All ideas that relate to Azure Information Protection (AIP)

Allow granular protection within custom protection option of the the AIP client

Within the AIP client custom permissions, currently this only allows for one type of access to be granted to a group/user/domain. Having the ability to set one group at one level different to another. Currently this requires an AIP admin to create a specific protection label to achieve.

146 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Simon Marley shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    8 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Greg Tate commented  ·   ·  Flag as inappropriate

        95% of the AD RMS files we have use various permissions sets from File | Info | Restrict Access.

        Applying the Custom Permissions label overwrites these permissions. And our company does not want to re-assign permissions just for documents to be labeled.

        Please provide an option to inherit existing permissions for the Custom Permissions label.

        This feature would help drive adoption of AIP for our company.

        Thanks!

      • Ed Williams commented  ·   ·  Flag as inappropriate

        Please make a decision on this, we've been waiting for a long time. This was working in the old client, we were ready to roll out, when everything changed.

      • Andrew Yam commented  ·   ·  Flag as inappropriate

        On the user case, 1 file may not be only for 1 permission group user. For confidential document may be for this group is view only. For some user can full edit.

      • Sherif Talaat commented  ·   ·  Flag as inappropriate

        Add the ability to define multiple permissions to different users/groups in the custom permissions of the AIP client. For example, groupX has Read-only while groupY has Editor. Today, we have to assign different permissions to different versions of the same file, or do it via IRM template which is available only for admins not the users.

      • Sammy commented  ·   ·  Flag as inappropriate

        When can we get an answer to this, please Dan Plastina, we need your help to push Microsoft to get this Granular Control added.

      • Andrew McMurray commented  ·   ·  Flag as inappropriate

        From within the Custom Permission Dialog, allow picking from individual RMS Permissions rather than just the default permission sets.

      • R. Eberhard commented  ·   ·  Flag as inappropriate

        Am I right in understanding that the access control could be extended in way that new groups could be added to existing group/user/domain protected data? This would be a requirement from our customers w.r.t. e-discovery. A new group (not a group that has been initially added to the template) needs to be added to a number of documents to be investigated.

        The goal is to give the auditors just access to a specific amount of data to be investigated but not to the entire set that has been protected with that specific template.

      • Ed Williams commented  ·   ·  Flag as inappropriate

        PLEASE, this would be my #1 highest request, followed closely by Global Address Book connectivity inside Office applications. I hope this implies the concept of applying a template directly to a document without needing a label. If it doesn't, then that's what I need most! Can't describe to you how frustrating it was to have RMS Add-On ready to roll out when they replaced it with AIP and I still can't get the same functionality back.

      Feedback and Knowledge Base