Some updates of the previous blogposts

Trying to keep up with cloud solutions is not at all like back in the day when we got a new server version every few years. Updates are happening all the time, and some of the things I wrote earlier has now been changed so much that I will say something about the updates here. 

In my post "Labels, templates and Policies explained", I tried to describe the parts of AIP that people have asked me about the most. Some of the things explained there are now obsolete, and should be disregarded.

First, when it comes to the protection part of AIP, which quite frankly might be the part most people ask me about, there has been some changed and in the nearest future there will be quite a bit more.

We can no longer choose to apply a predefined template. We can select one of the two:
1. Set permissions: We manually specify the permissions, content expiration and more. We assign permissions to mail enabled Azure AD objects. There are no possibilities to assign anything to a local AD user for instance.
2. Set user defined permissions: Here we can select to use the “Do Not Forward” policy that gives the recipient a “read only” version of the content. We can also allow the users to manually specify custom permissions in Office files and file explorer.  
The protection settings

With Templates here, we mean the protection templates. They include the protection settings and user access etc. If the protection template is in use in a label, it will not be visible in the list under Protection templates. If we delete a label that has had protection, the protection policy will not be deleted, but be listed there.

List of Protection templates that is not in use at the moment.

Edit: To most of you who are working with cloud solutions it will be more and more obvious that things we know are correct today, might not be tomorrow. AIP is a product in constant change, and now that Microsoft are moving from the classic AIP labels to Office 365 sensitivity labels, things will change even more. I will try to post new content when I can, and hopefully you will be able to find things on my blog that will help you protect your information. Sensitivity labels in Office 365 are seen as a modernization of the classic AIP labeling that we configured in the Azure portal, and provides much of the same functionality plus some more.

To create and publish sensitivity labels you go to and to the Classification pane. Decription from Microsoft: Sensitivity labels are used to classify email messages, documents, sites, and more. When a label is applied (automatically or by the user), the content or site is protected based on the settings you choose. For example, you can create labels that encrypt files, add content marking, and control user access to specific sites.


Popular posts from this blog

Do not Forward and the protection of attachments

Using Do not Forward or Encrypt Only as the results of a Sensitivity Label