Protection with user-defined permissions should allow additional settings. e.g setting Allow Offline Access which is not set by Office
When setting Protection policy with Set User Defined Permissions, the Admin should be able to include settings like Allow Offline Access within the Protection policy. This would then act the same as a protection policy with no users defined except for the Allow Offline Access setting, and the Office user selecting users and permissions.
"Allow offline access" on a label where "let users assign" is set.
When I create a label where I choose to "Let users assign permission..." I'm unable to do so and the Label follows the Tenant-wide settings.
In my case we need to send Confidential and Higly Confidential PDFs to an external party and need to force the offline time to 0. Current workaround is to set the Tenant to 0 with the help of Powershell and the Set-AipServiceMaxUseLicenseValidityTime cmdlet.
Even if I use the Azure Information Protection "Classify and protect" Tool it does not allow to set an offline access.
I made a mockup to make it clear what I'm talking about. If you are interested in them let me know and I will send them to you.