Azure Information Protection

All ideas that relate to Azure Information Protection (AIP)

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Support for rename AIP tenant

    AIP tenant display name is included in the protection UI and some other UI elements.
    If company name changes, the change can be made in the service but is not reflected in the UI (e.g. template list UI).
    This can cause legal problems and user confusion.

    11 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      1 comment  ·  User Experience  ·  Flag idea as inappropriate…  ·  Admin →
    • AIP Scanner - Add capability to forcefully override an already-classified document

      In AIP Scanner, there should be a capability to enforce the overriding of label regardless of MatchPolicy setting is On or Off.

      I am working with a customer who has a genuine requirement of overriding the labels for bulk files.

      For example, AIP is configured to enforce a default label when user creates or saves a file. but later-on user moves this file to an AIP-repository (file share or SharePoint library), which is configured to apply another label.

      Unfortunately currently AIP Scanner does not support this basic scenario. Currently, to make this scenario work, this another-label must have an automatic…

      12 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Labelling  ·  Flag idea as inappropriate…  ·  Admin →
      • Improve support for s/mime signed and protected messages in OWA and Outlook Mobile

        Currently, when sender has digitally signed a protected email in Outlook, recipients using OWA or Outlook Mobile will only see the IRM wrapper message.

        If recipient uses Outlook 2016, the protected message is deciphered/rendered perfectly fine!

        12 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Mobile Apps  ·  Flag idea as inappropriate…  ·  Admin →
        • Offer Encrypt only from the message ribbon

          Outlook 1804 now has the 'Encrypt Only' function but it is buried under 'Permissions' in the 'Option' Ribbon. Can we have it either alongside the 'Do Not Forward' button on the Message ribbon, or as by reconfiguring the DNF button to give a drop-down option similar to the Permissions button. It would also be good to have and option to display it under the AIP Protect button where the AIP client is installed.

          28 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            6 comments  ·  Office Clients  ·  Flag idea as inappropriate…  ·  Admin →
          • Allow policies not to automatically grant full control to document creators

            While document creators have by definition unrestricted access to the data they add to the document, having owner rights would allow them to later extract data others have added to the documents they created. Owner rights also allow creators to downgrade classification on documents that have already been classified.
            The suggestion is for AIP to have a setting on each policy that when enabled does not automatically grant the creator of a document full control rights or the ability to reclassify once the document is closed.

            7 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              1 comment  ·  Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • Extend “Justification to set a lower label” feature

              My customers request to expand “Justification to set a lower label” feature.

              1. When the user performs the operations, the administrator can confirm the notification list on the AIP Portal.
              2. When the user performs the operations, it is notified to the administrator, and the user is permitted to change the label via the administrator's admission.

              This option is "Users must provide justification to set a lower classification label, remove a label, or remove protection" on the AIP portal.

              8 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Doc Tracking  ·  Flag idea as inappropriate…  ·  Admin →
              • Apply default label to SharePoint and OneDrive docs

                Users may uninstall AIP client to attempt to circumvent AIP or just because they find it annoying. If the default label could be applied to any documents in SharePoint or OneDrive could be applied even if AIP client is not present, it would alleviate this potential security end-run.

                Typically, end-users will not have admin rights to uninstall applications, but some times it is inescapable, esp in a small business.

                6 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  We're working on it!  ·  0 comments  ·  Labelling  ·  Flag idea as inappropriate…  ·  Admin →
                • Tracking without protection

                  I can really se the need for tracking a document without protecting it. Everyone can freely share this document but I can track who and when it is used. Could be based on a signature instead of encryption.

                  (Note: the original feature request was called Tracking without Encryption, but this can't be possible as without encryption anyone can open the content even without a connection, and thus tracking would yield extremely unreliable results, so we redefined it as Tracking Without Protection)

                  25 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    8 comments  ·  Doc Tracking  ·  Flag idea as inappropriate…  ·  Admin →

                    The All Authenticated users feature allows for tracking without protection. Of course, tracking without encryption is not possible since if it’s not encrypted no license is required for accessing the content and thus there can’t be tracking, but the feature currently in preview should meet the same need. I’m renaming the feature request to reflect this reality.

                  • Allow modification to Do Not Forward template

                    The DNF template has restrictions on copy, print and export. Some customers would like to modify this template for example to allow print.

                    Maybe also a possibility to add a company wide scope of users to this dynamic rule like the request in
                    https://msip.uservoice.com/forums/600097-azure-information-protection/suggestions/19602400-dynamic-protection-templates

                    And the possibility for the sending user to add more users to the permission list with BCC and without BCC

                    for example if Sara@contoso.com send DNF to Anna@contoso.com and Lisa@adatum.com but wants Anna@contoso.com to be co-owner.

                    if Sara@contoso.com send DNF to Lisa@adatum.com but wants her team to be co-owner.

                    22 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      3 comments  ·  Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • Support for discovering, classifying, protecting and reporting sensitive data in Azure resources like Blobs, Files

                      AIP can automatically scan and protect documents in file servers, SharePoint, etc., while MCAS and other products in the MIP family can protect files in cloud resources. The ask here is to support scanning and protecting Azure resources such as Azure blobs and file storage with AIP in the same way AIP protects other types of storage.

                      2 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Scanning and Migration  ·  Flag idea as inappropriate…  ·  Admin →
                      • Manually classify incoming emails on reception.\

                        I have a customer that wants to classify incoming emails manually. But the lablebar do not show on incoming email. You can click to show the labelbar but not change existing (non existing) label.

                        25 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          4 comments  ·  Labelling  ·  Flag idea as inappropriate…  ·  Admin →

                          We are evaluating this request and need more input into how this feature should behave to meet your needs.
                          We will have automatic classification of inbound emails at the transport level, but this request calls for manual classification on the endpoint. A few clarifying questions:
                          1) What is the use case for classifying a received email? Who would use that classification and how?
                          2) Would protection need to be applied on the classified email (even when it’s not being replied)?
                          3) A user should not be able to change the classification of emails in other people’s mailbox, so as the request is defined classification would be only on the local mailbox of the recipient doing it. What happens if someone else replies to the same thread, which they didn’t classify, so the replies are no longer classified. Would that be a problem?

                        • Shared Mailbox and ticketingsystem support

                          This is really a grooving problem right now with GDPR.
                          I can see a big increase in incoming OME/DNF to all my customers tenants. Many use shared mailboxes or ticketing systems and cannot open these mails and attached documents.

                          For example a customer with AIP implemented, they work with both partners and customers. Many of their services use Shared mailboxes. Multiple users handle these requests.
                          Now multiple partners has started to use OME and DNF encryption. When they send sensitive information to these shared mailboxes, no one can read.

                          Same situation with the opposite, If they send OME DNF to…

                          17 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            4 comments  ·  Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • When encryption is added on existing labels automatically update documents via scanner and client

                            It can be useful to start a deployment with Labels only, without protection, that the end-users can get a feeling for this technology. It also helps avoid incompatibility issues (e.g. if a document repository or LOB app doesn't support protection yet).

                            After the users are comfortable with the technology and the potential issues have been addressed existing labels should be changed and have encryption added (without creating new labels, just change the existing ones).

                            The AIP Scanner should be able to automatically add protection to the documents that were labeled with these labels before protection was incorporated. The clients should…

                            2 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              Yes, Committed  ·  0 comments  ·  Labelling  ·  Flag idea as inappropriate…  ·  Admin →
                            • Label change prohibition function for each application

                              When setting a default label, we need the ability to prevent users from changing labels.
                              It would be better to be able to set for each application (Word, Excel, Powerpoint, Outlook).

                              < Business impact>
                              This is because there is a possibility that if another label is displayed, even though the default label is set, a user's operation error may be induced.

                              1 vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                1 comment  ·  Labelling  ·  Flag idea as inappropriate…  ·  Admin →
                              • View IRM and protected PDFs in the Document Viewer or Browser

                                There currently is not a way to view a IRM-protected PDF or protected PDF (.PPDF) in the browser. The protected PDF initially opens in the 'document viewer' app with a message saying "Hmm...looks like this file doesn't have a preview we can show you." If you click Open-Open in Browser you get a message saying "This PDF file is protected." Your only option is to download the PDF and open it in Foxit or Azure Information Protection Viewer (NOT Adobe Acrobat) which is not ideal.

                                28 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  5 comments  ·  Applications and File Types  ·  Flag idea as inappropriate…  ·  Admin →
                                • SharePoint Online Support for AIP

                                  Update SPO to be aware of classification and labeling and support actions to label and protect content based on AIP policies

                                  226 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    We're working on it!  ·  13 comments  ·  Office 365 and EMS  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Enable DLP enforcement for mails with specific label

                                    We would love to have our DLP policy automatically pick up on emails that have a label or document and either gray out the send button if it meets the DLP policy or somehow stop the email automatically instead of sending back a block reply.

                                    1 vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      We're working on it!  ·  0 comments  ·  Labelling  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Watermark or footer should cover all content.

                                      A watermark, header or footer is set as a background-image. This way the watermark is hidden behind pictures or other non-transparent content - see screenshot (ex. Word).
                                      A watermark should be transparent on top of all document content.

                                      3 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Visual Marking  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Enable direct access to documents through Central Reporting

                                        Part of our overall information classification and protection program involves assessing the accuracy of the labels that our users are selecting. One way to do this involves taking samples of documents and asking knowledge experts to access the labels that have been applied. Having direct access (links) to the specific documents listed in the Central Reporting Activity Logs would help facilitate the selection of these documents.

                                        1 vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Logs & Analytics  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Enable tracking of protected emails consumed through all the available clients.

                                          Microsoft has released the ability to track consumption of OME-formatted emails but this only works for recipients that view the emails in the OME console, which is only applicable to some scenarios (e.g. B2C emails).
                                          For B2B scenarios, the ability to track emails consumed in Outlook or other clients (e.g. OWA, mobile or third party) is essential. This requires changing how email is consumed in some of these cases, since for example emails are licensed during delivery and not consumption in many scenarios (e.g. Mobile Outlook).

                                          1 vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Doc Tracking  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 13 14
                                          • Don't see your idea?

                                          Feedback and Knowledge Base