Skip to content

Enterprise Mobility + Security


Hi everybody

Our technical writer, Carol Bailey, is letting you know what’s new and hot in the docs for August.

Reminders: Follow us on Twitter (@DanPlastina) and join in our peer community at www.yammer.com/AskIPTeam.

   Dan (on behalf of the Information Protection team)


The Documentation for Azure Information Protection has been updated on the web and the latest content has an August 2017 (or later) date at the top of the article.

Updates this month support the recent service updates, and information about the current preview version of the Azure Information Protection client. With the changes to activation, the default policy and default templates, and setting permissions for protection, the Quick start tutorial has been updated to reflect these changes. Let us know how you get on with the updated instructions! We always listen to your feedback, which is why the documentation updates also include corrections and clarifications for existing features.

We value customer feedback and try to incorporate it whenever possible.  If you have feedback about the documentation, you can contact us by emailing AskIPTeam@Microsoft.com.

What’s new in the documentation for Azure Information Protection, August 2017

Documentation articles that have significant technical changes since the last update (July 2017):

Quick start tutorial for Azure Information Protection

– This tutorial has been updated to use the Azure portal for activation, and creates a new sub-label that you configure for permissions. Previous versions of the tutorial edited an existing sub-label and linked one of the default templates to configure the protection settings.

How does Azure RMS work? Under the hood

– Updated the cryptographic controls section, to clarify that Azure Information Protection supports key lengths of 1024 bits and 2048 bits.

Migrating from AD RMS to Azure Information Protection
– Updated guidance if you are currently running in cryptographic mode 1. The final step is also updated for rekeying if you have a Microsoft-managed key.

Activating Azure Rights Management

– Updated to remove the instructions for activating by using the Azure classic portal now that the option to do this in the Azure portal is no longer in preview.

The default Azure Information Protection policy

– Updated the current default policy with the information that starting August 30, label names and descriptions now include translated versions. For the Recipients Only sub-labels, the previous Do Not Forward protection option is automatically replaced with the user defined permissions for Do Not Forward in Outlook.

How to configure a label for Rights Management protection

– Updated for the new (preview) option for user defined permissions, and the Edit Template button.

Hold your own key (HYOK) requirements and restrictions for AD RMS protection

– Updated the additional limitations section to clarify the Do Not Forward entry, and added a new limitation for user defined permissions when this new preview option is configured for Word, Excel, PowerPoint, and File Explorer.

How to configure a label for visual markings for Azure Information Protection
– Updated to clarify when visual markers get applied for the current GA version of the client, and the current preview client. Also updated with the information that visual markers support one language only, and that the current preview client supports multiple lines of text for visual markers.

How to configure conditions for automatic and recommended classification for Azure Information Protection

– Updated for the new preview options for information types and regular expressions.

Configuring and managing templates for Azure Information Protection

– Updated with the information that you can now edit the default templates, and information about when you can select the new Edit Template button.

Configure labels and templates for different languages in Azure Information Protection

– Updated to include templates.

Installing and configuring the Azure Rights Management connector

– Updated to include information about the installation log.

Microsoft-managed: Tenant key lifecycle operations
– Updated the rekey section to replace the previous instructions now that you can use PowerShell to rekey your tenant key and no longer have to contact Support for this key management operation.

Azure Information Protection client administrator guide
– Updated the .msi prerequisites for Office 2013 and added a new prerequisite for Office 2016. Also added a link to the client languages that Office supports.

Classify and protect a file or email by using Azure Information Protection

– Updated the instructions for setting custom permissions when you use the current preview client and browse for users and groups. This option uses the Select Users or Groups dialog box for your on-premises Active Directory. To use this option, your computer must be connected to the internal network, your computer must be joined to the domain, and you must have an on-premises Active Directory.

Unprotect-RMSFile

– This cmdlet from the AzureInformationProtection module (and the equivalent from the RMSProtection module) is updated to correct the information about the -LogFile parameter.