Azure Information Protection

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Limit actions done by Macros

    There are many request from customers to limit the actions that can be done with Macros.
    Right now, if [Allow Macros] is granted as a usage right, any kind of Macro can be executed (like Macros to copy data from an AIP protected file and paste it into a text file which is not protected).

    Therefore, customer's request is to be able to limit the actions that can be done with Macros on AIP protected files.
    For example, allow only "Read-Only" Macros.

    Please consider the idea of implementing a feature that would allow customers to limit the actions that can…

    30 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  2. Persistent Outlook labels

    Include sensitivity label metadata in Outlook emails such that they persist when a user without AIP forwards or replies. Currently, if an external recipient replies to an email that our organization has labeled, it returns without a label and our users must select and add the label again when replying.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  3. Authorize AIP Super User Role with Priviled Identity Management (PIM)

    The authorization for the activation of the high-risk role AIP super user should be managed by Azure Privileged Identiy Management. Of course you should also be able to assign users to the role.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  4. Support for disconnected environments with the AIP Unified Labeling client and scanner

    In special customer scenarios, systems might be completely disconnected and not have direct or indirect access to the cloud service. This is supported in the AIP Classic client. We need an option to distribute the policy manually in the disconnected environment and for protection we need HYOK integration. To enhance the experience (compared to the classic client), bootstrapping the client automatically would really help.
    Even if this is some kind of niche scenario, it might be important for many public sector or highly regulated customers.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  5. Make it possible for the RMS connector to use Modern Authentication!

    "This account must not require multi-factor authentication (MFA) because the Microsoft Rights Management administration tool does not support MFA for this account. In addition, if you use Azure AD Conditional Access, do not block legacy authentication for this account."
    The Block legacy authentication policy that is recommended to use in Azure cannot be used because of your own product, kind of embarassing for you, is it not?
    Or make it possible to use the policy with exception for this account until fixed.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  6. Read only access to AIP portal for auditing

    Read only role for the AIP console to allow auditing the policy without being able to make changes

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  7. Maintain classification history of documents

    Provide a client and admin view of document classification, labeling and protection history

    44 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Proposed  ·  0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  8. Detect tampering of labels

    Enforce an anti-tampering mechanism (such as the client having a hash of the label and knowing if it was changed) and log centrally for reporting.

    39 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Proposed  ·  3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow usage of Multiple Keys in AIP

    Currently AIP only support one Key (Either BYOK or Microsoft Managed) for Azure RMS (protection) of emails and document.
    I'd like to see an option which will allow the usage of multiple Keys and allow organization to use different keys based on the security needs, business requirements or different division within the company.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow AIP authentication with identity realms other than Azure AD

    The AIP Viewer can only authenticate via Azure AD, which is limiting to the way of sharing protected files, which is not sent by email where the federation is in place with Google, Yahoo, etc .. and the OTP code option

    22 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  11. Obfuscate the DLP AIP automation rules stored on the clients so users can't see them / leak then / work around them

    Currently the policy.msip file is a plain text JSON file that can be viewed and edited locally. Customers have asked for this to be encrypted so it is not readable by users and other applications.

    19 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  12. 5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  13. Enable Governance actions for Anomaly policies in Cloud app Security

    Currently you can only take governance actions (such as suspend user automatically) for Activity policies in Cloud app security. This should also be done for Anomaly policies. For instance, the Anomaly policy impossible travel. If an alert for this gets generated I would like the user to be suspended automatically in order to better ensure that their account did not get compromised.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  14. Serverless execution of Protect-RMSFile/Unprotect-RMSFile

    If exposed as a service in Azure, this could allow for more modern application/deployment frameworks. Authentication to the service should be possible using a certificate. Should allow for both RMS-template based protection as well as AdHoc

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  15. SPIF support for AIP labels

    http://www.xmlspif.org/ defines a very powerful model to describe security policy and labels.

    Being able to make more complex labels in AIP could be really useful.

    SPIF support mean the ability to create complexe security policies (with classification and tags) and being able to choose which policy to use when creating a label.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  16. Implement additional checks to prevent rogue applications being able to open protected content

    Implement a more robust SDK and application verification process to prevent a rogue developer building an app to gain access to protected content and allow actions outside the provided permissions

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base