Bring Unified Sensitivity Labels into GCC and GCC High.8 votes
Encrypt Only is available in Outlook as a stand-alone option. In the same way a label can apply Do Not Forward, allow admins to define Encrypt Only as the action applied by a label.4 votes
When users change existing labels via Office apps the events show in the AIP Activity Log. If the event was a downgrade that required justification, the justification is included along with the old and new labels. When these activities are performed online (SharePoint, OneDrive) the events only show in the SCC log. They only include label IDs (vs. names) and the justification is not visible. Please add the web app activity to the AIP Activity Log so we can properly audit and alert.2 votesWe're working on it! · AdminEnrique Saggese (Principal Program Manager, Information Protection CxE, Microsoft - Azure - Msip) responded
This is already available in the Activity Explorer in the Security and Compliance center, and we are working on combining the AIP analytics signals in the same portal.
Currently the AIP 'standard' client does not have support for adding keyword lists, or a practical way to add them besides adding single conditions with individual strings one at a time. The Unified Labeling client contains both options to add keywords comma separated, and keyword lists. This is great however currently the UL AIP client does not have a Scanner option. Thus, AIP scanner relies on AIP standard client and its labels and conditions that do not contain an option for adding vast numbers of keywords besides tedious single conditons. In the case of 'thousands' of keywords this is simply not feasible and presumably exceeds some limits as well.
Optimally please either add support to the Standard AIP client to add a keyword dictionary similarly to how this is an option with DLP and the UL version of the AIP client, or otherwise, please build a scanner equivalent based on the UL AIP client that can leverage the unified labels and the new options for conditions.
These keyword dictionaries support 100000 keywords per file when used with DLP and is an ask at several clients I am working with for AIP Scanner implementations. I assume a UL version of the scanner is in the pipeline, please update on the status and/or backwards add this functionality to the standard AIP client and its labels in Azure.
Currently the AIP 'standard' client does not have support for adding keyword lists, or a practical way to add them besides adding single conditions with individual strings one at a time. The Unified Labeling client contains both options to add keywords comma separated, and keyword lists. This is great however currently the UL AIP client does not have a Scanner option. Thus, AIP scanner relies on AIP standard client and its labels and conditions that do not contain an option for adding vast numbers of keywords besides tedious single conditons. In the case of 'thousands' of keywords this is simply…15 votes
This capability will be supported in the upcoming AIP Scanner release as part of the AIP Unified Labeling Client
More on the aesthetics: allow for exporting of activities in UI instead of through log analytics, and display a total number of activities found within the UI query instead of displaying the first 1000. Customers are requesting interface to be more user-friendly for their staff who don't want to use KQL.1 voteWe're working on it! · AdminEnrique Saggese (Principal Program Manager, Information Protection CxE, Microsoft - Azure - Msip) responded
This is being done as part of the Activity Explorer in the Security and Compliance Center.
Provide "Know Your Data" reports for knowledge workers to consume so that they can see which of their files have been been auto-labelled which will enable them to take action against files that may contain GDPR/PII information1 vote
Currently, IRM-enabled SPO libraries protect pdf files using the v1 format (.ppdf), but with the extension .pdf.
Adobe's MIP/AIP plugin only supports the ISO compliant (v2) format protected pdf. To open a v1 pdf, users must actively use a different pdf reader or the AIP viewer.
Switching to the ISO compliant pdf format would bring a more consistent user experience and less support.1 vote
Currently, when AIP makes a recommendation for labeling or classification, the button to apply the recommendation reads "Change now".
It would make more sense from a user perspective to label the button "Accept" to indicate that the recommendation is accepted and applied.2 votes
This button text will be changed as part of recommended labeling capability which will be built-in Office 365 clients in the future.
Users may uninstall AIP client to attempt to circumvent AIP or just because they find it annoying. If the default label could be applied to any documents in SharePoint or OneDrive could be applied even if AIP client is not present, it would alleviate this potential security end-run.
Typically, end-users will not have admin rights to uninstall applications, but some times it is inescapable, esp in a small business.31 votes
We would like to have an encrypt-only option for outlook when allowing users to define the permissions for a unified sensitivity label in addition to the option of DNF (do not forward) in outlook.
There are certain circumstances were we only want encryption but don't want people to shy away from unified labels.1 vote
If we have an encrypted document through AIP, we cannot open it through PowerBI. Any chance of having this type of support with PowerBI and other applications (visio, project, etc)?5 votes
It would be nice, to have control which type of labels are available on a user device.
Usecase is for example, to prevent labels for highly confidential content on mobile devices or virtual desktop environments.
A user should see the label on a trusted device, but on another device which isn't secure enough the label should be prevented.4 votesWe're working on it! · AdminEnrique Saggese (Principal Program Manager, Information Protection CxE, Microsoft - Azure - Msip) responded
We plan to enable control via Conditional Access on a per-label basis, which should address this need.
If you think this will meet the need stated here I’ll merge the feature requests.
Within the AIP client custom permissions, currently this only allows for one type of access to be granted to a group/user/domain. Having the ability to set one group at one level different to another. Currently this requires an AIP admin to create a specific protection label to achieve.193 votes
This will be available as part of the built-in labeling in Office.
Currently, documents that are labelled can be co-authored in Office, but any document that is encrypted can only be opened by one person at a time. This prevents most of the business scenarios folks use today with two three or more folks editing a document at the same time. Instead - it forces businesses to email copies of a document around after setting AIP policies to allow folks to all edit it. A huge blocker for most of our customers.172 votes
The web based co-authoring feature is available when you opt-in the preview as documented at: https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files
We are working on getting this capability across all platforms in the future.
Surface AIP policies in the Office 365 DLP engines to allow consistent classification, labeling and protection155 votes
In current version only Word, PowerPoint and Outlook support visual markings in different colors. Visual markings that are configured for colors always display as black in Excel. In future versions visual markings that are configured for colors should displayed in color in Excel.7 votes
Will be available in versions newer then 1.40.15 which will be released in few months
Enable profiles in the AIP clients125 votes
Native labeling in Office for Windows will support displaying labels from multiple users signed in to Office side by side.
Option to change the default "Protect" action for exchange online from Do Not forward to Encrypt Only
The Do Not Forward option is the current default protect action in new exchange online emails. This protection level is very restrictive and not preffered by enterprise. The Encrypt Only option is a better fit for business. Would like to have the ability for organizations to Change the default protect action for their users to allow setting Encrypt Only as the default action.15 votes
Provide the ability to show the specific condition(s) which triggers Automatic or Recommended label, this allow user to understand and aware which condition triggers the labeling18 votes
This capability will be available as part of Office 365 built-in automatic labeling and was introduced recently at Ignite 2019. http://aka.ms/MIP-Ignite2019
It could be great knowing who changes a label to correct this or who violates the internal classification policy.80 votes
Reporting of label changes is being built in the Windows Defender ATP client. Preview coming soon.
- Don't see your idea?