AdminEnrique Saggese (Admin, Microsoft - Azure - Msip)

My feedback

  1. 2 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Azure Information Protection » Labelling  ·  Flag idea as inappropriate…  ·  Admin →
      AdminEnrique Saggese (Admin, Microsoft - Azure - Msip) supported this idea  · 
    • 7 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        Proposed  ·  2 comments  ·  Azure Information Protection » Office 365 and EMS  ·  Flag idea as inappropriate…  ·  Admin →

        While this is a valid request, I want to respond to the comment below that MCAS doesn't support this. MCAS CAN apply AIP classification labels to files in real-time currently, so MCAS can address the scenario described here.

      • 27 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          5 comments  ·  Azure Information Protection » Office Clients  ·  Flag idea as inappropriate…  ·  Admin →

          While we agree on the importance of it being native, I want to highlight that you can use AIP classification buttons to trigger Encrypt Only via a transport rule. So from an end-user perspective, it should be a single click operation with what's available today.

        • 14 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            Proposed  ·  0 comments  ·  Azure Information Protection » Labelling  ·  Flag idea as inappropriate…  ·  Admin →
            AdminEnrique Saggese (Admin, Microsoft - Azure - Msip) supported this idea  · 
          • 7 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              1 comment  ·  Azure Information Protection » Protection  ·  Flag idea as inappropriate…  ·  Admin →

              Please note that this feature is available in AD RMS.

              AdminEnrique Saggese (Admin, Microsoft - Azure - Msip) shared this idea  · 
            • 22 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                8 comments  ·  Azure Information Protection » Doc Tracking  ·  Flag idea as inappropriate…  ·  Admin →

                The All Authenticated users feature allows for tracking without protection. Of course, tracking without encryption is not possible since if it’s not encrypted no license is required for accessing the content and thus there can’t be tracking, but the feature currently in preview should meet the same need. I’m renaming the feature request to reflect this reality.

              • 5 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  AdminEnrique Saggese (Admin, Microsoft - Azure - Msip) shared this idea  · 
                • 93 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    No news on this yet. To be clear, since AIP only puts classification metadata in the email once the email is sent, we can't use the Tooltips functionality to do this since the required conditions won't be met until the email has been sent. Once AIP is implemented natively in Office we plan to revisit this requirement since at that point the functionality will be more practical.

                  • 15 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      Under Review  ·  9 comments  ·  Azure Information Protection » User Experience  ·  Flag idea as inappropriate…  ·  Admin →

                      Have you tried ctrl+shift+~ and then tab between the labels?

                      AdminEnrique Saggese (Admin, Microsoft - Azure - Msip) supported this idea  · 
                    • 1 vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        1 comment  ·  Azure Information Protection » User Experience  ·  Flag idea as inappropriate…  ·  Admin →

                        The recommendation in these cases is to use recommendations instead of automatic protection, and to combine that with the OutlookRecommendationEnabled Custom Configuration.
                        Of course, with all the caveats related to RunPolicyinBackground which is still in preview due to the significant performance impact it has.

                      • 2 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          1 comment  ·  Azure Information Protection » Protection  ·  Flag idea as inappropriate…  ·  Admin →

                          Thanks for your suggestion.
                          Please note that as of this writing there's no available technology that can block a screen shot from a web browser session on all platforms. Doing so would require the installation of client software, which would defeat the purpose of a web view. This may change with the adoption of HTML5 which may offer such capabilities in the future.
                          Until such a capability is available broadly in web browsers, we recommend that if you are sharing content with untrusted individuals you do not enable the option to view on web browser.

                        • 5 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            1 comment  ·  Azure Information Protection » Protection  ·  Flag idea as inappropriate…  ·  Admin →

                            Thanks for your suggestion. To be clear, AIP viewer does block screenshot capabilities on Android. Apple does not allow third party applications to block screenshots, so there's nothing an individual app can do to correct this. We suggest you contact your Apple representative so they review their policy given its potential impact on document security.

                          • 3 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              1 comment  ·  Azure Information Protection » Protection  ·  Flag idea as inappropriate…  ·  Admin →

                              Please note that this is a known bug which is being addressed. It only triggers on mobile browsers, and f you switch the browser to Desktop mode the attachment will render without problems. We will notify this thread once the issue is fixed.

                            • 21 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                3 comments  ·  Azure Information Protection » Protection  ·  Flag idea as inappropriate…  ·  Admin →

                                @Mr-Tbobe: can you elaborate on the last part of your comment? There are two types of policies, centrally-defined (where the admin defines the list of employees) and end-user defined (ad-hoc, DNF and Encrypt Only fall in this category). In the former, the admin defines a list of recipients/groups, in the later the user does.
                                You seem to indicate that you want to have Encrypt-only with a predefined list of recipients, equivalent to having a label with a predefined list of recipients that grants full rights, which is already available since day one.
                                Can you clarify if this is not what you meant?

                                Please note that DNF is NOT a template. It is a built-in option in Outlook, which is created as an ad-hoc policy for each individual email. We have added some more flexibility through the Encrypt Only option (currently in preview) which works exactly like DNF but grants more rights. Right now it is only available as a transport action but you can trigger it based on an AIP label (and a good practice is to assign DNF as the policy for that label, and have a Transport Rule switch it to Encrypt Only on the fly, so the message is always protected but recipients get the more flexible rights granted by EO). Please do test Encrypt Only since it may already meet your needs.

                              • 3 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  AdminEnrique Saggese (Admin, Microsoft - Azure - Msip) shared this idea  · 
                                • 113 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    The original feature of enabling labeling capabilities in Mac OS is currently available in public preview.
                                    This suggestion was forked from the original general request to release an AIP client for Mac. Applying protection for non-Office files is currently available using the Mac RMS Sharing app which is not deprecated (unlike the Windows release). Therefor the suggestion is standing in order to release an AIP Client for non-Office files in Mac and currently updated to “Under Review”

                                    Please note, the feature tracked in this Idea is for the AIP Client for Mac OS, which would allow for classification and protection of non-Office documents. For classification and protection of Office documents from within Office, the client is already in private preview, and tracked by this Idea: https://msip.uservoice.com/forums/600097-azure-information-protection/suggestions/19602337-integrate-aip-natively-into-office-for-mac

                                  • 8 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      4 comments  ·  Azure Information Protection » Doc Tracking  ·  Flag idea as inappropriate…  ·  Admin →

                                      Keep in mind that tracking doesn't depend on having the document name sent to the service. Having the document sent to the service enables you to browse from the document in the portal and track it from there. But if you have a copy of the protected document in question you can always open the document and then click on the Protect/Track and Revoke button or right-click on the document and use the AIP app to track from there. As long as you have a copy of the protected document you shared, that protected document can be tracked.
                                      HTH

                                      Microsoft certainly wants to add tracking of emails, but this functionality has hard dependencies on many other significant changes in other applications. We have already removed some of these constraints (e.g. the move away from the old Exchange Online integration platform into the new OME means emails going through Exchange Online can now show up in AIP logs) but some remain, including Outlook Mobile using an offline model which is not conductive to tracking.
                                      As more of these constraints get addressed, we'll move closer to being able to provide email tracking.
                                      As for Share Protected, is there a scenario in which you think sharing an attachment via a protected email using OME doesn't cover the same needs? Tracking should be working for documents shared this way (just open the attachment in Office and use the Track option). If this doesn't address your needs I would love to hear the challenges you see.

                                    • 18 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        Proposed  ·  2 comments  ·  Azure Information Protection » Protection  ·  Flag idea as inappropriate…  ·  Admin →

                                        The product design actually goes in a different direction: to allow the same label to be part of multiple scopes. Even if a template can only be associated with one label (which is important as it allows the client to do automatic mapping in the opposite direction (assigning a label automatically for content that has already been protected manually), most scenarios can be addressed by using a single label in multiple scopes. If you actually need to have different labels with identical policies, creating multiple copies of a template (and cloning templates in PowerShell is actually quite easy) should address that need.

                                      • 35 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          Proposed  ·  1 comment  ·  Azure Information Protection » Labelling  ·  Flag idea as inappropriate…  ·  Admin →

                                          The ability to change labels is restricted to users with Change Rights, Export and Full Control rights on the document. Edit document should not be enough.
                                          Doesn't this already address this requirement?

                                        • 11 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            1 comment  ·  Azure Information Protection » Office Clients  ·  Flag idea as inappropriate…  ·  Admin →
                                            AdminEnrique Saggese (Admin, Microsoft - Azure - Msip) supported this idea  · 
                                          ← Previous 1

                                          Feedback and Knowledge Base