Skip to content

Enterprise Mobility + Security


Please note, as of August 11, 2017 this feature has been moved from public preview to generally available.

Hi everyone, and welcome to an important post for those of you who have been using the document tracking and revocation feature. We received feedback from some of you around privacy and compliance when using this feature and we’ve tried to address that with this release.

We are excited to release in preview the new ‘Do not track’ feature which gives organizations flexibility to configure a group of users within their company who should not be tracked because of privacy or compliance reasons.

You can now configure ‘Do not track’ for users by adding them to a mail enabled group email address from Azure AD (can be a cloud native or sync group). Once configured, you will no longer be able to track activities of users of this group. Admins can configure the feature for specific groups by running new PowerShell commands added to the admin tool.

Let’s take a deeper look

In your organization due to privacy and/or compliance reasons if you have users who should not have document tracking activities tracked, add them to a group that is stored in Azure AD, and specify this group with the Set-AadrmDoNotTrackUserGroup cmdlet.

image

For the members of this group, activities related to documents that others have shared with them is not logged to the document tracking site. In addition, no email notifications are sent to the user who protected and shared the documents.

As you can see in example below, Bob is member of the ‘AIPDonotTrack’ group.

image

We have a document shared with both Bob and Tim:

image

Bob and Tim both viewed the document but we can only see Tim’s document tracking activities, because Bob is in the AIPDonotTrack group.

image

A few questions you may have

I have added users to the ‘Do not track’ group and yet I see their previous document tracking activity in the portal. Why?
This is expected behavior. You will see the users previous (prior to them getting added to ‘Do not track’ group) document tracking activities in the portal in ‘Timeline’, ‘Map’ pages. The ‘List’ page on the other hand shows only most recent activity per user – so that will not contain the ‘Do not track’ user’s activity.

Will admins still be able to track ‘Do not track’ user’s document tracking activities?
Yes, they can view document tracking activities of ‘Do not track’ users.

Can ‘Do not track’ users still track and revoke their protected documents?
Absolutely. When you use this configuration in your company, all users including the ‘Do not track’ user group can still use the document tracking site and revoke access to documents that they have protected.

We know this can be a lot to absorb, and we are here to help! Engage with us on Yammer, Twitter or send us an e-mail to askipteam@microsoft.com.

It really is very easy to get started with AIP. We have a lot of information available to help you, from great documentation to engaging with us via Yammer and e-mail. What are you waiting for? Get to it!

Thank you,

Dan Plastina on behalf of our enthusiastic Azure IP team.
Twitter: @DanPlastina
Useful links: aka.ms/DanPlastina (PDF)