Microsoft provide notice to end users that has Azure Information Protection enabled and Policy has set to them. It does not matter either you are on Azure Information Protection Classic or Unified labeling.
When you first launch your office application or relaunch it you will get this notice.
I am glad to got accepted again for this aOSKL event, but there is a challenge to this, that is it is a workshop, 2 hours of workshop. Am I going to just read through slides? (That will be so boring….duhhh) What will my workshop consist? Well, are you interested to know? Come register and join my workshop! Seats are limited, first come first served.
“Sabrina Kay always hunger for challenges!”
Here is the link aOSKL 2019, to help you to find out more what this events has 🙂
When unified labeling was announce that it is no longer in Preview mode, and here it comes the new application called, AzInfoProtection_UL, you could find the link to download this application at the references below of this post. There is the Preview application called, AzInfoProtection_UL_Preview.
Before unified labeling, the only application has for Azure Information Protection is AzInfoProtection (Classic client). So what so different about them? Before we jump into getting to know what are the differences, let’s understand the definition or meaning.
Azure Information Protection is a new enhancement of rights management and it is manage from Azure portal. If you need scanner and HYOK (your own key) then you install AzInfoProtection.exe (User Profile based installer) or AzInfoProtection_MSI_for_central_deployment (System installer) client application.
Azure Information Protection with Unified Labeling was just announce somewhere the month of June or July 2019. Unified Labeling means that your labels can be manage either from the Azure portal or from Office 365 Security and Compliance portal. This feature is enabled by default. You can migrate your labels from Azure to Office 365 Security and Compliance. Unified Labeling supports for more Office 365 products, such as Microsoft Teams. If you do not need HYOK protection (your own key) or the scanner, then you install AzInfoProtection_UL.exe (User Profile) or AzInfoProtection_UL_MSI_for_central_deployment (System installer) client application.
If you would like to deep-dive the comparison of these 2 application here is a helpful link.
Good day everyone! Keep staying positive even the day is bad. As a community member for Azure Community Singapore since the month of July or August 2019, this community is not just answering questions, this community has a monthly speaking meetup and yea I joined, I was “like yea, I would like to join and share about Information Protection”. However, the downside is that I can’t travel to Singapore every month just for this speaking meetup. Discuss and Discuss and they reach an end result, “let’s try doing it as YouTube Live!”.
The community set up 2 sessions, Azure Information Protection by Sabrina Kay and Azure Sphere by Snake Chia.
We went through twice of the rehearsal after working hours, the first rehearsal was to test out how we can do YouTube live with multiple users, we faced challenges like internet congestion and delay, try out implement QoS on the machine, hopes to improve connectivity and communication. On the last rehearsal, we did a dry run and getting the timeline and order of switching speaker, making sure everything fines. Thanks for pulling this rehearsal together.
Today I decided to say goodbye to a PowerShell command module, its name is Azure Rights Management, for short AADRM. Why? If you remember or read my old blog post about Rights Management in Azure then you know why I am saying Goodbye to it. Remember the old Azure Portal? https://manage.windowsazure.com
Before saying Goodbye, I was glad to experience this generation of Azure Rights Management, in 2017 and seeing the improvement and growth of it makes me happy. Now I am moving forward to the AIP Service module, where the new Rights Management named “Azure Information Protection”. AADRM End-of-life is on July 2020. During my first experience with AADRM, it was quite complicated to understand and manage it, because of its commands different from what I usually do.
Alright to install AIP Service module, what you should do first? When you already have AADRM installed, you have to uninstall it via PowerShell Run as Administrator. If you try to install the AIP Service module before uninstalling AADRM, it will give you an error saying “You already have the following commands ‘Get-AADRM and etc…’“.
This new AIP Service Module contains the new commands which are the AIP Service commands, don’t worry this new module still has the AADRM commands.
If you happen to have MFA enabled, AADRM module and the new AIP service module does support.
This post has been in my draft, just got too much to handle this few months and I am terribly embarrassed about holding this post in draft. *Gomeinasai*
Last few weeks, I notice that there is a new Azure Information Protection version of the client, it was released on 14th July 2019, stating that it comes with unified labeling. I was a slight surprise “Is it true? that unified labeling is no longer in preview mode?”.
Before it was announced that it is no longer in preview mode, I had to do the manual integration and it will cause the Security and Compliance’s Data Leak Protection Policy to crash via GUI. I had to use force command to remove the Data Leak Protection policy, via PowerShell.
Manual integration involving SharePoint settings, Security and Compliance, and Azure Information Protection. However, this may win theoretically but technically is not working that well for me though. Well, it was a tough experience but good to go through it.
I tried many ways to get it working but it will crash. “Updating…” status will just stay there for more than 48 hours! *faint*
Anyway, is good to know that Unified labeling is no longer in preview mode. You can manage your labeling in Security and Compliance too by migrating the Azure Information Protection Labeling (AIP). Just to make sure no duplicates labeling in Security and Compliance before migrating.
If your Windows client is a joined to the domain and has limited privilege, to download software or applications. Thus, requirements a local administrator or an administrator account to proceed with these changes.
I am having an Office ProPlus application, using Windows 10 Pro. Azure Information Protection stands for AIP. I will use AIP term throughout this post. Making sure AIP is enabled at the Global administrator side.
If you are wondering “Hey, I do not want my users to be having the privileged to uninstall AIP application from their devices”, well I will explain more on the next post 🙂 !
You can talk to your license vendor about purchasing cloud app security.
Make sure you have Azure Information Protection and FIle policy enabled to proceed with this task
Make sure you have App connector ready too
Once you got your file policy enabled and ready then you must perform some settings to allow cloud app security to scan for protected files.
So lets enabled the scan for protected attachments;
Go to cloud app security portal
Select settings icon on the top right then select settings
3. At the sidebar, you will notice under the category of “Information Protection”, Select “Azure Information Protection”
4. Here you will see 2 selection, on how you want cloud app security to scan your AIP files
You could have either one selected or both
The first one is meant for only scan NEW AIP files
The second one is meant for only scan AIP files that are not set by external tenant
5. Once this is enabled, then cloud app security will take less than 5 minutes to scan AIP attachments
6. Currently, I have an attachment with AIP applied, and cloud app security able to detect it. Below is an example, this is the only summary of the investigation of the file.
7. To dig a deeper view of this file’s investigation and etc., you can select the icon at the side of the file.
8. Then it will expand with a list of options for you to choose to dig deeper
I would say it is indeed fascinating to see such a wonderful view of the deeper results of a file. FYI, I didn’t set up any File Policy so that Cloud App Security can detect AIP attachment. These are all purely from Cloud App Security Settings.