All ideas that relate to Azure Information Protection (AIP)

Allow granular protection within custom protection option of the AIP client

Within the AIP client custom permissions, currently this only allows for one type of access to be granted to a group/user/domain. Having the ability to set one group at one level different to another. Currently this requires an AIP admin to create a specific protection label to achieve.

168 votes
Sign in
Password icon
Signed in as (Sign out)

We’ll send you updates on this idea

Simon Marley shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →


Sign in
Password icon
Signed in as (Sign out)
  • Anonymous commented  ·   ·  Flag as inappropriate

    In Azure AIP client, the custom permission are limited. Our Business is expecting to have more options which are "View and Print" and "View, Copy and Print". Request microsoft Team to consider this to develop and release in upcoming releases.

  • Anonymous commented  ·   ·  Flag as inappropriate

    You can create pre-poulated different/Custom permissions for user on the Label itself (AIP - Protect)

  • Anonymous commented  ·   ·  Flag as inappropriate

    Document Owner can add multiple permissions per document

    For example

    User A - Read Only
    User B - Co-Author

  • kojima kazunori commented  ·   ·  Flag as inappropriate

    AIP users would like to set detailed permission against each users at custom permission.

    User1 > “view, print”,
    User2 > “view, edit, copy”...

  • Greg Tate commented  ·   ·  Flag as inappropriate

    95% of the AD RMS files we have use various permissions sets from File | Info | Restrict Access.

    Applying the Custom Permissions label overwrites these permissions. And our company does not want to re-assign permissions just for documents to be labeled.

    Please provide an option to inherit existing permissions for the Custom Permissions label.

    This feature would help drive adoption of AIP for our company.


  • Ed Williams commented  ·   ·  Flag as inappropriate

    Please make a decision on this, we've been waiting for a long time. This was working in the old client, we were ready to roll out, when everything changed.

  • Andrew Yam commented  ·   ·  Flag as inappropriate

    On the user case, 1 file may not be only for 1 permission group user. For confidential document may be for this group is view only. For some user can full edit.

  • Sherif Talaat commented  ·   ·  Flag as inappropriate

    Add the ability to define multiple permissions to different users/groups in the custom permissions of the AIP client. For example, groupX has Read-only while groupY has Editor. Today, we have to assign different permissions to different versions of the same file, or do it via IRM template which is available only for admins not the users.

  • Sammy commented  ·   ·  Flag as inappropriate

    When can we get an answer to this, please Dan Plastina, we need your help to push Microsoft to get this Granular Control added.

  • Andrew McMurray commented  ·   ·  Flag as inappropriate

    From within the Custom Permission Dialog, allow picking from individual RMS Permissions rather than just the default permission sets.

  • R. Eberhard commented  ·   ·  Flag as inappropriate

    Am I right in understanding that the access control could be extended in way that new groups could be added to existing group/user/domain protected data? This would be a requirement from our customers w.r.t. e-discovery. A new group (not a group that has been initially added to the template) needs to be added to a number of documents to be investigated.

    The goal is to give the auditors just access to a specific amount of data to be investigated but not to the entire set that has been protected with that specific template.

  • Ed Williams commented  ·   ·  Flag as inappropriate

    PLEASE, this would be my #1 highest request, followed closely by Global Address Book connectivity inside Office applications. I hope this implies the concept of applying a template directly to a document without needing a label. If it doesn't, then that's what I need most! Can't describe to you how frustrating it was to have RMS Add-On ready to roll out when they replaced it with AIP and I still can't get the same functionality back.

Feedback and Knowledge Base