Skip to content

Enterprise Mobility + Security


Hi everybody

Our technical writer, Carol Bailey, is letting you know what’s new and hot in the docs for September.

Reminders: Follow us on Twitter (Microsoft Mobility @MSFTMobility) and join in our peer community at www.yammer.com/AskIPTeam.

Gagan (on behalf of the Information Protection team)


The  Documentation for Azure Information Protection has been updated on the web and the latest content has a September 2017 (or later) date at the top of the article.

The doc updates this month support recent releases, such as the much-awaited GA version of the Azure Information Protection client, as well as releases that were announced at the Ignite conference this week. Missed the announcements? Check out What’s new in Azure Information Protection @ Ignite 2017.

We value customer feedback and try to incorporate it whenever possible.  If you have feedback about the documentation, you can contact us by emailing AskIPTeam@Microsoft.com.

What’s new in the documentation for Azure Information Protection, September 2017

What is Azure Information Protection?

  • Updated the Resources section with a link to find the Microsoft Ignite 2017 sessions as they become available, and a link the blog that has a summary of announcements for Ignite.

RMS for individuals and Azure Information Protection

  • Updated to clarify the RMS for individuals subscription vs. sending a protected email with Office attachments when you use Office 365 Message Encryption with new capabilities.

How Office applications and services support Azure Rights Management

  • Updated the Exchange Online section for information about the updated Office 365 Message Encryption. The SharePoint section is also updated to clarify that co-authoring is not supported with IRM-protected libraries, and that data loss prevention (DLP) is not supported on libraires that are not IRM-protected but the document is protected before uploading to SharePoint.

Comparing Azure Information Protection and AD RMS

  • Updated the comparison table with a new entry for send a protected email (with Office document attachments that are automatically protected) to users when no trust relationship exists by using federation with social providers or a one-time passcode and web browser for viewing. This feature is not available with AD RMS.

Client devices that support Azure Rights Management data protection

  • Updated the minimum supported version for iPhone and iPad to iOS 8.0.

Applications that support Azure Rights Management data protection

  • Updated the supported application table to include the new scenarios for Office 365 Message Encryption with new capabilities. The table has also been redesigned for fewer footnotes. New limitation for Office 2010 that does not support overriding template protection with custom permissions that a user selects with the Azure Information Protection client,

FAQs about data protection in Azure Information Protection

Information and support for Azure Information Protection

  • Updated the “To do this …” table with the current top 5 documentation pages, a link to the User Voice site, and an update for our Twitter feedback to receive notifications.

Quick start tutorial for Azure Information Protection

  • Updated the wording and screenshots to match the latest UI updates for the service and client.

Planning and implementing your Azure Information Protection tenant key

  • Updated to remove the previous restriction of using BYOK with Exchange Online, and expanded the number of key options that you can now use for BYOK. This article also has a new section to help you choose your key vault location.

Preparing users and groups for Azure Information Protection

  • Updated for federated social identities and one-time passcode when you use the new Office 365 Message Encryption capabilities.

How to activate Azure Rights Management from the Azure portal

  • Updated for the new UI in the Azure portal that refers to Azure RMS as “protection”.

Office 365: Configuration for clients and online services to use the Azure Rights Management service

Configuring the Azure Information Protection policy

  • Updated the Subscription support section with guidance for admins who have a mix of licenses for their users. Also clarified that there is no technical limit to the number of labels that you can create, unless they include protection. A label that includes protection settings creates a template, and there is a maximum limit of 500 templates.

How to delete or reorder a label for Azure Information Protection

  • Updated to clarify the behavior if you delete a label that includes protection.

How to configure a label for Rights Management protection

  • Updated for the latest UI changes that include renamed options (such as changing “Azure RMS” to “Azure (cloud key)”.

Hold your own key (HYOK) requirements and restrictions for AD RMS protection

  • Updated the Additional limitations section for the latest GA version and preview version of the Azure Information Protection client.

How to configure a label for visual markings for Azure Information Protection

  • Updated for the new preview option that lets you customize the font. Also added a new section to help you set the customized font color.

How to configure conditions for automatic and recommended classification for Azure Information Protection

  • Updated to remove the information about the previous built-in conditions now that the GA version of the client supports the Office DLP sensitive information types. Also clarified that the information types you can select exclude any custom sensitive information types that you have defined and uploaded as a rule package to the Office 365 Security & Compliance Center.

Refreshing templates for users and services

  • Updated to remove the manual instructions for Exchange Online that are no longer necessary when you use the new Office 365 Message Encryption capabilities.

Tasks that you used to do with the Azure classic portal

  • New article for those of you who are used to creating and managing custom templates in the Azure classic portal. In case you haven’t heard, the old Azure portal is being retired November 30. After this date, you must manage any templates that you have in the new Azure portal. This article helps you with this transition, so that you can continue to manage your Azure Rights Management templates.

Deploying the Azure Rights Management connector

  • Updated the prerequisites information to explain how the connector can support multiple AD forests.

Logging and analyzing usage of the Azure Rights Management service

  • Updated the introduction with a summary of all logging options for Azure Information Protection.

Azure Information Protection client: Version release history

Azure Information Protection client administrator guide

  • Updated throughout to remove the old preview information now that the client released as GA.

Custom configurations for the Azure Information Protection client

Classify and protect a file or email by using Azure Information Protection

  • Updated to include the new Outlook address book option for custom permissions from an Office app when you use the latest preview client. New section for safely sharing by email.

Use-AadrmKeyVaultKey

  • Updated for clarifications and included the error messages that you see if the key vault you specify has not been configured for Azure Information Protection.

Set-RMSServer?Authentication

  • Updated for the current preview client that has a new parameter, -IntegratedAuth, that supports server mode for AD RMS so that cmdlets can run non-interactively by using Windows integrated authentication for the computer account.