Hello again to our Azure Information Protection community and welcome to the Cloud App Security community!
If you’ve been following our journey, you must be aware that we’re actively working on deepening the integration between these services to enable wider information protection scenarios that are important to you.
In that spirit, we are expanding these posts to include Microsoft Cloud App Security (MCAS), which is important as we know many of you work across these products, plus we continue to build out integrations. In case you missed it, you can find last month’s Azure Information Protection status update here.
It’s been a busy month and we have some great updates, so let’s take a look.
Azure Information Protection
The current GA client is 126.96.36.199
- Nothing new to add, see last month’s post for all the updates from last month’s GA release. Next GA release is scheduled for December.
- And as always, we continue to squash bugs
- Prevent an Outlook hang with Outlook reminders.
- Support updates for Office 64-bit, so that you can protect documents and emails.
- Fall back to the Calibri font if visual markers in the Azure Information Protection policy are configured for a font name that is not installed on the client.
- When you configure a label for user defined permissions and HYOK (AD RMS) protection, the protection no longer incorrectly uses the Azure Rights Management service.
A new Preview client has been posted! Current Preview is 188.8.131.52 which contains a number of new features:
- For Office apps, automatic and recommended classification runs continuously in the background, instead of running when documents are saved. With this change in behavior, you can now apply automatic and recommended classification to documents that are stored in SharePoint Online. Learn more about how this works here.
- A new advanced client setting to allow Outlook to apply a different default label, or no label. More information here.
- For Office apps, when you specify custom permissions, you can now browse and select users from an address book icon. This option brings parity to the user experience when you specify custom permissions by using File Explorer.
- Support for sharp graphics and text for dynamic dot per inch (DDPI) monitors. Applies to File Explorer, right-click to classify and protect files, the Azure Information Protection Viewer, and to the Click-to-Run version of Office 2016.
- Conditional Access
- The preview of conditional access enables admins to configure conditional access policies help secure access to sensitive information, you can Learn more here. Common scenarios include:
- Requiring Multifactor Authentication
- Checking device compliance/Domain Join
- Assessing risky-sign in
- Blocking access when the user is not on a trusted network
The public preview release of the Azure Information Protection scanner
- Use the scanner to crawl through files in CIFS based file shares and SharePoint sites and apply classification, labeling and protection on files based on your information protection policies. Learn more about the scanner in this blog.
- To configure the scanner, download the AzInfoProtection_PREVIEW_184.108.40.206.exe client and follow Deploying the Azure Information Protection scanner to automatically classify and protect files.
These updates were heavily influenced by your great feedback, and allowed us to ship new features, verify bug fixes and generally improved our product. We thank you for this ongoing engagement!
Other things to be aware of:
- Check out the AIP+CAS integration and how Cloud App Security can read files classified by AIP and set policies based on the file labels
- We’re adding a new feature to the new OneDrive sync client: the ability to sync IRM-protected SharePoint document libraries and OneDrive locations. You can learn more about this Preview here.
- The RMS Protection tool is moving to End Of Life on February 10, 2018. This functionality is replaced by the AIP Client.
- A reminder that the Azure classic portal is going to be retired on Nov 30. For more info please see this blog and we have a great set of migration guidance in our Docs.
- A new AIP end user adoption guide is available. Use it to accelerate deployment and usage in your company
As we let you know previously, we have adopted UserVoice as a platform for you to tell us what we should be working on, and I would ask and encourage you all to take a look and place your votes to help us understand the priorities you have.
Cloud App Security
- In case you missed it, check out all the announcements from Ignite
- Conditional Access to monitor user sessions and control content access and downloads directly inside SaaS apps through integration between MCAS and Azure AD.
- A new Cloud App Discovery experience empowered by Microsoft Cloud App Security to provide deeper visibility into what apps and services your users are accessing. See comparison to MCAS discovery here.
- We have a new data center, in addition to our US-based data center, will enable Cloud App Security customers to be in complete compliance with new and upcoming European standardization and certifications. For more information and for a list of IP addresses and ports that need to be opened to work with our new data center, see Network requirements.
- New filters were added to the App connectors page that provides you with simpler filtering and additional insight, including Connected by data, so that you know which user connected each app.
- Cloud discovery on log files that contain only destination IP information was improved.
- You can let us know what YOU need via the MCAS UserVoice site.
Hopefully this helps you with your testing, planning, and deployments, we welcome your commentary and feedback. We also know this can be a lot to absorb, and we are here to help!
- Start an EMS trial and kick the tires
- Learn more about Azure Information Protection
- Learn more about Cloud App Security
- Get deep technical and scenario documentation
Adam Hall on behalf of all the hard-working teams!