Another interesting behavior I came across when adding conditions and the way labels are applied.
My Confidential AIP labels are configured as shown below.
I configured the parent label (Confidential) to automatically classify documents.
I entered the text below to trigger one of the conditions. I noticed that the document was labeled as ‘Confidential \ Restricted’ which is the last child label listed in my AIP portal. Well, this was, obviously, not what I expected.
To further test if it will always default to the last child label, I reordered the child labels. I moved the ‘Restricted’ child label up and now ‘Anyone (not protected)’ is listed as the last child label.
Just as I expected, the new document was labeled as ‘Confidential \ Anyone (not protected)’ automatically.
In this experience, I learned that I need to configure the conditions at the specific child label level to get the anticipated results.
Thanks for reading!
I had the opportunity to install the latest release of the new Azure Information Protection client PREVIEW 126.96.36.199, which can be downloaded here.
One of new features included with this client release is the ability to apply different visual markings for Word, Excel, PowerPoint, and Outlook. I’m not sure how business users will take advantage of this, but I had to try it out.
In my Azure Portal, I configured my Confidential \ All Employees label to apply specific watermark to Word and PowerPoint, and a different watermark to Excel. Keep in mind that watermarks are not supported in Outlook.
When a document is classified as Confidential \ All Employees, the watermark is displayed as:
Word: This content is Confidential
PowerPoint: This content is Confidential
Thanks for reading!
Great news for organizations that have concerns about granting Global Admin or Security Admin rights to users who need to manage Azure Information Protection policy.
The Azure Active Directory team have added a new role named Information Protection Administrator. Members of this role can manage Azure Information Protection labels and policies using Azure portal, and use RMS PowerShell
Note that the role is currently in public preview.