Good news for Azure admins. Announced last week, Microsoft has made some updates to Azure Information Protection (AIP) that are now available to the general public. Now available are scoped policies, an Azure Rights Management (Azure RMS) sharing app that is built into the Azure Information Protection client, an updated viewer for protected files, right click labeling for non-Office files, and bulk classification and labeling for data using PowerShell.
Not sure what Azure Information Protection is? Here’s a look:
[tg_youtube video_id=”N9Ip0m6d3G0″]
Let’s take a look at each of these new features in detail.
Scoped policies
With scoped policies, customers can build sets of labels that are visible and usable to specific teams or groups of employees. Previously, a global set of policies was made available to all users. Scoped policies adds another layer on top of this, giving members within these predefined teams their own policy rules, which include customization (labels, sub-labels, mandatory labeling, default labels, and justifications). Scoped Policies are based on Azure Active Directory users and groups and is consistent with Azure RMS template scoping.
Scopes are optional; if unused, the global set of policies prevails. They can be established and configured by administrators.
Unification
A single unified client is another new offering, which consolidates Adobe Rights Management and the new AIP client. The new client supports the following:
- Custom permissions for files (single files, multiple files, folders) through Explorer shell extensions (by right clicking on an item and selecting “Classify and Protect”)
- Selecting contacts from their Global Address Book (using Outlook)
- Sharing protected files via mail, SharePoint, and cloud sharing apps using the lightweight Azure Information Protection viewer
- Set Track and Revoke Options for protected documents
- Eventual support for custom permissions for Office permissions via the Office Interface
The current RMS sharing app will exist until the end of January in 2018.
Bulk classification
RMS PowerShell commands now support Label and Protection actions based on AIP policies. PowerShell cmdlets are now available to the general public which can query for a files Label and Protection attributes and set a Label and/or Protection for documents stored locally or on file servers and network shares that are accessible through SMB or CIFS shares.
Collaboration
Listening to its users, Microsoft has decided to allow sharing of protected documents to organizational groups (e.g. [email protected]) and any specific user within the organization ([email protected]).
With group collaboration, two organizations can collaborate together without having to know the members of the group; as long as they are members of the group at large, permissions are inherited by them. To do this, the group must be in Azure AD but is also supported within Office 365 as well.
With company collaboration, content will be protected to all users within the organization. Below, a Label was added for the Contoso-Fabrikam team.
Group collaboration requires no additional configuration and users can protect and share to AAD groups. Administrators have to enable company-level collaboration using an updated Azure RMS PowerShell Module which looks like the below:
$names = @{}
$names[1033] = “Contoso-Fabrikam Confidential”
$descriptions = @{}
$descriptions[1033] = “This content is confidential for all employees in Contoso and Fabrikam organization”
$r1 = New-AadrmRightsDefinition -DomainName contoso.com -Rights “VIEW”,”EXPORT”
$r2 = New-AadrmRightsDefinition -DomainName fabrikam.com -Rights “VIEW”, “EXPORT”
Add-AadrmTemplate -Names $names -Descriptions $Descriptions -LicenseValidityDuration 5 -RightsDefinitions $r1, $r2 -Status Published
Additional cmdlet documentation is available.
Photo Credit: Shutterstock, Microsoft
