locked
Azure Information Protection - Protection Option RRS feed

  • Question

  • Hello All,

    We're testing out Azure Information Protection for all users in our domain. However, during testing, I've realized that the Protection option in Azure (Cloud Key), I can only grant permissions either to all users in the domain or certain chosen email addresses. We are currently working with around 50-70 other companies that probably use different email domains. Is there a way to include them all or is there a more efficient way to do this?

    Just in case, this is the section I'm talking about:

    

    Thursday, April 19, 2018 1:01 PM

Answers

  • Thank you Carol,

    Apparently I found out how to workaround the issue. So I just want to put it out here for anyone who may have the same issue.

    Select Set user defined permission (Preview):

    Then check the In outlook apply Do Not Forward.

    This way the email is still encrypted, only the intended recipient can see it with preview right.

    No domain needs specifying for this option.


    Benedict Wolf

    EDIT: Known limitation: This only grant recipients Preview access. There's no way to change it at the time. Azure really needs to work on these features.
    • Marked as answer by Benedict Wolf Monday, April 23, 2018 2:03 PM
    • Edited by Benedict Wolf Monday, April 23, 2018 3:03 PM Known Issues
    Monday, April 23, 2018 2:03 PM

All replies

  • Currently, the most efficient way to do this is to specify a domain name for these companies (no need to specify all the individual user email addresses) but I realize that's not very practical using the Azure portal. PowerShell would be more efficient.

    Take a look at example 2 from https://docs.microsoft.com/en-us/powershell/module/aadrm/new-aadrmrightsdefinition?view=azureipps#examples and see if that helps.

    Saturday, April 21, 2018 4:39 PM
  • Thank you Carol,

    Apparently I found out how to workaround the issue. So I just want to put it out here for anyone who may have the same issue.

    Select Set user defined permission (Preview):

    Then check the In outlook apply Do Not Forward.

    This way the email is still encrypted, only the intended recipient can see it with preview right.

    No domain needs specifying for this option.


    Benedict Wolf

    EDIT: Known limitation: This only grant recipients Preview access. There's no way to change it at the time. Azure really needs to work on these features.
    • Marked as answer by Benedict Wolf Monday, April 23, 2018 2:03 PM
    • Edited by Benedict Wolf Monday, April 23, 2018 3:03 PM Known Issues
    Monday, April 23, 2018 2:03 PM
  • What this option does is classify the email, and applies the same protection as Do Not Forward. The "Preview" reference in the Azure portal refers to the feature being in a preview status (ie not GA).  The actual rights granted to the email and Office document are as documented here: https://docs.microsoft.com/en-us/azure/information-protection/deploy-use/configure-usage-rights#do-not-forward-option-for-emails

    You'll also find more information about this label configuration in the first example from this section: https://docs.microsoft.com/en-us/azure/information-protection/deploy-use/configure-policy-protection#example-configurations

    Sunday, April 29, 2018 8:15 PM