Feedback by UserVoice

Microsoft Information Protection (MIP)

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. About Auto protection behavior of RunPolicyInBackground on Outlook

    If run "RunPolicyInBackground" on Word, Excel, PowerPoint, we can confirm the added label before save it.
    But, We can not notice until the sending E-Mail on Outlook.
    We would like to confirm the added label before sending E-mail on Outlook.

    https://docs.microsoft.com/en-us/azure/information-protection/rms-client/client-admin-guide-customizations#turn-on-classification-to-run-continuously-in-the-background

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Information Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Multi-message labeling in outlook

    Allow user to select multiple messages in a folder/view and apply a classification label. Currently we have to open each message individually to apply the classification.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

  3. Expanding policy-settings for unknown malware

    Issue: Very huge amount of false-negative detections as "unknown malware" on pdf and xls files (without macros!).

    Suggestion from MSFT: Creating a policy for the reaction to attachements that are considered as unknown malware.

    Only option there is, is to set a RECiPIENT out of our domain as "trusted" which means this recipient can receive ALL mails with unknown malware no matter where they are from - truly not what we want, that logic really bothers me.

    What we need is to set a SENDER as trusted.
    That might fal under "we need a whitelist", but I am only talking…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Data Loss Prevention (DLP)  ·  Flag idea as inappropriate…  ·  Admin →
  4. Markings not updated when Outlook reclassifies a document when selecting other classification for mail

    When you have a document with classification A - drag it into a mail and set classification to B - the markings of the document are not updated.

    Please fix

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Information Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Make AIP aware of multiple office accounts

    Currently a user with several Microsoft/Office accounts with AIP will have the default profile applied to all accounts across all Office 365 accounts/tenants. Personally I get all my private emails sent through my private Exchange Online account labelled with my employers AIP Classification labels. I don't want this.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Information Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Ability to enforce a "super user" as co-owner for personal tags.

    We are looking for a way that when a user define personal/custom permissions in AIP client (Classify & Protect) we can enforce some requirements. In particular, that we can always a specific "technical" use who would have full permission on the document in addition of any custom permission the end-user will put on his document. The intend is to avoid needing to use the "Azure Super User" to recover the document and only use this "technical user" account.

    Another approach could be to have a way to delegate the "Super User" right. For exemple, is there a way to delegate…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Information Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Option to generate reports for Azure RMS protectors, currently none available

    Currently we are not able to generate report for Azure RMS protectors and the current usage reports. We don't have proper logging available and could not get the report using Powershell as well. Need to know how many outlook users are protecting and consuming the ARMS services. This is for License assignment and currently using onboarding control policy and need to shift to license model.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Information Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Hide View Permission toolbar when I change to a classification without protection

    When I change from a label that includes protection to one that does not, the information bar with the label description and View Permission... button is retained, even after saving. Clicking the View Permission... does nothing (because the document is no longer protected). This behaviour is confusing for our users.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Information Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Increase document footer character limit

    Per TSA guidelines all documents classified as SSI must contain the following footer

    WARNING: This record contains Sensitive Security Information that is controlled under 49 CFR parts 15 and 1520. No part of this record may be disclosed to persons without a “need to know,” as defined in 49 CFR parts 15 and 1520, except with the written permission of the Administrator of the Transportation Security Administration or the Secretary of Transportation. Unauthorized release may result in civil penalty or other action. For U.S. government agencies, public disclosure is governed by 5 USC 552 and 49 CFR parts 15 and…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

  10. Separate the labeling permission from the Save As, Export right

    We need to allow Save As permissions on files without allowing the ability to change the label. This is a security requirement because many users open existing files, Save As a new file for a new project, but shouldn't be able to change the label, which protects the file with the label policy.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

  11. When viewing tracking details include a field for data classification assigned to the content when it is opened

    During investigations it would be useful to understand if a document was classified for public use, internal use, etc.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Information Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. MDE should work with ADFS 4 on Windows Server 2016

    ADFS 4 brings some changes to the protocol that makes it incompatible with the current version of MDE. The ask is to make changes to MDE to interop well with ADFS 4.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Information Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Configure matching conditions via PowerShell

    Add a powershell cmdlet to add matching conditions. My Customer needs to add matching conditions regularly and numerously

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. AIP Scanner should support any document repository using CMIS

    Most document repositories support a common protocol called CMIS. This would allow customers to use the AIP Scanner generically against CMIS-supported document repositories for classification and labeling.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Information Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Enable Governance actions for Anomaly policies in Cloud app Security

    Currently you can only take governance actions (such as suspend user automatically) for Activity policies in Cloud app security. This should also be done for Anomaly policies. For instance, the Anomaly policy impossible travel. If an alert for this gets generated I would like the user to be suspended automatically in order to better ensure that their account did not get compromised.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Information Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. AIP Scanner working with multple accounts

    So in the past few days we discovered that having the scanner in a different domain than production is going to present some challenges. If you use a scoped policy the ID is going to be an DOMAIN1 ID but how do you scan items in other domains? In theory you can export policies and run a scanner in a different domain using a static policy but when we get to the RMS stage how does that work without a connection to Azure to store the keys?

    A first thought on how they could address this. Change it so the…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Information Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Support tracking of emails

    Include tracking of documents in Outlook 2016 same as it happens with RMS Sharing applications

    Until now AIP provides tracking only to other applications such as Word, Excel etc but not in Outlook 2016 desktop

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. Serverless execution of Protect-RMSFile/Unprotect-RMSFile

    If exposed as a service in Azure, this could allow for more modern application/deployment frameworks. Authentication to the service should be possible using a certificate. Should allow for both RMS-template based protection as well as AdHoc

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Information Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Limit protection to exclude specific domains on Azure AD tenants

    Currently in AIP, When you add one "domain" to your template/protection settings you are essentially adding the "AllStaff' object for that tenant. This object is effectively "authenticated users" for the whole target tenant which means it includes all verified domains within this tenant.

    I would like to see an option to narrow the scope of the users in another tenant without the need to create a specific group with those users that tenant, because in some scenarios, you don't to allow all verified domains to be readable.
    Or alternatively, making sure while adding domain, it's only applying for that domain…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Information Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Visual identification of encrypted email recipients

    When performing "Check Name", the server should also test the connection to each recipients' email server and somehow identify which recipients are encrypted and which are not. I'm imaging something similar to the browser address bar for SSL certificates which show a lock (or green if paid for) or red if it's untrusted.

    Example: When sending an email message, I would like some sort of visual feedback prior to sending the message that the message will indeed be sent via TLS or other encryption method.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Rights Management  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base