Microsoft Information Protection (MIP)
-
Allow Office DLP rule exception for encrypted outbound emails
DLP rules do not allow an exception of the predicate "MessageTypeMatches" with the notify sender action. Doing so results in the error:
One of the conditions you specified can't be used for rules where you want to notify the sender. Error details: The NotifySender action isn't compatible with 'MessageTypeMatches' predicate.
I would like to trigger a rule on outbound matches unless the message is encrypted in order to enforce our internal policy compliance.260 votes -
Support OCR in service-side DLP.
At the present time DLP is not able to read OCR documents, namely documents scanned to PDF. This is a GIANT, GAPING hole in terms of security. I have clients who have 100's of thousands of documents that contain sensitive information saved in OneDrive but no DLP policies can be applied to these documents, since DLP is not OCR aware. Please correct ASAP! Thanks!
250 votes -
Enable co-authoring of Protected Documents
Currently, documents that are labelled can be co-authored in Office, but any document that is encrypted can only be opened by one person at a time. This prevents most of the business scenarios folks use today with two three or more folks editing a document at the same time. Instead - it forces businesses to email copies of a document around after setting AIP policies to allow folks to all edit it. A huge blocker for most of our customers.
247 votesWeb based clients co-authoring is now availble in GA.
We are working to support rich clients co-authoring with protected documents in the future. -
Add support for Sensitivity Labels in OneNote Notebook
Enable AIP labelling of OneNote notebooks and protecting of OneNote notebooks, ideally with protection options at the page, section or notebook scopes
218 votes -
Windows Explorer provides a visual identifier for labeled and protected content
Provide in explorer visual indicators that easily shows the classification and protection status of the document, both in the icon views and in the list views showing document properties.
215 votesThis is in work in progress as part of Microsoft Information Protection integrations with Windows.
There is no publicly availble ETA for availability. -
AIP Client for MacOS (for non-Office file formats)
Provide a Mac AIP client that is consistent with the current Windows AIP client, and is able to classify and protect documents from the desktop. For the AIP toolbar in Mac Office, use https://msip.uservoice.com/forums/600097-azure-information-protection/suggestions/19602337-integrate-aip-natively-into-office-for-mac.
178 votesThe original feature of enabling labeling capabilities in Mac OS is currently available in public preview.
This suggestion was forked from the original general request to release an AIP client for Mac. Applying protection for non-Office files is currently available using the Mac RMS Sharing app which is not deprecated (unlike the Windows release). Therefor the suggestion is standing in order to release an AIP Client for non-Office files in Mac and currently updated to “Under Review” -
Integrate MIP autolabeling policies with O365 DLP rules
Surface label policies in the Office 365 DLP engines to allow consistent classification, labeling and protection
173 votes -
Enable the classification, labeling and protection of additional Outlook Items
Add the ability to perform CLP on calendar items and other items like tasks and notes
167 votes -
Allow Autosave on protected documents
Allow AutoSave to work when a document is protected. Currently, it becomes disabled when you protect the document which then causes inconsistent behavior across documents and interferes with coauthoring.
165 votes -
Activity explorer should support cross-platform audit logs for sensitivity labels
Provide a central logging service for all sensitivity labeling logs
161 votesCentral logging of AIP actions is now available in preview.
See https://docs.microsoft.com/en-us/azure/information-protection/reports-aip for additional information. -
Conditional Access policies for highly sensitive information types based on label
Add new policy options to integrate and enforce Conditional Access policies (such as user, device, location etc) when accessing sensitive information depending on the label, including MFA
133 votes -
Create DLP Policy Based on Sensitivity Label
Create a DLP Policy where you can add the Sensitive Label on it because currently, only Sensitive info type and Retention Label can be added
110 votesThis capability is now in Private Preview – sign up at: https://aka.ms/mipc/DLPlabels-preview
-
Enable DLP actions to trigger a workflow
DLP workflow - currently there is effectively no DLP workflow. You can block emails from leaving by implementing a DLP policy, but you cannot create a workflow where items violating DLP are routed to a DLP admin team who review it, and can then take further action (review, release, escalate etc). This is pretty bread and butter stuff, and we have had to abandon using 365 DLP (we are using Mailguard for this instead) because it simply can't do what we and our customers need. DLP is not a simple "yes / no" - we've received hundreds of false positives…
110 votes -
Content markings including watermarks support more attributes including current user name
Expand the visual marking dynamic options to include additional user and device attributes (including from AD, AAD and devices). In particular, add support for the name or email address of the user viewing the document so visible markings can be used to dissuade some vectors for data leakage such as screen pictures.
110 votes -
Ability to add company logo images globally to all user signatures
The ability to add a company logo or image to a signature as an admin globally for all users would be nice. Currently the suggested solution to append a disclaimer isn't ideal as it always posts the image to the very bottom of the email, not the signature. This doesn't work for a back and forth conversation thread since it starts stacking the image at the bottom.
100 votes -
OME One-Time Passcode should support SMS
Office 365 Message Encryption can be leveraged in case of a delegated inbox scenario. If an encrypted message is sent to a person who's inbox is delegated e.g. to a secretary the delegated has the ability to request a one-time passcode to the delegated inbox and so full access on the OME protected message can be gained.
This scenario could be avoided by sending the one-time passcode using SMS because then the delegated has no access to the one-time passcode.
98 votes -
Enable tracking who changes a label or removes protection
It could be great knowing who changes a label to correct this or who violates the internal classification policy.
97 votesReporting of label changes is being built in the Windows Defender ATP client. Preview coming soon.
-
Labeling Admin Audit Log
Right now you cannot search for administrative Event regarding Unified Labeling in Office 365 Admn portal Audit Log Search.
93 votes -
Allow replies from encrypted email with ome v2 to automatically decrypt
Adding encryption ome v2 (encrypt-only) to outbound emails with sensitive data detection is easy enough. However when that email is opened by the recipient and replied to, the email comes in encrypted to the sender, who has to go thru the process to decrypt. There is an option in the EOP rule to "Remove Office 365 Message Encryption and right protection" however fails since the predicate must match "The sender is located?" "Inside the organization". This is no problem with ome v1 but is not working with ome v2. Need to add the capability to decrypt those messages automatically.
89 votes -
Allow mailbox delegates to access protected content on behalf of managers
If a user is a designated delegate of a mailbox of another user, allow them to access content protected to that user
87 votes
- Don't see your idea?