Azure Information Protection Automatic Classification

Another interesting behavior I came across when adding conditions and the way labels are applied.

My Confidential AIP labels are configured as shown below.

LabelOrder

I configured the parent label (Confidential) to automatically classify documents.

LabelConditions

I entered the text below to trigger one of the conditions. I noticed that the document was labeled as ‘Confidential \ Restricted’ which is the last child label listed in my AIP portal. Well, this was, obviously, not what I expected.

ConditionChild

To further test if it will always default to the last child label, I reordered the child labels. I moved the ‘Restricted’ child label up and now ‘Anyone (not protected)’ is listed as the last child label.

LabelOrderAfter

Just as I expected, the new document was labeled as ‘Confidential \ Anyone (not protected)’ automatically.

ConditionLastChild

In this experience, I learned that I need to configure the conditions at the specific child label level to get the anticipated results.

Thanks for reading!

 

Advertisements

Azure Information Protection Client Preview 1.21.203.0 – Visual Marking Variables

I had the opportunity to install the latest release of the new Azure Information Protection client PREVIEW 1.21.203.0, which can be downloaded here.

One of new features included with this client release is the ability to apply different visual markings for Word, Excel, PowerPoint, and Outlook. I’m not sure how business users will take advantage of this, but I had to try it out.

In my Azure Portal, I configured my Confidential \ All Employees label to apply specific watermark to Word and PowerPoint, and a different watermark to Excel. Keep in mind that watermarks are not supported in Outlook.

AIPPreviewVisualMarkings

When a document is classified as Confidential \ All Employees, the watermark is displayed as:

Word: This content is Confidential

AIPPreviewWord

PowerPoint: This content is Confidential

AIPPreviewPowerPoint

Excel: Confidential

AIPPreviewExcel

Thanks for reading!

Azure Information Protection Administrator Role

Great news for organizations that have concerns about granting Global Admin or Security Admin rights to users who need to manage Azure Information Protection policy.

The Azure Active Directory team have added a new role named Information Protection Administrator.  Members of this role can manage Azure Information Protection labels and policies using Azure portal, and use RMS PowerShell

Note that the role is currently in public preview.

AIPAdministrator

Great news!!