Azure Information Protection

All ideas that relate to Azure Information Protection (AIP)

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Provide Role Based Access Controls (RBAC) in the AIP Admin console

    Provide a granular delegation model for administration of AIP configuration

    48 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      Under Review  ·  2 comments  ·  Administration and Admin Portals  ·  Flag idea as inappropriate…  ·  Admin →
    • Bring back the "publish" button at the AIP portal

      The two step workflow was much better than the actual direct publishing if we save a policy. I would like to modifiy my settings and discuss it with my colleagues before I make the rollout.

      3 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Administration and Admin Portals  ·  Flag idea as inappropriate…  ·  Admin →
      • Option to generate reports for Azure RMS protectors, currently none available

        Currently we are not able to generate report for Azure RMS protectors and the current usage reports. We don't have proper logging available and could not get the report using Powershell as well. Need to know how many outlook users are protecting and consuming the ARMS services. This is for License assignment and currently using onboarding control policy and need to shift to license model.

        2 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Administration and Admin Portals  ·  Flag idea as inappropriate…  ·  Admin →
        • Provide the ability to designate administrators scoped to subset of the organization

          Many organizations have multiple divisions that don't share a single IT department or a common root or trust. While the current guidance is to use separate tenants for such divisions, some organizations may want to share a tenant with subparts that are managed by different people.

          3 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Administration and Admin Portals  ·  Flag idea as inappropriate…  ·  Admin →
          • Policy versioning and rollback

            Please allow to rollback to previous version of policies. Or to import policies from a export file.

            10 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              Proposed  ·  4 comments  ·  Administration and Admin Portals  ·  Flag idea as inappropriate…  ·  Admin →
            • Support for Multi-tenant on AIP Scanner

              I have several customer's that have a AD forest with multiple domains. In their migration to Office 365 they are forced to have multi-tenant setup to segregate data. However they share on-prem file servers and SharePoint. To separate the Auto-Labeling and the encryption key they need support for multi-tenant in AIP Scanner

              2 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                1 comment  ·  Administration and Admin Portals  ·  Flag idea as inappropriate…  ·  Admin →
              • Dynamically re-classify a file after initial classification

                Once we auto-classify a file and set a label/protection, we don't refresh/re-run the code to see if the existing label/protection still should apply to the file. As a result, I may have files that have markings that don't accurately apply to the current content of a file.

                Please expose an option in the configurations to enable dynamic reclassification of a file during every save of the file, throughout it's lifecycle.

                For example, if I have an auto-classification rule that looks for 3 entries of 'customer claim' and my file meets that rule, I get auto-classified upon saving the file. However,…

                16 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  Proposed  ·  1 comment  ·  Administration and Admin Portals  ·  Flag idea as inappropriate…  ·  Admin →
                • Onboarding Control Exclusion list

                  Ability to exclude some members of the tenant being able to use Azure RMS to protect documents. We currently have an onboardingControlPolicy option to include certain users, but this is not helpful when you have a specific AD group of users that should not use encryption for compliance reasons.

                  5 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    Under Review  ·  2 comments  ·  Administration and Admin Portals  ·  Flag idea as inappropriate…  ·  Admin →
                  • Enable the ability to specify a default label from across scopes

                    When using only scoped policies, with mandatory classification enforced, be able from the admin GUI to select a default label from a scoped policy which is not the last one.

                    For example, we currently have:
                    o Scoped policy 1 include C1,C2, C3 (for any of a sub-company users)
                    o Scoped policy 2 include C4 (for a limited sub-population)
                    With a default label set to C2 for the scoped policy 1 and "none" for the scoped policy 2.
                    As the default label is taken from the last scoped policy, if we want C2 to be the default for all our sub-company…

                    8 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      Proposed  ·  0 comments  ·  Administration and Admin Portals  ·  Flag idea as inappropriate…  ·  Admin →
                    • Allow labels to display both business descriptions and protection descriptions

                      Rights templates created in the new portal now share the same name and description as the associated label. However, I believe there is a case to use the name and description of the label to give information to help the user to understand the classification of the document in the context of an organisation's Information Classification Policy. Before this most recent change, I found it helpful to use the description of the rights template to summarise the rights that have been assigned. Having the same description for each loses an opportunity for clarity. The user already knows that the document…

                      7 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        Proposed  ·  0 comments  ·  Administration and Admin Portals  ·  Flag idea as inappropriate…  ·  Admin →
                      • Enable AIP client to authenticate with Windows Server AD.

                        We are working on a strategy to move from on-premises AD RMS to Azure IP; however, we have encountered a blocker in our migration strategy: Azure IP cannot authenticate a user not located in an Azure AD tenant. In this scenario, we have implemented AD RMS in a resource forest and account forest scenario. The resource forest contains AD RMS, the protected content, AD FS, and contact objects of the users in the account forest. The account forest contains the user objects and uses Ping to federate with the resource forest. These user accounts can use any email address suffix…

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          Proposed  ·  0 comments  ·  Administration and Admin Portals  ·  Flag idea as inappropriate…  ·  Admin →
                        • Provide preconfigured policies for regulatory compliance such as GDPR

                          Create a template that helps assist organizations to identify personal details within content and files. Suggestions would be to look at telephone number/post code/IP address/e-mail address/gender/NHS number etc.
                          If there could be auditing that shows where this data resides when identified and give central IT a means to track it, that would provide high value in remaining compliant and avoiding fines.

                          26 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            Under Review  ·  0 comments  ·  Administration and Admin Portals  ·  Flag idea as inappropriate…  ·  Admin →
                          • Add PowerShell and/or Graph API support for AIP configuration

                            Add PowerShell (and/or Graph API) support for configuring AIP Policies and Labels. Configuring even 5-10 policies in the GUI is laborious and doesn't scale well to multiple tiers/environments.

                            20 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              1 comment  ·  Administration and Admin Portals  ·  Flag idea as inappropriate…  ·  Admin →

                              With the integration between AIP and Office Information Protection, Office 365 Management PowerShell will include the ability to manage labels for AIP.
                              This is expected to come out during the GA release of said integration before the middle of this year.

                            • Protection templates section on left pane in AIP Admin Portal

                              Policy templates should be made as a submenu on the left pane along with others such as "Policies", "Manage", etc.

                              5 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                Proposed  ·  2 comments  ·  Administration and Admin Portals  ·  Flag idea as inappropriate…  ·  Admin →
                              • Add workflow actions to Labels

                                Add new options for expiring labels (removal and/or replacement) based on time, approvals to make changes and notifications on change.

                                27 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  Proposed  ·  6 comments  ·  Administration and Admin Portals  ·  Flag idea as inappropriate…  ·  Admin →
                                • Enable override settings in scoped policy for labels defined in Global policy

                                  Provide an option for scoped policies to override settings in the Global Policy

                                  14 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    Proposed  ·  0 comments  ·  Administration and Admin Portals  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Don't see your idea?

                                  Feedback and Knowledge Base