Skip to content

Enterprise Mobility + Security


Hello again to our AIP community! In case you missed it, you can find last month’s posting here and of course, we’re listening to your feedback and feature requests. Speaking of which, it’s been a busy month with a HUGE set of updates to both the client and for admins!

Before we get into those details, please take a minute to look at all the announcements we made at Ignite this week. Office 365 Message Encryption (previously “Secure Mail”) is now GA. Attend this webinar to learn more about the feature. Integration with Conditional Access is in public preview and preview for MCAS integration and Scanner are coming this month!

AIP Client:

The current GA client is now 1.10.56.0!

  • Enjoy more than 80 pre-defined information types when configuring a label condition. All pre-defined information types are aligned with Office 365 DLP information types (more information here)
  • Introducing a new label action, “set custom permission”. When applied in Word, Excel, PowerPoint or via the ‘classify and protect’ app, users are prompted to define the permission scope for this item i.e. which users/groups and protection settings.
  • Introducing a new vertical menu. Users can now label an item by clicking the “protect” button in Word, Excel, PowerPoint and Outlook. This is an alternative to the horizontal bar.
  • This client can display label names, descriptions and Policy Tips in a user’s local language. The additional languages are specified by the admin, and then the client displays based on the Windows and Office settings.
  • PowerShell commands improvements:
    • Introduce a new cmdlet: Set-AIPAuthentication and Clear-AIPAuthentication to support scenarios of running powershell cmdlets on an unattended server.
    • Introduce an option to label files ‘on behalf’ of another user (-owner) and to preserve the file details such as last modified users and last modified time (PreserveFileDetails)
  • Plus as always a number of fixes and updates:
    • Support for generically protecting large files that previously could be corrupted if larger than 1 GB. The file size is now limited only by available hard disk space and available memory.
    • The Azure Information Protection client viewer opens protected PDF (.ppdf) files as view-only.
    • Support for Exchange online mode.
    • Support for labeling and protection of files stored on SharePoint Server.
    • Watermarks now support multiple lines. In addition, visual markings are now applied to a document on the first save only rather than every time a document is saved.
    • The “Run Diagnostics” option in the Help and Feedback dialog box is replaced with “Reset Settings”. The behavior for this action has changed to include signing out the user and deleting the Azure Information Protection policy.
    • Support for proxy servers that require authentication.
    • Email validation when users specify custom permissions. Also, multiple email addresses can now be specified by pressing Enter.
    • The parent label is not displayed when all its sub-labels are configured for protection and the client does not have an edition of Office that supports protection.

The latest Preview client now posted is 1.13.9.0 which contains a number of new features and fixes.

  • Admins can set a different behavior of the “default label” in Outlook vs. in Word, Excel and PowerPoint. For example – the policy can enforce one (or no) default label in Outlook while enforcing a different (or no) default label in the other applications. To experience this feature you can define a default label in Outlook that will override that default label that was set in the Admin UI.
  • On the custom permissions dialog, users can now find and select users by clicking the address book icon available in Word/Excel/PowerPoint as well as in the ‘classify and protect’ app.
  • Support sharp graphics and text on dynamic dot per inch(DDPI) Monitors for the ‘classify and protect’ app, viewer and Office 2016 Click-To-Run. When working with 2 monitors with different DPI resolution graphics and text will be displayed the same in both monitors.
  • Major bug fixes in this preview version:
    • Fix a set of specific Office crashes after AIP upgrade
    • Performance and memory consumption improvements in Office
    • User defined permissions in ‘classify and protect’ app
    • Ability to apply ADRMS protection when working in a HYOK environment

For Admins:

  • Allow Information workers to hide the information protection bar in applications. This can be defined per scope.
  • Choose if the “Do Not Forward” button in Outlook’s main ribbon is displayed or not.
  • Control if the “set custom permission” option in available or not.
  • Set which Font is used for content marking. If no specific Font is specified, the Calibri font is used.

These updates were heavily influenced by your great feedback, and allowed us to ship new features, verify bug fixes and generally improved our product. We thank you for this ongoing engagement!

Upcoming milestones:

Other things to be aware of:

  • We’re adding a new feature to the new OneDrive sync client: the ability to sync IRM-protected SharePoint document libraries and OneDrive locations. Learn more about this Preview here.
  • The RMS Protection tool is moving to End Of Life on February 10 2018. This functionality is replaced by the AIP Client.
  • With regards to templates and labels, we have moved to protection being an attribute of labels, and not standalone templates as was the case with RMS. This means a few things:
    • Templates were initially designed to define sets of rights granted to groups and users. In most cases this was a technical implementation answering a need to protect data according to an information handing policy. Labels represent a business policy of how information should be managed, with optional protection of the data when specified enforced by the template.
    • In order to deliver on this, we need to maintain a one to one mapping between a label and its associated protection template. As you move from templates to labels, you can convert the template to a label, however if you want to apply the same permissions multiple times, you will need to create a new label for each additional use and specify the protection attributes.
  • A reminder that the Azure classic portal is going to be retired on Nov 30. For more info please see this blog. We also have a great set of migration guidance in our Docs.

As we let you know previously, we have adopted UserVoice as a platform for you to tell us what we should be working on, and I would ask and encourage you all to take a look and place your votes to help us understand the priorities you have.

Summary

Hopefully this helps you with your testing, planning and deployments, we welcome your commentary and feedback. We also know this can be a lot to absorb, and we are here to help! Engage with us on Yammer or Twitter and let us know what’s important to you by voting on UserVoice!

It really is very easy to get started with AIP. We have a lot of information available to help you, from great documentation to engaging with us via Yammer and e-mail. What are you waiting for? Get to it!

Thank you,

Adam Hall on behalf of the Azure Information Protection team.
Twitter: @adhall_msft
Useful links: https://aka.ms/adhall