Microsoft retracted the announcement of the deprecation of the classic Azure Information Protection client and label management in the Azure portal. Office 365 sensitivity labels have taken over from AIP clients in most tenants, so the impact of this change is limited. However, if you still need to use an AIP client, you should move to the unified version.
Exchange Online transport rules can block outbound email stamped with selected Office 365 Sensitivity Labels to make sure that confidential material doesn’t leave organizations. The transport rule is very easy to construct with the only complication being the need to discover the GUID of the sensitivity label you want to block. Fortunately, PowerShell gives us an easy way to find a label’s GUID.
Microsoft Cloud App Security (MCAS) can integrate with Azure Information Protection to allow automated policy-driven application of Office 365 sensitivity labels to Office documents and PDFs. You can depend on users to apply labels manually as they create documents, but it’s easy for humans to forget to add protection where a computer won’t. You’ll pay extra for MCAS, but it could be worthwhile.
Microsoft has announced the deprecation of the PowerShell module for the Azure Active Directory Rights Management service (AADRM). But don’t worry; it’s replaced by the Azure Information Protection (AIPService) module. Deprecation happens in July 2020, so you’ve lots of time to revise any scripts that use AADRM cmdlets.
The process of introducing Office 365 sensitivity labels to a tenant can be long and complicated because of the need to plan how to manage encrypted content. As you go through the process, don’t delete labels if they’ve already been used to protect content. Instead, remove them from the label policies used to publish information to clients. The labels will then remain intact in documents and other files.
Microsoft has released the GA version of the Azure Information Protection client, which reads information about Office 365 sensitivity labels and policies from the Security and Compliance Center. It’s one more step along the path to making it easy for Office 365 tenants to protect their data. Work still has to be done, but at least we can see light at the end of the encryption tunnel.
Microsoft released an update for the unified labeling version of the Azure Information Protection client needed for Office 365 sensitivity labels, which now boast auto-label support. Solid progress is being made to move sensitivity labels to the point where they are considered to be generally available, probably later this year. In the meantime, pay attention to the premium features like auto-label which require more expensive licenses.
Microsoft announced that the Office 365 E3 and E5 plans will receive new Information Protection licenses. They’re preparing for the introduction of sensitivity labels and the increased use of encryption to protect access to content in Office 365 apps like SharePoint Online, Exchange Online, OneDrive for Business, and Teams. You don’t have to do anything to prepare for the new licenses, but it’s nice to know what they are and how the licenses are used.
A collection of news snippets loosely connected to different bits of Office 365 that really don’t justify a separate article. But the factoids are interesting all the same…
The Microsoft-Adobe initiative to support Azure Information Protection for PDF files has reached general availability. Things look good and the issues encountered in the preview are removed. You can store protected PDFs inside Office 365, but be prepared to download the files to be able to view them.
The latest version of the Azure Information Protection (AIP) client supports the ability to associate S/MIME protection with an AIP label. Although interesting, it’s a feature unlikely to be of much practical use to the majority of Office 365 tenants.
The availability of Azure Information Protection and Office 365 sensitivity labels allow tenants to protect important and confidential files. That’s nice, but it’s even better when you know what files are protected. Here’s how to use PowerShell to create a report about those files.
Azure Information Protection rights management templates now support the Any Authenticated Users permission to allow Office 365 users to share email and documents with anyone who can authenticate with Azure Active Directory or has an MSA account or uses a federated service.
On October 12, Microsoft and Adobe launched the public preview of the native integration of Azure Information Protection for PDF files. Knowledge about protection is built into the latest version of the Acrobat reader, meaning that third-party tools are no longer needed to process protected PDFs.