Azure Information Protection and Rights Management are now in one portal
Azure Information Protection and Azure Rights Management can now be configured from one central portal. Dan Plastina announced that this is in preview right now. This means that from now on we can configure Azure Information Protection and Azure Rights Managements settings through the same portal on https://portal.azure.com. Not everything can be configured jet in the new preview but before the end of July, this year, all configuration can be made at the new location. This is very cool from an administrative perspective.
But what are the possibilities now?
- It is now possible to have a unified admin experience for Azure Information Protection through https://portal.azure.com;
- One place where all configuration for labels and all other settings including Rights Management can be done;
- No need to create RMS templates first;
- No need to be a Global Admin;
- UI Based configuration options to protect content to:
- anyone within your company (e.g. @contoso.com)
- anyone at another company (e.g. @fabrikam.com)
- a group of people at another company (e.g. firstname.lastname@example.org
First we will look into the administrative perspective of this new possibilities. Go to the Azure Information Protection blade on https://portal.azure.com. When opening or creating a label we can enable protection in the section “Set permissions for documents and emails containing this label”. Select protect and the Azure RMS settings will open. In this section it was only possible to assign a previously created RMS template but from now it is possible to select “Custom (preview)” to set security/encryption settings directly on this label.
When selecting “Custom (preview)” the settings blade opens. Three options are available:
- Set user permissions (internal or external)
- Content expiration
- Offline Access
To add user permissions select “Add permissions” and a new blade with settings will open.
First we can add user permissions from the internal organization. We can add All members from the internal organization or select Users or Groups. NOTE: The groups must be mail-enabled!.
When selected the correct groups or users you can set the permissions. This can be done with the pre-defined templates or it can be set custom.
It is also possible to add external users or domains to labels. To do this select the tab “Custom / External” and add a domain or users email-address.
For the permissions these are the same as for internal users.
When setting up the users and the permissions it will returning to the main settings blade. We setup the next two settings for Content Expiration and Offline Access.
Content Expiration can be set “Never”, “By Days” or “By Date” and Offline Access can be set “Always”, “Never” or “By Days”.
After saving this all it is necessary to “Publish” the labels to the users so they can use this.
After the administrative perspective it is now time to see the user perspective.
When the use is opening, for example, a Word document and select the new Azure Information Protection Label not only a watermark is applied but also the custom Azure RMS template.
When the label is applied we see that there are permissions active. These permissions are the permissions defined in the Template / Label.
For users who wants to add extra permissions they can select the Icon for Azure IP in the Ribbon. When selecting this Icon the option for “Custom Permissions” appear. When selecting this one you have the ability to add custom permissions to a document
Custom permissions to a document can be given based on a domain name, groups (Mail enabled) or users. The option for access expiration can be set.
The merge of Azure RMS and Azure Information Protection to one portal is very exiting news. This means that administrators don’t have to use two different portals and switching between the portals is not necessary anymore. This saves time and causes fewer errors during configuration. The Azure Information Protection team did a great job to makes this possible.
Till next time!!