7 votesProposed · 2 comments · Azure Information Protection » Office 365 and EMS · Flag idea as inappropriate… · Admin →
While this is a valid request, I want to respond to the comment below that MCAS doesn't support this. MCAS CAN apply AIP classification labels to files in real-time currently, so MCAS can address the scenario described here.
While we agree on the importance of it being native, I want to highlight that you can use AIP classification buttons to trigger Encrypt Only via a transport rule. So from an end-user perspective, it should be a single click operation with what's available today.
14 votesProposed · 0 comments · Azure Information Protection » Labelling · Flag idea as inappropriate… · Admin →
Please note that this feature is available in AD RMS.
The All Authenticated users feature allows for tracking without protection. Of course, tracking without encryption is not possible since if it’s not encrypted no license is required for accessing the content and thus there can’t be tracking, but the feature currently in preview should meet the same need. I’m renaming the feature request to reflect this reality.
5 votes0 comments · Azure Information Protection » 3rd Party Applications · Flag idea as inappropriate… · Admin →
93 votesWe're working on it! · 8 comments · Azure Information Protection » User Experience · Flag idea as inappropriate… · Admin →
No news on this yet. To be clear, since AIP only puts classification metadata in the email once the email is sent, we can't use the Tooltips functionality to do this since the required conditions won't be met until the email has been sent. Once AIP is implemented natively in Office we plan to revisit this requirement since at that point the functionality will be more practical.
15 votesUnder Review · 9 comments · Azure Information Protection » User Experience · Flag idea as inappropriate… · Admin →
Have you tried ctrl+shift+~ and then tab between the labels?
The recommendation in these cases is to use recommendations instead of automatic protection, and to combine that with the OutlookRecommendationEnabled Custom Configuration.
Of course, with all the caveats related to RunPolicyinBackground which is still in preview due to the significant performance impact it has.
Thanks for your suggestion.
Please note that as of this writing there's no available technology that can block a screen shot from a web browser session on all platforms. Doing so would require the installation of client software, which would defeat the purpose of a web view. This may change with the adoption of HTML5 which may offer such capabilities in the future.
Until such a capability is available broadly in web browsers, we recommend that if you are sharing content with untrusted individuals you do not enable the option to view on web browser.
Thanks for your suggestion. To be clear, AIP viewer does block screenshot capabilities on Android. Apple does not allow third party applications to block screenshots, so there's nothing an individual app can do to correct this. We suggest you contact your Apple representative so they review their policy given its potential impact on document security.
Please note that this is a known bug which is being addressed. It only triggers on mobile browsers, and f you switch the browser to Desktop mode the attachment will render without problems. We will notify this thread once the issue is fixed.
@Mr-Tbobe: can you elaborate on the last part of your comment? There are two types of policies, centrally-defined (where the admin defines the list of employees) and end-user defined (ad-hoc, DNF and Encrypt Only fall in this category). In the former, the admin defines a list of recipients/groups, in the later the user does.
You seem to indicate that you want to have Encrypt-only with a predefined list of recipients, equivalent to having a label with a predefined list of recipients that grants full rights, which is already available since day one.
Can you clarify if this is not what you meant?
Please note that DNF is NOT a template. It is a built-in option in Outlook, which is created as an ad-hoc policy for each individual email. We have added some more flexibility through the Encrypt Only option (currently in preview) which works exactly like DNF but grants more rights. Right now it is only available as a transport action but you can trigger it based on an AIP label (and a good practice is to assign DNF as the policy for that label, and have a Transport Rule switch it to Encrypt Only on the fly, so the message is always protected but recipients get the more flexible rights granted by EO). Please do test Encrypt Only since it may already meet your needs.
3 votes0 comments · Azure Information Protection » Administration and Admin Portals · Flag idea as inappropriate… · Admin →
113 votes15 comments · Azure Information Protection » Applications and File Types · Flag idea as inappropriate… · Admin →
The original feature of enabling labeling capabilities in Mac OS is currently available in public preview.
This suggestion was forked from the original general request to release an AIP client for Mac. Applying protection for non-Office files is currently available using the Mac RMS Sharing app which is not deprecated (unlike the Windows release). Therefor the suggestion is standing in order to release an AIP Client for non-Office files in Mac and currently updated to “Under Review”
Please note, the feature tracked in this Idea is for the AIP Client for Mac OS, which would allow for classification and protection of non-Office documents. For classification and protection of Office documents from within Office, the client is already in private preview, and tracked by this Idea: https://msip.uservoice.com/forums/600097-azure-information-protection/suggestions/19602337-integrate-aip-natively-into-office-for-mac
Keep in mind that tracking doesn't depend on having the document name sent to the service. Having the document sent to the service enables you to browse from the document in the portal and track it from there. But if you have a copy of the protected document in question you can always open the document and then click on the Protect/Track and Revoke button or right-click on the document and use the AIP app to track from there. As long as you have a copy of the protected document you shared, that protected document can be tracked.
Microsoft certainly wants to add tracking of emails, but this functionality has hard dependencies on many other significant changes in other applications. We have already removed some of these constraints (e.g. the move away from the old Exchange Online integration platform into the new OME means emails going through Exchange Online can now show up in AIP logs) but some remain, including Outlook Mobile using an offline model which is not conductive to tracking.
As more of these constraints get addressed, we'll move closer to being able to provide email tracking.
As for Share Protected, is there a scenario in which you think sharing an attachment via a protected email using OME doesn't cover the same needs? Tracking should be working for documents shared this way (just open the attachment in Office and use the Track option). If this doesn't address your needs I would love to hear the challenges you see.
18 votesProposed · 2 comments · Azure Information Protection » Protection · Flag idea as inappropriate… · Admin →
The product design actually goes in a different direction: to allow the same label to be part of multiple scopes. Even if a template can only be associated with one label (which is important as it allows the client to do automatic mapping in the opposite direction (assigning a label automatically for content that has already been protected manually), most scenarios can be addressed by using a single label in multiple scopes. If you actually need to have different labels with identical policies, creating multiple copies of a template (and cloning templates in PowerShell is actually quite easy) should address that need.
35 votesProposed · 1 comment · Azure Information Protection » Labelling · Flag idea as inappropriate… · Admin →
The ability to change labels is restricted to users with Change Rights, Export and Full Control rights on the document. Edit document should not be enough.
Doesn't this already address this requirement?