengths greater than 260 characters. We've had a few customers run into this limitation recently and were unblocked by using this solution.