Azure Information Protection

All ideas that relate to Azure Information Protection (AIP)

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Revoke - Less than 30 days (user-defined permissions)

    Allow revocation of under 30 days for 'user-defined' protection.

    AIP is great for classifcation and labelling but the ability to offer IRM can be questioned across some controls.

    2 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      1 comment  ·  Doc Tracking  ·  Flag idea as inappropriate…  ·  Admin →
    • Share protected/labelled documents externally

      SME...
      Protected their internal client documents. Great.
      Now what if they want to send one of these documents externally, the external recipient (unless they're using Azure and have permissions to open this) wouldn't be able to access the attachment!
      A custom policy that does that would be useful.

      1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        1 comment  ·  Protection  ·  Flag idea as inappropriate…  ·  Admin →

        Office 365 Messaging Encryption is already able to do this.
        If the content is sent via email (using Exchange Online) you can set the policy to automatically classify the email with the same policy in the document, which will in turn grant the ability for the recipient to open it without installing any software and without creating an account.
        If the issue is that the existing policy in the document does not grant rights to the external user, you can create a transport rule in Exchange which replaces protection with Do Not Forward or Encrypt Only (though of course, you will want to implement additional controls to ensure the data only goes to people you want it to go to).
        There are third party additions to AIP that allow users to request shareable versions of the content, if you want to implement the process above with some form of workflows…

      • Make Word Track Changes functional with Co-Author permissions

        Word's "Track Changes" feature is disabled on RMS-protected files unless the signed in user has all permissions.
        It's a known shortcoming described "as designed".
        https://support.microsoft.com/en-us/help/2004302/word-track-changes-functionality-disabled-when-rights-management-servi

        5 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          3 comments  ·  Office Clients  ·  Flag idea as inappropriate…  ·  Admin →
        • Encrypt Only Email Option

          Similar to the new Do Not Forward option, have an option that simply encrypts the email to the recipient. With the AIP templates not able to utilize 'all external recipients' and the DNF being too restrictive we still need to use a third party for email encryption. The downloading of a .html file is not feasible to implement with thousands of clients and the hand holding that is required.

          129 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            22 comments  ·  Office 365 and EMS  ·  Flag idea as inappropriate…  ·  Admin →

            This feature has shipped!
            Exchange Online includes the option to apply Encrypt Only via a transport rule, as well as from an OWA email.
            Office Pro Plus (2016) version 1804 or later also have the Encrypt Only option in the permissions menu.
            This feature is dependent on Exchange Online being configured to use OME.

          • Only documents must have a label, don't apply a label to emails

            Only documents must have a label, don't apply a label to emails or separate the permissions for e-mail and documents. For example: all documents must have a label to enforce users to protect their files with a pre-defined label, but they should send an email without a label to external users.

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              3 comments  ·  Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • Configure a label to require Ad-hoc custom permissions.

              Today, labels can apply RMS permissions that are configured by an administrator while configuring the label.

              Suggesting an additional approach: A label is set to require custom RMS protection, by prompting the user to set custom permissions through the AIP dialogue.

              1 vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Protection  ·  Flag idea as inappropriate…  ·  Admin →
                Done  ·  Adam Hall responded

                This is already available in Preview.

              • AIP supportability for Office 365 Business Premium Subscriptions

                Azure Information Protection is only supported for E3 and E5 plans at the moment. Business Premium supportability is critical as lots of our clients are obligated by this barrier.

                32 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  5 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →

                  In the coming AIP September GA we will update the Office client requirement with the following:

                  “Office 365 with Office 2016 apps (minimum version 1805, build 9330.2078) when the user is assigned a license for Azure Rights Management (also known as Azure Information Protection for Office 365)”

                  This will allow the support of the AIP client to use protection labels in other Office subscriptions which are not ProPlus. This will require the use of Office clients which are newer then the version mentioned above and the end user should be assigned with the proper licence.

                • 5 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    3 comments  ·  Administration and Admin Portals  ·  Flag idea as inappropriate…  ·  Admin →
                  • Temporarily decrypt file and pass to default application

                    I've just completed some testing with a few software packages -- Caseware and Lacerte -- for an accounting firm. Data for these apps lives on file shares, so they intended to use AIP to encrypt the files at rest. Unfortunately, AIP is not fully compatible with the file types (.dbf. .mdf, and some custom file types that are readable in Word). The customer brought up an interesting point that I had not considered -- the ability for the AIP viewer to temporarily decrypt the files and pass them along to the appropriate default program.

                    1 vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      3 comments  ·  Applications and File Types  ·  Flag idea as inappropriate…  ·  Admin →
                      Done  ·  Adam Hall responded

                      This feature is in the AIP Viewer today.

                    • Dedicated admin role for Azure Information Protection

                      Create an Azure Portal admin role that allows full access only to AIP

                      81 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        Done  ·  7 comments  ·  Administration and Admin Portals  ·  Flag idea as inappropriate…  ·  Admin →
                      • Prevent document owners from changing label define protection to custom permissions

                        As user could today change from a predefined RMS protection to a user defined protection, the " label - AAD RMS " protection relationship is easily broken.

                        The Suggestion :
                        - Introduce a parameter to choose between enforced AAD RMS protection or required User protection or nothing (like today).

                        And more, through the client, selecting a "required user protection" label could directly prompt the user to choose the adequate protection.

                        4 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          1 comment  ·  Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          Done  ·  Adam Hall responded

                          This is now available, admins can remove the option to set custom permissions.

                        • Enable application specific labeling policies

                          Enable configuration of sets of policies to different applications, for example Outlook versus Word/Excel/PowerPoint

                          28 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            Done  ·  7 comments  ·  Administration and Admin Portals  ·  Flag idea as inappropriate…  ·  Admin →
                          • Bulk data at rest scanning and analysis

                            Provide a bulk scanning and ongoing analysis engine to scan data repositories

                            30 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              2 comments  ·  Scanning and Migration  ·  Flag idea as inappropriate…  ·  Admin →
                            • Update the SDK/API for AIP to include classification and labeling

                              Enhance the existing RMS SDK to include classification and labeling

                              19 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                3 comments  ·  Development  ·  Flag idea as inappropriate…  ·  Admin →
                              • Enable Exchange Transport rules to remove protection

                                Add a new option in Exchange Online transport rules to remove protection based on rules and policies

                                18 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  3 comments  ·  Office 365 and EMS  ·  Flag idea as inappropriate…  ·  Admin →
                                • Exchange Online supports BYOK

                                  Update EXO to leverage the same BYOK as AIP

                                  17 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Enable automatic classification based on content in non-office file types

                                    Leverage OSS and iFilter options to scan any document type and make recommendations or apply automatic policies

                                    15 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Applications and File Types  ·  Flag idea as inappropriate…  ·  Admin →
                                    • MCAS integration for conditional protection

                                      Allow MCAS to take actions based on AIP policies

                                      12 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        Done  ·  0 comments  ·  Office 365 and EMS  ·  Flag idea as inappropriate…  ·  Admin →
                                      • AIP supports certificate based authentication

                                        Allow the enforcement of certificates as part of authentication (instead of passwords)

                                        4 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Mobile Apps  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Add support for Intune MAM to AIP Android App

                                          Allow Intune to configure and apply MAM policies on the AIP mobiler apps

                                          3 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            Done  ·  1 comment  ·  Mobile Apps  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1
                                          • Don't see your idea?

                                          Feedback and Knowledge Base