Azure Conditional Access policies can be used with Azure Information Protection (AIP) to secure protected documents against unauthorized access. If you have already decided to use AIP as part of your Office 365 data protection strategy, adding a conditional access policy is a quick way to frustrate people who try to access documents when they shouldn't.
Last Update: Jun 15, 2022
Controlling Access to Sensitive Content A recent Microsoft Technical Community article covers how to use Azure AD Privileged Identity Management to control access to the super-user permission for Azure Information Protection. An account holding super-user permission can access any content protected (encrypted) by an Azure Information Protection or Office 365 sensitivity label. I don’t intend…
The September update of the Office ProPlus monthly channel delivers support for Office 365 sensitivity labels without the need to install the Azure Information Protection client. This is a step forward to make it easier for Office 365 users to be able to protect their most confidential information with encryption. More work remains to be done to upgrade the Office Online apps (including OWA), Outlook Mobile, and SharePoint and OneDrive. Will all this happen before Ignite?
The Azure Information Protection team recently published an interesting post about making a “cloud exit.” In other words, how to move your encrypted data out of a cloud service like Office 365. As it turns out, this is feasible if you plan. But how many organizations have even thought about how they might decrypt protected content?
Microsoft says that the Office desktop Windows apps will have native support for Office 365 sensitivity labels in the second half of 2019. Native support means that users won’t need to install the Azure Information Protection (AIP) client to apply labels. However, if they want to continue using the AIP client (because it is more functional), they need to deploy a system registry update.
The signs are that Office 365 will store more encrypted content as time goes by. But ISV products might not be able to process that content because they cannot decrypt it. All of which creates the prospect that you might archive or move data somewhere only to discover later that it is inaccessible. And that’s a bad thing.
Office 365 allows users to apply retention labels to SharePoint and OneDrive documents and to Exchange messages. But after you’ve done the work to create a nice set of retention labels as part of your data governance framework, it’s good to know that people are using the labels. Here’s how to find out.
Sensitivity labels allow Office 365 tenants to encrypt messages and documents very easily. That is, as long as you have applications that understand labels. A preview version of the AIP client integrates a Sensitivity button in the Office desktop applications, but we must wait for native integration across desktop, web, and mobile clients.
The new sensitivity labels available in Office 365 bring marking and protection functionality for Exchange and SharePoint that was previously only available with Azure Information Protection. In this article, we consider how to migrate AIP labels to Office 365 so that users can encrypt their way to happiness.
Office 365 content searches can find all sorts of information, but they cannot decrypt protected files in SharePoint and OneDrive for Business sites. This prompts the question of how to deal with protected files exported by a search. As it turns out, the combination of a rights management superuser and some PowerShell makes short work of unprotecting files so that they can be read by all.