├── .acrolinx-config.edn ├── .gitattributes ├── .gitignore ├── .openpublishing.publish.config.json ├── .openpublishing.redirection.json ├── Azure-RMSDocs ├── about-aip-client.md ├── activate-service.md ├── active-directory-rights-manage-mobile-device.md ├── administer-powershell.md ├── aka.md ├── api-support.md ├── applications-support.md ├── audit-logs.md ├── bread │ └── toc.yml ├── byok-price-restrictions.md ├── compare-on-premise.md ├── compliance.md ├── configure-applications.md ├── configure-office-apps.md ├── configure-office365.md ├── configure-policy-migrate-labels.md ├── configure-servers-rms-connector.md ├── configure-super-users.md ├── configure-usage-rights.md ├── context │ └── context.yml ├── customizations.md ├── decommission-deactivate.md ├── deploy-rms-connector.md ├── develop │ └── deprecation-notice.md ├── docfx.json ├── faqs-infoprotect.md ├── faqs-rms.md ├── faqs.md ├── file-server-support.md ├── get-started-tenant-root-keys.md ├── how-does-it-work.md ├── how-to-guides.md ├── includes │ ├── classic-client-sunset-extended-support.md │ ├── classic-client-sunset.md │ ├── gdpr-hybrid-note.md │ ├── gdpr-intro-sentence.md │ └── looking-for-mip.md ├── index.yml ├── install-configure-rms-connector.md ├── install-powershell.md ├── known-issues.md ├── log-analyze-usage.md ├── manage-personal-data.md ├── media │ ├── ADRMS_MSRMSApp_AccessKeys.png │ ├── ADRMS_MSRMSApp_EmailMessage.PNG │ ├── ADRMS_MSRMSApp_ExplorerTrackUsage.png │ ├── ADRMS_MSRMSApp_OfficeToolbarTrackUsage.png │ ├── ADRMS_MSRMSApp_OutlookMessageTrackUsage.png │ ├── ADRMS_MSRMSApp_OutlookTrackUsage.png │ ├── ADRMS_MSRMSApp_Pfile.png │ ├── ADRMS_MSRMSApp_PfilePermission.png │ ├── ADRMS_MSRMSApp_RemoveProtection.png │ ├── ADRMS_MSRMSApp_RestrictedAccess.png │ ├── ADRMS_MSRMSApp_SP_CompanyDefined.png │ ├── ADRMS_MSRMSApp_SP_OfficeToolbar.png │ ├── ADRMS_MSRMSApp_SP_OutlookToolbar.png │ ├── ADRMS_MSRMSApp_ShareProtectedMenu.png │ ├── AzRMS.png │ ├── AzRMS_SecretColaFormula_final.png │ ├── AzRMS_SharePointConnector.png │ ├── AzRMS_documentconsumption1.png │ ├── AzRMS_documentconsumption2.png │ ├── AzRMS_documentconsumption3.png │ ├── AzRMS_documentprotection1.png │ ├── AzRMS_documentprotection2.png │ ├── AzRMS_documentprotection3.png │ ├── AzRMS_elements.png │ ├── AzRMS_useractivation2.png │ ├── Pfile.PNG │ ├── RMS_Logging.PNG │ ├── RMS_connector.png │ ├── add-new-cluster-sample.PNG │ ├── admin-approval-for-mip-in-adobe-reader.png │ ├── aip-icon.png │ ├── android-icon.png │ ├── api-permissions-app.png │ ├── aws-name-role-aip.png │ ├── backsdk4.css │ ├── classify-protect-dialog.png │ ├── client-about.png │ ├── client-viewer-stretched-images.PNG │ ├── configure-blockymessage.png │ ├── configure-exemptdomain.png │ ├── content-rescan-update.png │ ├── cross-tenant-consent.png │ ├── develop │ │ ├── android-icon.png │ │ └── ios-icon.png │ ├── download.png │ ├── edge_open_browser.png │ ├── example-email-footerv2.png │ ├── excel2016-infoprotect-barv2.png │ ├── excelproplus-infoprotect-bar.png │ ├── export-scanner-repositories.png │ ├── fiddler-tls-inspection.png │ ├── fiddler-tls-secure-connection.png │ ├── gifs │ │ └── quickstart-add-aip-to-portal.gif │ ├── half-support-icon.png │ ├── i-add.PNG │ ├── i-clusters.PNG │ ├── i-columns.png │ ├── i-content-scan-jobs.PNG │ ├── i-copy-policies.PNG │ ├── i-log-analytics.PNG │ ├── i-network-scan-jobs.PNG │ ├── i-publish.PNG │ ├── i-refresh.png │ ├── i-repositories.PNG │ ├── i-scan-now.PNG │ ├── i-sensitivity.PNG │ ├── i-unassign.PNG │ ├── i_categorize.svg │ ├── i_config-tools.svg │ ├── i_learn-about.svg │ ├── i_portal.svg │ ├── i_quick-start.svg │ ├── i_search.svg │ ├── import-scanner-repositories.png │ ├── info-protect-azurerms-activated.png │ ├── info-protect-azurerms-deactivated.png │ ├── info-protect-barv2-not-set-callout.png │ ├── info-protect-nodefaultlabels.png │ ├── info-protect-policy-default-labelsv2.PNG │ ├── info-protect-policy-default-settings-quickstart.png │ ├── info-protect-policy-default-settingsv3.png │ ├── info-types-to-be-discovered.jpg │ ├── infoprotect-protectbutton-pulldown.png │ ├── information-banner-custom-protection.png │ ├── information-protection-scanner.png │ ├── ios-icon.png │ ├── ios-share-to-aip-viewer.png │ ├── justification-client.png │ ├── justification-office.png │ ├── labelname_scc.png │ ├── linkcss.js │ ├── log-analytics-icon.png │ ├── migration-status-banner.png │ ├── network-scan-job-demo.png │ ├── no-icon.png │ ├── ome-message.png │ ├── onfigure-justifymessage2.png │ ├── protect-custom-permissions.png │ ├── protect-from-file-explorer.png │ ├── protected-pdf-in-adobe-reader.png │ ├── protecting-pub-files.png │ ├── protection-bar-configured.png │ ├── qs-tutor │ │ ├── activate.PNG │ │ ├── aip-client-compare-across-platforms.png │ │ ├── assign-cluster-all.png │ │ ├── assign-cluster.png │ │ ├── assign-content-scan-job.png │ │ ├── compare-migrated-labels-small.png │ │ ├── compare-migrated-labels.png │ │ ├── confirm-activation.PNG │ │ ├── content-scan-job-data-discovery.PNG │ │ ├── i-network-scan-jobs.png │ │ ├── i-nodes.png │ │ ├── i-repos.png │ │ ├── network-scan-job.png │ │ ├── pin-to-dashboard.PNG │ │ ├── powershell-sign-in.png │ │ ├── protect-sensitivity-button-compare.png │ │ ├── qs-add-new-cluster.png │ │ ├── qs-post-install-scanner.png │ │ ├── quickstart-add-cs-job.png │ │ ├── risky-repos-small.png │ │ ├── risky-repos.png │ │ ├── sample-aip-client-office.PNG │ │ ├── sample-built-in-client-office.PNG │ │ ├── sample-compare-classic.PNG │ │ ├── sample-office-on-the-web.PNG │ │ ├── sample-outlook-on-the-web.png │ │ ├── sample-test-scanner.png │ │ ├── save-icon.png │ │ ├── scanned-network.png │ │ ├── ul-see-blockmessage.png │ │ ├── ul-see-custom-blockmessage.png │ │ ├── ul-see-nolabljustify-custom.png │ │ ├── ul-see-nolabljustify.png │ │ └── ul-see-warnmessage.png │ ├── recipients-only-label.png │ ├── recipients-only-label2.png │ ├── right-click-classify-protect-folder.png │ ├── risky-repos-small.png │ ├── risky-repos.png │ ├── sample-popup-block.png │ ├── sample-popup-justify.png │ ├── sample-popup-warn.png │ ├── scanner-file-types-purview.png │ ├── scanner-file-types.png │ ├── scanner-repositories-bar.png │ ├── scanner-repository-add.png │ ├── scanner-rescan-files.png │ ├── scanner-scan-now.png │ ├── scanner-stop-scan.png │ ├── search-for-aip.png │ ├── select-aip-viewer.png │ ├── selected-sensitivity-options.png │ ├── sensitivity-not-set-callout.png │ ├── share-protected-emailv2.png │ ├── small │ │ ├── android-icon-small.png │ │ ├── ios-icon-small.png │ │ ├── network-scan-job-demo-small.png │ │ └── risky-repos-small.png │ ├── templates-exchangeonline-callouts.png │ ├── track-and-revoke.png │ ├── track-revoke-word.png │ ├── track-usage-callout.PNG │ ├── track-usage-calloutv3.png │ ├── tracking-site-admin-icon.PNG │ ├── tracking-site-exit-admin-icon.png │ ├── tracking-site-export-icon.png │ ├── tracking-site-revoke-access-icon.png │ ├── tracking-site-settings-email.png │ ├── treat-rec-labeling-as-automatic.jpg │ ├── ul-scanner-arch.png │ ├── v2delete-label.png │ ├── v2edit-label.png │ ├── v2info-protect-dialog-labels-dimmed.png │ ├── v2word2016-calloutsv2.png │ ├── validate-rms-connector.png │ ├── videos-gifs │ │ └── dke.gif │ ├── what-is-mip.png │ ├── windows-icon.png │ ├── yes-icon.png │ └── yes-plus-icon.png ├── migrate-from-ad-rms-phase1.md ├── migrate-from-ad-rms-phase2.md ├── migrate-from-ad-rms-phase3.md ├── migrate-from-ad-rms-phase4.md ├── migrate-from-ad-rms-phase5.md ├── migrate-from-ad-rms-to-azure-rms.md ├── migrate-hsmkey-to-hsmkey.md ├── migrate-softwarekey-to-hsmkey.md ├── migrate-softwarekey-to-softwarekey.md ├── monitor-rms-connector.md ├── office-apps-services-support.md ├── operations-customer-managed-tenant-key.md ├── operations-microsoft-managed-tenant-key.md ├── operations-tenant-key.md ├── parity-between-azure-information-protection.md ├── plan-implement-tenant-key.md ├── prepare-environment-adrms.md ├── prepare.md ├── removed-sunset-services.md ├── reports-aip.md ├── requirements-azure-ad.md ├── requirements.md ├── rms-client │ └── client-deployment-notes.md ├── rms-connector-registry-settings.md ├── rms-for-individuals.md ├── terminology.md ├── toc.yml ├── verify.md ├── what-is-azure-rms.md └── what-is-information-protection.md ├── LICENSE ├── LICENSE-CODE ├── README.md ├── ThirdPartyNotices ├── UpdateSubmodule.ps1 └── mip ├── breadcrumb └── toc.yml ├── develop ├── concept-accesscheck.md ├── concept-api-permissions.md ├── concept-apis-use-cases.md ├── concept-async-observers-file-cpp.md ├── concept-async-observers-policy-cpp.md ├── concept-async-observers-protection-cpp.md ├── concept-async-observers.md ├── concept-auditing-file-cpp.md ├── concept-auth-scenario-csharp.md ├── concept-authentication-acquire-token-py.md ├── concept-authentication-cpp.md ├── concept-authentication-delegate-cpp.md ├── concept-cache-storage.md ├── concept-classification-labels.md ├── concept-consent-cpp.md ├── concept-data-boundary.md ├── concept-delegation.md ├── concept-email.md ├── concept-fips-compliance.md ├── concept-handler-file-Status-cpp.md ├── concept-handler-file-cpp.md ├── concept-handler-policy-auditing-cpp.md ├── concept-handler-policy-computeactions-cpp.md ├── concept-handler-policy-cpp.md ├── concept-handler-policy-executionstate-cpp.md ├── concept-handler-protection-cpp.md ├── concept-justification.md ├── concept-labeling-and-protection.md ├── concept-logging.md ├── concept-mip-diagnostics.md ├── concept-mip-metadata.md ├── concept-mip-proxies.md ├── concept-mipcontext.md ├── concept-offline-publishing.md ├── concept-profile-engine-cpp.md ├── concept-profile-engine-file-engine-cpp.md ├── concept-profile-engine-file-profile-cpp.md ├── concept-profile-engine-policy-engine-cpp.md ├── concept-profile-engine-policy-profile-cpp.md ├── concept-profile-engine-protection-engine-cpp.md ├── concept-profile-engine-protection-profile-cpp.md ├── concept-republishing.md ├── concept-service-discovery.md ├── concept-summary-csharp.md ├── concept-supported-filetypes.md ├── concept-user-defined-permissions.md ├── faqs-known-issues.md ├── index.yml ├── media │ ├── concept-apis-use-cases │ │ └── mip-sdk-components.png │ ├── index │ │ ├── i_video.svg │ │ ├── kartik-tom-mip-sdk.png │ │ ├── logo_Cplusplus.svg │ │ ├── logo_Csharp.svg │ │ ├── logo_java.svg │ │ ├── logo_net.svg │ │ ├── logo_nodejs.svg │ │ ├── logo_python.svg │ │ └── tom-mip-sdk.png │ ├── justify-action.png │ ├── quick-app-initialization-cpp │ │ ├── add-class.png │ │ ├── add-nuget-package.png │ │ ├── create-vs-solution.png │ │ ├── set-include-lib-path-properties.png │ │ └── set-static-libs.png │ ├── quick-app-initialization-csharp │ │ └── create-vs-solution.png │ ├── quick-file-list-labels-cpp │ │ ├── acquire-token-sign-in-consent.png │ │ └── acquire-token-sign-in.png │ ├── quick-file-set-get-label-cpp │ │ └── word-sensitivity-label-not-set.png │ └── setup-mip-client │ │ ├── aad-app-api-permissions.png │ │ ├── aad-app-registration-overview.png │ │ ├── aad-app-registration.png │ │ └── visual-studio-install.png ├── overview.md ├── quick-app-adrms.md ├── quick-app-initialization-cpp.md ├── quick-app-initialization-csharp.md ├── quick-email-msg-cpp.md ├── quick-email-msg-csharp.md ├── quick-file-justify-actions-cpp.md ├── quick-file-justify-actions-csharp.md ├── quick-file-list-labels-cpp.md ├── quick-file-list-labels-csharp.md ├── quick-file-republishing-cpp.md ├── quick-file-republishing-csharp.md ├── quick-file-set-get-label-cpp.md ├── quick-file-set-get-label-csharp.md ├── quick-protection-app-initialization-cpp.md ├── quick-protection-app-initialization-csharp.md ├── quick-protection-encrypt-decrypt-text-cpp.md ├── quick-protection-encrypt-decrypt-text-csharp.md ├── quick-protection-list-templates-cpp.md ├── quick-protection-list-templates-csharp.md ├── setup-configure-mip.md ├── toc.yml └── version-release-history.md ├── docfx.json ├── includes └── mip-sdk-platform-support.md ├── index.yml ├── media └── index │ ├── i_video.svg │ └── tom-mip-sdk.png └── toc.yml /.acrolinx-config.edn: -------------------------------------------------------------------------------- 1 | {:allowed-branchname-matches ["main" "master" "release-.*" "sandbox-.*"] 2 | :allowed-filename-matches ["Azure-RMSDocs" "mip"]} 3 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | # Set the default behavior, in case people don't have core.autocrlf set. 2 | * text=auto 3 | 4 | # Explicitly declare text files you want to always be normalized and converted 5 | # to native line endings on checkout. 6 | *.c text 7 | *.h text 8 | 9 | # Declare files that will always have CRLF line endings on checkout. 10 | *.sln text eol=crlf 11 | 12 | # Denote all files that are truly binary and should not be modified. 13 | *.png binary 14 | *.jpg binary -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | log/ 2 | xhtml/ 3 | packages/ 4 | obj/ 5 | _site/ 6 | Tools/NuGet/ 7 | .optemp/ 8 | 9 | .openpublishing.build.mdproj 10 | .openpublishing.buildcore.ps1 11 | packages.config 12 | **/.vscode/settings.json 13 | _themes 14 | 15 | .vscode/settings.json 16 | -------------------------------------------------------------------------------- /.openpublishing.publish.config.json: -------------------------------------------------------------------------------- 1 | { 2 | "build_entry_point": "docs", 3 | "docsets_to_publish": [ 4 | { 5 | "docset_name": "Azure-RMSDocs", 6 | "build_source_folder": "Azure-RMSDocs", 7 | "build_output_subfolder": "Azure-RMSDocs", 8 | "locale": "en-us", 9 | "monikers": [], 10 | "open_to_public_contributors": true, 11 | "type_mapping": { 12 | "Conceptual": "Content", 13 | "ManagedReference": "Content", 14 | "RestApi": "Content", 15 | "LandingData": "Content", 16 | "ContextObject": "Toc" 17 | }, 18 | "build_entry_point": "docs", 19 | "template_folder": "_themes", 20 | "version": 0 21 | }, 22 | { 23 | "docset_name": "MIP", 24 | "build_source_folder": "mip", 25 | "build_output_subfolder": "MIP", 26 | "locale": "en-us", 27 | "monikers": [], 28 | "moniker_ranges": [], 29 | "open_to_public_contributors": false, 30 | "type_mapping": { 31 | "Conceptual": "Content", 32 | "ManagedReference": "Content", 33 | "RestApi": "Content", 34 | "ContextObject": "Toc" 35 | }, 36 | "build_entry_point": "docs", 37 | "template_folder": "_themes" 38 | } 39 | ], 40 | "notification_subscribers": [ 41 | "" 42 | ], 43 | "sync_notification_subscribers": null, 44 | "branches_to_filter": [], 45 | "git_repository_url_open_to_public_contributors": "https://github.com/Microsoft/Azure-RMSDocs", 46 | "git_repository_branch_open_to_public_contributors": "master", 47 | "skip_source_output_uploading": false, 48 | "need_preview_pull_request": true, 49 | "contribution_branch_mappings": null, 50 | "dependent_repositories": [ 51 | { 52 | "path_to_root": "_themes", 53 | "url": "https://github.com/Microsoft/templates.docs.msft", 54 | "branch": "main", 55 | "branch_mapping": {} 56 | }, 57 | { 58 | "path_to_root": "_themes.pdf", 59 | "url": "https://github.com/Microsoft/templates.docs.msft.pdf", 60 | "branch": "main", 61 | "branch_mapping": {} 62 | }, 63 | { 64 | "path_to_root": "Azure-RMSDocs/reusable-content", 65 | "url": "https://github.com/MicrosoftDocs/reusable-content", 66 | "branch": "main", 67 | "branch_mapping": {} 68 | } 69 | ], 70 | "branch_target_mapping": { 71 | "live": [ 72 | "Publish", 73 | "PDF" 74 | ], 75 | "main": [ 76 | "Publish", 77 | "PDF" 78 | ] 79 | }, 80 | "need_generate_pdf_url_template": true, 81 | "targets": { 82 | "Pdf": { 83 | "template_folder": "_themes.pdf" 84 | } 85 | }, 86 | "need_generate_pdf": false, 87 | "need_generate_intellisense": false, 88 | "enable_branch_build_custom_validation": true, 89 | "enable_pull_request_custom_validation": true, 90 | "template_folder": "_themes", 91 | "docs_build_engine": { 92 | "name": "docfx_v3" 93 | } 94 | } -------------------------------------------------------------------------------- /Azure-RMSDocs/about-aip-client.md: -------------------------------------------------------------------------------- 1 | --- 2 | # required metadata 3 | 4 | title: Learn about the Azure Information Protection (AIP) unified labeling client 5 | description: Status of the Azure Information Protection (AIP) unified labeling client 6 | author: cabailey 7 | ms.author: cabailey 8 | manager: aashishr 9 | ms.date: 05/11/2024 10 | ms.topic: article 11 | ms.collection: M365-security-compliance 12 | ms.service: information-protection 13 | 14 | --- 15 | 16 | # The Azure Information Protection (AIP) unified labeling client 17 | 18 | The Azure Information Protection (AIP) unified labeling client is now replaced with the **Microsoft Purview Information Protection client**, and the [Office add-in for labeling in Word, Excel, PowerPoint, and Outlook is retired](/purview/sensitivity-labels-office-apps#office-built-in-labeling-and-the-azure-information-protection-client). 19 | 20 | For the latest release information and support timelines, see [Microsoft Purview Information Protection client - Release management and supportability](/purview/information-protection-client-relnotes). 21 | 22 | For more information about the new client, see [Extend sensitivity labeling on Windows](/purview/information-protection-client). 23 | 24 | -------------------------------------------------------------------------------- /Azure-RMSDocs/api-support.md: -------------------------------------------------------------------------------- 1 | --- 2 | # required metadata 3 | 4 | title: Other apps that support RMS APIs - Install & config - AIP 5 | description: Understand how the Azure Rights Management service from Azure Information Protection can support other applications to protect your organization's data. 6 | author: aashishr 7 | ms.author: aashishr 8 | manager: aashishr 9 | ms.date: 11/08/2020 10 | ms.topic: conceptual 11 | ms.collection: M365-security-compliance 12 | ms.service: information-protection 13 | ms.assetid: c50a8cbb-d12f-4a0e-bc29-74c463e6ac3e 14 | 15 | # optional metadata 16 | 17 | #ROBOTS: 18 | #audience: 19 | #ms.devlang: 20 | ms.reviewer: esaggese 21 | ms.suite: ems 22 | #ms.tgt_pltfrm: 23 | ms.custom: admin 24 | 25 | --- 26 | 27 | # Other applications that support the Rights Management APIs 28 | 29 | Use the following information to help you understand how the Azure Rights Management service from Azure Information Protection can support other applications to protect your organization's data. 30 | 31 | By using the Microsoft Information Protection SDKs, your internal developers can write line-of-business applications to natively support the Azure Rights Management service. How information protection is integrated with these applications depends on how they are written. For example, the integration might be automatically applied with minimal user interaction required, or for a more customized experience, users might be prompted to configure settings to apply information protection to files. 32 | 33 | Similarly, many software vendors provide applications to provide information protection solutions, also known as enterprise rights management (ERM) products. A popular example is a PDF reader that supports the Azure Rights Management service for specific platforms. 34 | 35 | ## Next steps 36 | 37 | To see how other applications and services support the Azure Rights Management service, see [How Applications Support the Azure Rights Management service](applications-support.md). 38 | -------------------------------------------------------------------------------- /Azure-RMSDocs/applications-support.md: -------------------------------------------------------------------------------- 1 | --- 2 | # required metadata 3 | 4 | title: How apps support Azure Rights Management from AIP 5 | description: Understand how the most commonly used applications (such as Office apps) and services (such as Exchange and SharePoint) can use the Azure Rights Management service from Azure Information Protection to help protect your organization's documents and emails. 6 | author: aashishr 7 | ms.author: aashishr 8 | manager: aashishr 9 | ms.date: 06/06/2021 10 | ms.topic: conceptual 11 | ms.collection: M365-security-compliance 12 | ms.service: information-protection 13 | ms.assetid: 2cdc7bde-4044-4021-b887-11476f99afd9 14 | 15 | # optional metadata 16 | 17 | #ROBOTS: 18 | #audience: 19 | #ms.devlang: 20 | ms.reviewer: esaggese 21 | ms.suite: ems 22 | #ms.tgt_pltfrm: 23 | ms.custom: admin 24 | 25 | --- 26 | 27 | # How applications support the Azure Rights Management service 28 | 29 | Use the following information to help you understand how the most commonly used end-user applications and services can use the Azure Rights Management service from Azure Information Protection to help protect your organization's documents and emails. These applications include Word, Excel, PowerPoint, and Outlook. The services include Exchange and Microsoft SharePoint. 30 | 31 | In some cases, the Azure Rights Management service automatically applies protection, according to policies that administrators configure. For example, this is the case with SharePoint libraries and Exchange transport rules. In other cases, end users must apply the protection themselves from their applications. For example, users select a classification label that is configured to apply protection, or they select a template, or select specific options. Protection that is applied by users is typical when users protect a file to share and they also restrict access or usage to selected users or to users outside the organization. 32 | 33 | Templates make it easier for users (and administrators who configure policies) to apply the correct level of protection and restrict access to people inside your organization. Although the Azure Rights Management service comes with two default templates, you probably want to create custom templates to reduce the times when users and administrators have to specify individual options. For more information about templates, see [Configuring and managing templates for Azure Information Protection](/previous-versions/azure/information-protection/configure-policy-templates). 34 | 35 | For the cases where users must apply the protection themselves, be sure to provide them with instructions and guidance how and when to do this. Make the instructions specific for the application and versions that they use and how they use them. Also provide guidance for when and how users should apply the protection that is appropriate for your business. For more information, see [Helping users to protect files by using the Azure Rights Management service](help-users.md). 36 | 37 | For information about how to configure these applications for the Azure Rights Management service from Azure Information Protection, see [Configuring applications for Azure Rights Management](configure-applications.md). 38 | 39 | Search services can integrate with Rights Management in different ways. For example: 40 | 41 | - Exchange Online and Exchange Server use service-side indexing so that a user's protected emails are automatically displayed in their search results. 42 | 43 | - Windows desktop search uses a shared index between different users of the device, so to keep the data in the protected documents secure, it does not index protected files. This means that although your search results don't include files that you have protected, you can be assured that your files that contain sensitive data are not displayed in search results for other users who might sign in to your PC, or connect to your PC. 44 | 45 | ## Next steps 46 | 47 | Learn more about how each of the following applications and services supports the Azure Rights Management service: 48 | 49 | - [Office applications and services](office-apps-services-support.md) 50 | 51 | - [File servers that run Windows Server and use File Classification Infrastructure (FCI)](file-server-support.md) 52 | 53 | - [Other applications that support the RMS APIs](api-support.md) -------------------------------------------------------------------------------- /Azure-RMSDocs/bread/toc.yml: -------------------------------------------------------------------------------- 1 | - name: Azure 2 | tocHref: /azure/ 3 | topicHref: /azure/index 4 | items: 5 | - name: Azure Information Protection 6 | tocHref: /azure/information-protection/ 7 | topicHref: /azure/information-protection/index 8 | - name: Azure 9 | tocHref: /security/benchmark/azure/ 10 | topicHref: /azure/index 11 | items: 12 | - name: Azure Information Protection 13 | tocHref: /security/benchmark/azure/baselines/ 14 | topicHref: /azure/information-protection/index 15 | -------------------------------------------------------------------------------- /Azure-RMSDocs/compliance.md: -------------------------------------------------------------------------------- 1 | --- 2 | # required metadata 3 | 4 | title: Compliance & information for Azure Information Protection 5 | description: Supporting information for Azure Information Protection that includes legal, compliance, and SLAs. 6 | author: aashishr 7 | ms.author: aashishr 8 | manager: aashishr 9 | ms.date: 12/08/2019 10 | ms.topic: conceptual 11 | ms.collection: M365-security-compliance 12 | ms.service: information-protection 13 | ms.assetid: b3a7127b-6d24-4439-bc4e-2a0a325e8ea3 14 | 15 | # optional metadata 16 | 17 | #ROBOTS: 18 | #audience: 19 | #ms.devlang: 20 | ms.reviewer: esaggese 21 | ms.suite: ems 22 | #ms.tgt_pltfrm: 23 | ms.custom: admin 24 | 25 | --- 26 | 27 | 28 | 29 | # Compliance and supporting information for Azure Information Protection 30 | 31 | [!INCLUDE [looking-for-mip](includes/looking-for-mip.md)] 32 | 33 | Azure Information Protection supports other services and also relies on other services. If you’re looking for information that is related to Azure Information Protection but not about how to use the Azure Information Protection service, check the following resources: 34 | 35 | ## Suitability for different countries 36 | 37 | Given the variability between laws and regulations in different countries, different use cases and scenarios, and the varying requirements between different business sectors, you will need to consult your legal adviser to help you answer whether Azure Information Protection is suitable for your country. 38 | 39 | However, some relevant information that can help your legal adviser make a determination: 40 | 41 | - Azure Information Protection uses AES 256 and AES 128 to encrypt documents. [More information](./how-does-it-work.md#cryptographic-controls-used-by-azure-rms-algorithms-and-key-lengths) 42 | 43 | - All encryption keys used by Azure Information Protection are protected with a customer-specific root key that uses RSA 2048 bits. RSA 1024 bits is also supported for backwards compatibility. [More information](./how-does-it-work.md#cryptographic-controls-used-by-azure-rms-algorithms-and-key-lengths) 44 | 45 | - Customer-specific root keys are either managed by Microsoft or provisioned by the customer in a nCipher HSM by using "bring your own key" (BYOK). Azure Information Protection also supports features for on-premises protection, for content that cannot be protected with a cloud-based key. For more information, see [Planning and implementing your Azure Information Protection tenant key](plan-implement-tenant-key.md). 46 | 47 | - The Azure Information Protection service is hosted in regional data centers across the globe. Azure Information Protection keys always remain within the region in which is originally deployed. 48 | 49 | - Azure Information Protection does not transmit document contents from clients to the Azure Information Protection service. Content encryption and decryption operations are performed in-place in the client device. Or, for service-based rendering, these operations are performed within the service that’s rendering the content. [More information](./how-does-it-work.md) 50 | 51 | ## Legal and privacy 52 | 53 | - For Microsoft Azure agreement information: [Microsoft Azure Agreement](https://azure.microsoft.com/support/legal/subscription-agreement/) 54 | 55 | - For Microsoft Azure privacy information: [Microsoft Azure Privacy Statement](https://azure.microsoft.com/support/legal/privacy-statement/) 56 | 57 | ## Security, compliance, and auditing 58 | 59 | See the [Security, compliance, and regulatory requirements](./what-is-azure-rms.md#security-compliance-and-regulatory-requirements) section in the [What is Azure RMS?](./what-is-azure-rms.md) article, for information about specific certifications for the Azure Rights Management service. In addition: 60 | 61 | - For external certifications for Azure Information Protection: [Microsoft Azure Trust Center](https://azure.microsoft.com/support/trust-center/) 62 | 63 | - For FIPS 140 information: [FIPS 140 Validation](/windows/security/threat-protection/fips-140-validation) 64 | 65 | For in-depth technical information about how the protection technology works, see [How does Azure RMS work?](./how-does-it-work.md) 66 | 67 | ## Service level agreements 68 | 69 | - [SLA for Azure Information Protection](https://azure.microsoft.com/support/legal/sla/information-protection/v1_0/) 70 | 71 | - [SLA for Microsoft Entra ID](https://azure.microsoft.com/support/legal/sla/active-directory/v1_0/) 72 | 73 | - [SLA for Azure Key Vault](https://azure.microsoft.com/support/legal/sla/key-vault/v1_0/) 74 | 75 | ## Documentation 76 | 77 | - Microsoft Entra documentation: [Microsoft Entra ID](/azure/active-directory/fundamentals/active-directory-whatis) 78 | 79 | - Microsoft 365 documentation: [Microsoft 365 for enterprise documentation and resources](/Office365/Enterprise/) 80 | -------------------------------------------------------------------------------- /Azure-RMSDocs/configure-applications.md: -------------------------------------------------------------------------------- 1 | --- 2 | # required metadata 3 | 4 | title: Configuring applications for Azure Rights Management - AIP 5 | description: Instructions for admins to configure applications and services to support the Azure Rights Management protection service for Azure Information Protection. 6 | author: aashishr 7 | ms.author: aashishr 8 | manager: aashishr 9 | ms.date: 11/11/2020 10 | ms.topic: conceptual 11 | ms.collection: M365-security-compliance 12 | ms.service: information-protection 13 | ms.assetid: ea09cbc5-b98b-444e-8b60-5bc3cb199c36 14 | 15 | # optional metadata 16 | 17 | #ROBOTS: 18 | #audience: 19 | #ms.devlang: 20 | ms.subservice: azurerms 21 | ms.reviewer: esaggese 22 | ms.suite: ems 23 | #ms.tgt_pltfrm: 24 | ms.custom: admin 25 | 26 | --- 27 | 28 | # Configuring applications for Azure Rights Management 29 | 30 | [!INCLUDE [looking-for-mip](includes/looking-for-mip.md)] 31 | 32 | This article is for IT administrators and consultants who have deployed Azure Information Protection. If you are looking for user help and information about how to use the Rights Management functionality for a specific application or how to open a file that is rights-protected, use the help and guidance that accompanies your application. 33 | 34 | For example, for Office applications, click the Help icon and enter search terms such as **Rights Management** or **IRM**. For the Azure Information Protection client for Windows, see the [Azure Information Protection client user guide](./rms-client/clientv2-user-guide.md). 35 | 36 | ## Resources for configuring applications, the AIP client, and services 37 | 38 | After you have deployed Azure Information Protection for your organization, use the following information to configure applications, the Azure Information Protection client, and services, such as: 39 | 40 | - **Office applications**, such as Word 2019, Word 2016, and Word 2013. 41 | - **Services**, such as Exchange Online (transport rules, data loss prevention, do not forward, and message encryption) and Microsoft SharePoint (protected libraries). 42 | 43 | For information about how these applications and services support the data protection service from Azure Information Protection, see [How applications support the Azure Rights Management service](applications-support.md). 44 | 45 | For information about supported versions and other requirements, see [Requirements for Azure Information Protection](requirements.md). 46 | 47 | - [Microsoft 365: Configuration for online services](configure-office365.md) 48 | 49 | - [Exchange Online: IRM Configuration](configure-office365.md#exchangeonline-irm-configuration) 50 | 51 | - [SharePoint in Microsoft 365 and OneDrive: IRM Configuration](configure-office365.md#sharepoint-in-microsoft-365-and-onedrive-irm-configuration) 52 | 53 | - [Office applications: Configuration for clients](configure-office-apps.md) 54 | 55 | - [Microsoft 365 apps, Office 2021, Office 2019, Office 2016, and Office 2013](configure-office-apps.md#microsoft365-apps-office-2021-office-2019-office-2016-and-office-2013) 56 | 57 | - [Azure Information Protection client: Installation and configuration for clients](configure-client.md) 58 | 59 | To configure on-premises servers such as Exchange Server and SharePoint Server, see [Deploying the Microsoft Rights Management connector](deploy-rms-connector.md). 60 | 61 | In addition to these applications and services, there are other applications that support the Rights Management APIs. This category includes line-of-business applications that are written in-house by using the Rights Management SDK, and applications from software vendors that are written by using the Rights Management SDK. For these applications, follow the instructions that are provided with the application. 62 | 63 | ## Next steps 64 | 65 | After you’ve configured your applications to support the Azure Rights Management service, use the [AIP deployment roadmap for classification, labeling, and protection](deployment-roadmap-classify-label-protect.md) to check whether there are other configuration steps that you might want to do before you roll out Azure Information Protection to users and administrators. 66 | 67 | If not, you might find the following operational information useful: 68 | 69 | - [Verifying the Azure Rights Management service](verify.md) 70 | 71 | - [Helping users to protect files by using the Azure Rights Management service](help-users.md) 72 | 73 | - [Logging and analyzing the Azure Rights Management service](log-analyze-usage.md) 74 | 75 | - [Operations for your Azure Information Protection tenant key](operations-tenant-key.md) 76 | -------------------------------------------------------------------------------- /Azure-RMSDocs/configure-office-apps.md: -------------------------------------------------------------------------------- 1 | --- 2 | # required metadata 3 | 4 | title: Configuration for clients to use Office apps with Azure RMS from AIP 5 | description: Information and instructions for admins to configure Office apps to work with the Azure Rights Management service from Azure Information Protection. 6 | author: aashishr 7 | ms.author: aashishr 8 | manager: aashishr 9 | ms.date: 11/30/2019 10 | ms.topic: how-to 11 | ms.collection: M365-security-compliance 12 | ms.service: information-protection 13 | ms.assetid: ec269afe-4e87-4cc1-9144-5fbb594b412e 14 | 15 | # optional metadata 16 | 17 | #ROBOTS: 18 | #audience: 19 | #ms.devlang: 20 | ms.subservice: azurerms 21 | ms.suite: ems 22 | #ms.tgt_pltfrm: 23 | ms.custom: admin 24 | 25 | --- 26 | 27 | # Office apps: Configuration for clients to use the Azure Rights Management service 28 | 29 | 30 | Use this information to determine what you need to do so that Office apps work with the Azure Rights Management service from Azure Information Protection. 31 | 32 | ## Microsoft 365 apps, Office 2021, Office 2019, Office 2016, and Office 2013 33 | 34 | Because these later versions of Office provide built-in support for the Azure Rights Management service, no client computer configuration is required to support the information rights management (IRM) features for applications such as Word, Excel, PowerPoint, Outlook, and Outlook on the web. 35 | 36 | All users have to do for these apps on Windows, is sign in to their Office applications with their Microsoft 365 credentials. They can then can protect files and emails, and use files and emails that have been protected by others. 37 | 38 | ### User instructions for Office for Mac 39 | 40 | Users who have Office for Mac must first verify their credentials before they can protect content. For example: 41 | 42 | 1. Open Outlook and create a profile by using your Microsoft 365 work or school account. 43 | 44 | 2. Create a new message and on the **Options** tab, select **Permissions**, and then select **Verify Credentials**. When prompted, specify your Microsoft 365 work or school account details again, and select **Sign in**. 45 | 46 | This action downloads the Azure Rights Management templates and **Verify Credentials** is now replaced with options that include **No Restrictions**, **Do Not Forward**, and any Azure Rights Management templates that are published for your tenant. 47 | 48 | 3. You can now cancel this new message. 49 | 50 | 4. To protect an email message or a document: On the **Options** tab, select **Permissions** and choose an option or template that protects your email or document. 51 | 52 | For more information, see [Azure Information Protection client: Installation and configuration for clients](configure-client.md). 53 | -------------------------------------------------------------------------------- /Azure-RMSDocs/context/context.yml: -------------------------------------------------------------------------------- 1 | ### YamlMime:ContextObject 2 | ### STOP! This file is a context file used for contextual TOCs. 3 | ### 4 | brand: azure 5 | breadcrumb_path: ../bread/toc.yml 6 | toc_rel: ../toc.yml 7 | uhfHeaderId: azure -------------------------------------------------------------------------------- /Azure-RMSDocs/develop/deprecation-notice.md: -------------------------------------------------------------------------------- 1 | --- 2 | # required metadata 3 | 4 | title: RMS SDK 4.2 Deprecation notice 5 | description: RMS SDK 4.2 Deprecation notice 6 | keywords: 7 | author: msmbaldwin 8 | ms.author: mbaldwin 9 | ms.date: 04/14/2025 10 | ms.topic: conceptual 11 | ms.collection: M365-security-compliance 12 | ms.service: information-protection 13 | 14 | # optional metadata 15 | 16 | #ROBOTS: 17 | audience: developer 18 | #ms.devlang: 19 | ms.reviewer: shubhamp 20 | ms.suite: ems 21 | #ms.tgt_pltfrm: 22 | ms.custom: dev 23 | 24 | --- 25 | 26 | # RMS SDK 4.2 and RMS SDK 2.1 deprecation notice 27 | 28 | ## RMS SDK 4.2 29 | *Applicable to all RMS SDK 4.2 versions* 30 | 31 | Applications that use RMS SDK 4.2 to interact with the Azure Rights Management Service, Active Directory Rights Management Service, or Microsoft Purview Information Protection protection-enabled labels must migrate to the Microsoft Information Protection SDK. 32 | 33 | Microsoft support and development for RMS SDK 4.2, including security fixes, ends on November 28th, 2024. 34 | 35 | There are no RMS SDK 4.2 feature releases or new platform version releases planned prior to the deprecation date. 36 | 37 | ## RMS SDK 2.1 38 | *Applicable to all RMS SDK 2.1 versions* 39 | 40 | Applications that use RMS SDK 2.1 to interact with the Azure Rights Management Service or Microsoft Purview Information Protection protection-enabled labels must migrate to the Microsoft Information Protection SDK. 41 | 42 | Microsoft support and development for RMS SDK 2.1, including security fixes, ends on November 28th, 2024. 43 | 44 | There are no RMS SDK 2.1 feature releases or new platform version releases planned prior to the deprecation date. 45 | 46 | ### AD RMS Guidance and Requirements 47 | 48 | Migration from RMS SDK 2.1 (MSIPC) to MIP SDK requires customers using Active Directory Rights Management Service (AD RMS) to deploy Mobile Device Extensions (MDE) for AD RMS. With this feature, MIP SDK is able to communicate with AD RMS. 49 | 50 | Configuration of MDE is non-trivial, requiring deployment of Active Directory Federation Services (ADFS), DNS record registration both in internal and external DNS zones, and possibly proxy configurations if the endpoint is to be exposed to the public internet. 51 | 52 | Further, there's uncertainty with AD RMS + MDE with MIP SDK around specific scenarios, including: 53 | 54 | - Offline protection 55 | - Federated scenarios 56 | - FIPS support for encryption endpoints 57 | - User cert bootstrapping 58 | - Pre-licensing 59 | - Complex trust configurations 60 | 61 | For AD RMS customers, MSIPC continues to be supported for the above scenarios. 62 | 63 | -------------------------------------------------------------------------------- /Azure-RMSDocs/docfx.json: -------------------------------------------------------------------------------- 1 | { 2 | "build": { 3 | "content": [ 4 | { 5 | "files": [ 6 | "**/**.md", 7 | "**/**.yml" 8 | ], 9 | "exclude": [ 10 | "**/obj/**", 11 | "**/includes/**" 12 | ] 13 | } 14 | ], 15 | "resource": [ 16 | { 17 | "files": [ 18 | "**/images/**", 19 | "**/*.png", 20 | "**/*.jpg", 21 | "**/*.gif", 22 | "**/*.bmp", 23 | "**/*.html" 24 | ], 25 | "exclude": [ 26 | "**/obj/**", 27 | "_themes/**" 28 | ] 29 | } 30 | ], 31 | "dest": "Azure-RMSDocs", 32 | "template": "docs.html", 33 | "globalMetadata": { 34 | "uhfHeaderId": "azure", 35 | "feedback_system": "Standard", 36 | "feedback_product_url": "https://feedbackportal.microsoft.com/feedback/forum/5ad50ce6-8a83-ec11-8d21-0022482fa693", 37 | "feedback_help_link_url": "https://learn.microsoft.com/en-us/answers/tags/24/azure-information-protection", 38 | "feedback_help_link_type": "get-help-at-qna", 39 | "layout": "Conceptual", 40 | "breadcrumb_path": "/azure/information-protection/bread/toc.json", 41 | "searchScope": [ 42 | "Information Protection" 43 | ] 44 | }, 45 | "markdownEngineName": "markdig" 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /Azure-RMSDocs/faqs-infoprotect.md: -------------------------------------------------------------------------------- 1 | --- 2 | # required metadata 3 | 4 | title: FAQs for classification & labeling - AIP 5 | description: Have a question that is specifically about classification and labeling using Azure Information Protection? See if it's answered here. 6 | author: aashishr 7 | ms.author: aashishr 8 | manager: aashishr 9 | ms.date: 03/07/2021 10 | ms.topic: conceptual 11 | ms.collection: M365-security-compliance 12 | ms.service: information-protection 13 | ms.assetid: 4b595b6a-7eb0-4438-b49a-686431f95ddd 14 | 15 | # optional metadata 16 | 17 | #ROBOTS: 18 | #audience: 19 | #ms.devlang: 20 | ms.reviewer: adhall 21 | ms.suite: ems 22 | #ms.tgt_pltfrm: 23 | ms.custom: admin 24 | 25 | --- 26 | 27 | # Frequently asked questions about classification and labeling in Azure Information Protection 28 | 29 | [!INCLUDE [looking-for-mip](includes/looking-for-mip.md)] 30 | 31 | Have a question about Azure Information Protection that is specifically about classification and labeling? See if it's answered here. 32 | 33 | ## Which client do I install for testing new functionality? 34 | 35 | We recommend using the built-in labeling solution for Office apps by default, and then installing the Azure Information Protection unified labeling client in parallel if you need the extra features supported by AIP. 36 | 37 | You can use the AIP client's extra functionality and built-in labeling simultaneously, and the unified labeling client downloads labels and policy settings from the Microsoft Purview compliance portal. 38 | 39 | For more information, see [Learn about about built-in labeling and the AIP unified labeling client](rms-client/use-client.md). 40 | 41 | > [!TIP] 42 | > The Azure Information Protection client is supported on Windows only. 43 | > 44 | > To classify and protect documents and emails on iOS, Android, macOS, and the web, use [Office apps that support built-in labeling](/microsoft-365/compliance/sensitivity-labels-office-apps#support-for-sensitivity-label-capabilities-in-apps). 45 | > 46 | 47 | ## Where can I find information about using sensitivity labels for Office apps? 48 | 49 | See the following documentation resources: 50 | 51 | - [Learn about sensitivity labels](/microsoft-365/compliance/sensitivity-labels) 52 | 53 | - [Use sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps) 54 | 55 | - [Enable sensitivity labels for Office files in SharePoint and OneDrive](/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files) 56 | 57 | - [Apply sensitivity labels to your documents and email within Office](https://support.office.com/article/Apply-sensitivity-labels-to-your-documents-and-email-within-Office-2f96e7cd-d5a4-403b-8bd7-4cc636bae0f9#ID0EBFAAA=Office_365) 58 | 59 | For information about other scenarios that support sensitivity labels, see [Common scenarios for sensitivity labels](/microsoft-365/compliance/get-started-with-sensitivity-labels#common-scenarios-for-sensitivity-labels). 60 | 61 | ## How do I prevent somebody from removing or changing a label? 62 | 63 | To prevent users from removing or changing a label, the content must already be protected and the protection permissions do not grant the user the Export or Full Control [usage right](configure-usage-rights.md). 64 | 65 | ## When an email is labeled, do any attachments automatically get the same labeling? 66 | 67 | No. When you label an email message that has attachments, those attachments do not inherit the same label. The attachments remain either without a label or retain a separately applied label. However, if the label for the email applies protection, that protection is applied to Office attachments. 68 | 69 | ## How can DLP solutions and other applications integrate with Azure Information Protection? 70 | 71 | Because Azure Information Protection uses persistent metadata for classification, which includes a clear-text label, this information can be read by DLP solutions and other applications. 72 | 73 | For examples of using this metadata with Exchange Online mail flow rules, see [Configuring Exchange Online mail flow rules for Azure Information Protection labels](/previous-versions/azure/information-protection/configure-exo-rules). -------------------------------------------------------------------------------- /Azure-RMSDocs/file-server-support.md: -------------------------------------------------------------------------------- 1 | --- 2 | # required metadata 3 | 4 | title: How Windows file servers that use FCI support Azure RMS - AIP 5 | description: How Windows Server File Classification Infrastructure can be used with Azure RMS when you deploy the RMS connector to automatically protect Office documents. 6 | author: aashishr 7 | ms.author: aashishr 8 | manager: aashishr 9 | ms.date: 11/08/2020 10 | ms.topic: conceptual 11 | ms.collection: M365-security-compliance 12 | ms.service: information-protection 13 | ms.assetid: 8fdad425-5daf-4ce1-822f-9d2fb0b87df1 14 | ROBOTS: NOINDEX 15 | 16 | 17 | # optional metadata 18 | 19 | #audience: 20 | #ms.devlang: 21 | ms.subservice: fci 22 | ms.reviewer: esaggese 23 | ms.suite: ems 24 | #ms.tgt_pltfrm: 25 | ms.custom: admin 26 | 27 | --- 28 | 29 | 30 | # How Windows file servers that use FCI support Azure Rights Management 31 | 32 | 33 | 34 | When you configure Windows Server to use File Classification Infrastructure, this File Server Resource Manager feature can scan local files and determine whether they contain sensitive data. 35 | 36 | Files that meet this criteria are tagged with classification properties that an administrator defines. The File Classification Infrastructure can then take automatic action, according to the classification. 37 | 38 | One of these actions includes applying information protection by using Azure Rights Management and the deployment of the Rights Management connector (also known as the RMS connector). Office files are then automatically protected by Azure RMS. 39 | 40 | > [!TIP] 41 | > To protect all file types, do not use the RMS connector, but instead, run a Windows PowerShell script that uses cmdlets from the [Azure Information Protection module](/previous-versions/azure/information-protection/rms-client/client-admin-guide-powershell). 42 | > 43 | 44 | The classification policies are fully configurable and highly extensible so that you can prevent potential data leakage from unauthorized and authorized users. It can even help to reduce the risk of data leakage by network administrators because you can configure policies that don’t require these administrators to have access to the files. 45 | 46 | For instructions to deploy and configure the RMS connector for Office files, see [Deploying the Microsoft Rights Management connector](deploy-rms-connector.md). 47 | 48 | For instructions to use the Windows PowerShell script for all file types, see 49 | 50 | - [RMS Protection with Windows Server File Classification Infrastructure (FCI)](./rms-client/configure-fci.md) 51 | - [Windows PowerShell script for Azure RMS protection by using File Server Resource Manager FCI](rms-client/fci-script.md) 52 | 53 | 54 | ## Next steps 55 | 56 | Now that you understand how applications and services support Azure RMS, you might be interested in comparing Azure RMS with the on-premises version of Rights Management, Active Directory Rights Management Services (AD RMS). For a comparison of features, requirements, and security controls, see [Comparing Azure Rights Management and AD RMS](compare-on-premise.md). -------------------------------------------------------------------------------- /Azure-RMSDocs/get-started-tenant-root-keys.md: -------------------------------------------------------------------------------- 1 | --- 2 | # required metadata 3 | 4 | title: Get started with using and managing your tenant root key 5 | description: Learn about the next steps after planning your tenant root key management, including the default key generated by Microsoft and BYOK protection. 6 | author: aashishr 7 | ms.author: aashishr 8 | manager: aashishr 9 | ms.date: 11/11/2020 10 | ms.topic: how-to 11 | ms.collection: M365-security-compliance 12 | ms.service: information-protection 13 | ms.assetid: f0d33c5f-a6a6-44a1-bdec-5be1bc8e1e14 14 | 15 | # optional metadata 16 | 17 | #ROBOTS: 18 | #audience: 19 | #ms.devlang: 20 | ms.subservice: kms 21 | ms.reviewer: esaggese 22 | ms.suite: ems 23 | #ms.tgt_pltfrm: 24 | ms.custom: admin 25 | 26 | --- 27 | 28 | # Getting started with tenant root keys 29 | 30 | [!INCLUDE [looking-for-mip](includes/looking-for-mip.md)] 31 | 32 | After [planning, creating, and configuring your tenant key](plan-implement-tenant-key.md) as needed, continue with the following steps: 33 | 34 | - [Start using your tenant key](#start-using-your-tenant-key) 35 | - [Consider usage logging](#consider-usage-logging) 36 | 37 | For more information about the life-cycle operations supported for your tenant key, see [Operations for your Azure Information Protection tenant key](./operations-tenant-key.md). 38 | 39 | If your organization requires on-premises protection for highly sensitive content, configure [DKE protection](plan-implement-tenant-key.md#double-key-encryption-dke) (unified labeling client only). 40 | 41 | ## Start using your tenant key 42 | 43 | Activate the Rights Management service if it's not yet activated, to enable your organization to start using Azure Information Protection. Users immediately start to use your tenant key. 44 | 45 | For more information, see [Activating the protection service from Azure Information Protection](./activate-service.md). 46 | 47 | > [!NOTE] 48 | > If you decided to manage your own tenant key after the Rights Management service was activated, users are gradually transitioned from the old key to the new key over the course of a few weeks. 49 | > 50 | >During this transition, documents and files that were protected with the old tenant key remain accessible to authorized users. 51 | 52 | ## Consider usage logging 53 | 54 | Usage logging logs every transaction that the Azure Rights Management service performs. 55 | 56 | Depending on your key management method, logging information may include details about your tenant key. The following image shows an example from a log file displayed in Excel, where the **KeyVaultDecryptRequest** and **KeyVaultSignRequest** request types show that the tenant key is being used. 57 | 58 | ![log file in Excel where tenant key is being used](./media/RMS_Logging.png) 59 | 60 | For more information about usage logging, see [Logging and analyzing the protection usage from Azure Information Protection](./log-analyze-usage.md). 61 | -------------------------------------------------------------------------------- /Azure-RMSDocs/how-to-guides.md: -------------------------------------------------------------------------------- 1 | --- 2 | # required metadata 3 | 4 | title: How-to instructions for Azure Information Protection common scenarios 5 | description: Identify use cases that classify and protect your organization's data by using Azure Information Protection. 6 | author: aashishr 7 | ms.author: aashishr 8 | manager: aashishr 9 | ms.date: 11/11/2020 10 | ms.topic: conceptual 11 | ms.collection: M365-security-compliance 12 | ms.service: information-protection 13 | 14 | # optional metadata 15 | 16 | #ROBOTS: 17 | #audience: 18 | #ms.devlang: 19 | ms.reviewer: eymanor 20 | ms.suite: ems 21 | #ms.tgt_pltfrm: 22 | ms.custom: admin 23 | 24 | --- 25 | 26 | # How-to guides for common scenarios that use Azure Information Protection 27 | 28 | [!INCLUDE [looking-for-mip](includes/looking-for-mip.md)] 29 | 30 | There are many ways in which you can use Azure Information Protection when you label and protect your organization's documents and emails. 31 | 32 | The most successful deployments are those that identify specific use cases that provide the most business benefit to the organization. 33 | 34 | ## Common scenarios 35 | 36 | - [Use my own key to protect my organization's data](plan-implement-tenant-key.md) 37 | 38 | For additional information, see [Common scenarios for sensitivity labels](/purview/get-started-with-sensitivity-labels#common-scenarios-for-sensitivity-labels) in the Microsoft Purview documentation. 39 | > 40 | 41 | ## Additional deployment instructions 42 | 43 | Our [Azure Information Protection technical blog](https://aka.ms/AIPblog) includes additional guidance from the trenches. 44 | 45 | For example, for a methodology with best practices for business decision makers and IT implementers, see [Azure Information Protection Deployment Acceleration Guide](https://techcommunity.microsoft.com/t5/Azure-Information-Protection/Azure-Information-Protection-Deployment-Acceleration-Guide/ba-p/334423) 46 | 47 | For more information and step-by-step instructions, see: 48 | 49 | - [How to Build a Custom AIP Tracking Portal](https://techcommunity.microsoft.com/t5/Azure-Information-Protection/How-to-Build-a-Custom-AIP-Tracking-Portal/ba-p/875849) 50 | - [Create richer reports with Microsoft Purview Information Protection and Microsoft Entra login data](https://techcommunity.microsoft.com/t5/Azure-Information-Protection/Create-richer-reports-with-Microsoft-Information-Protection-and/ba-p/392713) 51 | - [Leverage Microsoft Defender for Cloud Apps to apply Azure Information Protection labels in the cloud](https://techcommunity.microsoft.com/t5/Azure-Information-Protection/Leverage-Microsoft-Cloud-App-Security-to-apply-Azure-Information/ba-p/388638) 52 | - [How to prepare an Azure Information Protection “Cloud Exit” plan](https://techcommunity.microsoft.com/t5/Azure-Information-Protection/How-to-prepare-an-Azure-Information-Protection-Cloud-Exit-plan/ba-p/382631) 53 | - [Cross-Tenant Label Visualization](https://techcommunity.microsoft.com/t5/Azure-Information-Protection/Cross-Tenant-Label-Visualization/ba-p/356588) 54 | - [Using Azure Information Protection to protect PDF’s and Adobe Acrobat Reader to view them](https://techcommunity.microsoft.com/t5/Azure-Information-Protection/Using-Azure-Information-Protection-to-protect-PDF-s-and-Adobe/ba-p/282010) 55 | - [Cataloging your Sensitive Data with AIP, Even Before Configuring Labels!](https://techcommunity.microsoft.com/t5/Azure-Information-Protection/Cataloging-your-Sensitive-Data-with-AIP-Even-Before-Configuring/ba-p/267241) 56 | - [Azure Information Protection Scanner Express Installation](https://techcommunity.microsoft.com/t5/Azure-Information-Protection/Azure-Information-Protection-Scanner-Express-Installation/ba-p/265424) 57 | - [Discovery of Sensitive Data Using the AIP Scanner (AIP Premium P1)](https://techcommunity.microsoft.com/t5/Azure-Information-Protection/Discovery-of-Sensitive-Data-Using-the-AIP-Scanner-AIP-Premium-P1/ba-p/252040) 58 | -------------------------------------------------------------------------------- /Azure-RMSDocs/includes/classic-client-sunset-extended-support.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: AIP classic client is sunset and how-to details are provided for those with extended support only. 3 | description: Notes the AIP classic client sunset on March 31, 2021, and provides links for next steps and more information for customers with extended support. 4 | ms.service: information-protection 5 | author: aashishr 6 | ms.topic: include 7 | ms.collection: M365-security-compliance 8 | ms.date: 10/25/2021 9 | ms.author: aashishr 10 | ms.custom: include file 11 | --- 12 | 13 | >[!NOTE] 14 | > To provide a unified and streamlined customer experience, we are sunsetting the **Azure Information Protection classic client** and **Label Management** in the Azure Portal as of **March 31, 2021**. No further support is provided for the classic client, and maintenance versions will no longer be released. 15 | > 16 | >- The classic client will be fully retired, and will stop functioning, on **March 31, 2022**. 17 | >- As of **March 18, 2022**, we are also sunsetting the AIP audit log and analytics, with a full retirement date of **September 31, 2022**. 18 | > 19 | > The content in this article is provided to support customers with extended support only. For more information, see [Removed and retired services](../removed-sunset-services.md). 20 | > 21 | -------------------------------------------------------------------------------- /Azure-RMSDocs/includes/classic-client-sunset.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: AIP classic client is sunset 3 | description: Notes the AIP classic client sunset on March 31, 2021, and provides links for next steps and more information. 4 | ms.service: information-protection 5 | author: aashishr 6 | ms.topic: include 7 | ms.collection: M365-security-compliance 8 | ms.date: 10/25/2021 9 | ms.author: aashishr 10 | ms.custom: include file 11 | --- 12 | 13 | >[!NOTE] 14 | > To provide a unified and streamlined customer experience, we are sunsetting the **Azure Information Protection classic client** and **Label Management** in the Azure Portal as of **March 31, 2021**. No further support is provided for the classic client and maintenance versions will no longer be released. 15 | > 16 | >- The classic client will be fully retired, and will stop functioning, on **March 31, 2022**. 17 | >- As of **March 18, 2022**, we are also sunsetting the AIP audit log and analytics, with a full retirement date of **September 31, 2022**. 18 | > 19 | > For more information, see [Removed and retired services](../removed-sunset-services.md). 20 | 21 | 22 | -------------------------------------------------------------------------------- /Azure-RMSDocs/includes/gdpr-hybrid-note.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: include file 3 | description: include file 4 | services: azure-policy 5 | author: eross-msft 6 | 7 | ms.service: azure-policy 8 | ms.topic: include 9 | ms.collection: M365-security-compliance 10 | ms.date: 07/01/2018 11 | ms.author: lizross 12 | ms.custom: include file 13 | --- 14 | 15 | >[!Note] 16 | >If you’re interested in viewing or deleting personal data, please review Microsoft's guidance in the [Microsoft Purview Compliance Manager](https://servicetrust.microsoft.com/ComplianceManager) and in the [GDPR section of the Microsoft 365 Enterprise Compliance](/microsoft-365/compliance/gdpr) site. If you’re looking for general information about GDPR, see the [GDPR section of the Service Trust portal](https://servicetrust.microsoft.com/ViewPage/GDPRGetStarted). 17 | -------------------------------------------------------------------------------- /Azure-RMSDocs/includes/gdpr-intro-sentence.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: include file 3 | description: include file 4 | services: azure-policy 5 | author: eross-msft 6 | 7 | ms.service: azure-policy 8 | ms.topic: include 9 | ms.collection: M365-security-compliance 10 | ms.date: 07/24/2018 11 | ms.author: lizross 12 | ms.custom: include file 13 | --- 14 | 15 | >[!Note] 16 | > This article provides steps for how to delete personal data from the device or service and can be used to support your obligations under the GDPR. If you’re looking for general info about GDPR, see the [GDPR section of the Service Trust portal](https://servicetrust.microsoft.com/ViewPage/GDPRGetStarted). 17 | -------------------------------------------------------------------------------- /Azure-RMSDocs/includes/looking-for-mip.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: include file 3 | description: include file 4 | services: azure-policy 5 | author: aashishr 6 | 7 | ms.service: azure-policy 8 | ms.topic: include 9 | ms.collection: M365-security-compliance 10 | ms.date: 04/11/2024 11 | ms.author: aashishr 12 | ms.custom: include file 13 | --- 14 | 15 | 16 | > [!NOTE] 17 | > **Are you looking for [Microsoft Purview Information Protection](/purview/information-protection)**, formerly Microsoft Information Protection (MIP)? 18 | > 19 | >The Azure Information Protection add-in is [retired](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/retirement-notification-for-the-azure-information-protection/ba-p/3791908) and replaced with labels that are [built in to your Microsoft 365 apps and services](/purview/sensitivity-labels#sensitivity-labels-and-azure-information-protection). Learn more about the [support status of other Azure Information Protection components](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/azure-information-protection-and-the-information-protection/ba-p/3671070). 20 | > 21 | > The [Microsoft Purview Information Protection client](https://www.microsoft.com/en-us/download/details.aspx?id=53018) (without the add-in) is [generally available](/purview/information-protection-client-relnotes). -------------------------------------------------------------------------------- /Azure-RMSDocs/index.yml: -------------------------------------------------------------------------------- 1 | ### YamlMime:Landing 2 | 3 | title: Azure Information Protection (AIP) documentation 4 | summary: Learn how to control and secure emails, documents, and sensitive data inside and outside your company walls using Azure Information Protection. Note that the AIP unified labeling client is currently in a maintenance mode. For functionality from Office applications, we recommend that you use built-in labeling instead. 5 | 6 | metadata: 7 | title: Azure Information Protection documentation 8 | description: Control and help secure email, documents, and sensitive data that you share outside your company walls. 9 | services: information-protection 10 | ms.service: information-protection 11 | ms.topic: landing-page # Required 12 | ms.collection: M365-security-compliance 13 | author: aashishr 14 | ms.author: aashishr 15 | manager: aashishr 16 | ms.date: 12/08/2020 #Required; mm/dd/yyyy format. 17 | 18 | # linkListType: architecture | deploy | download | get-started | how-to-guide | learn | overview | quickstart | tutorial 19 | 20 | landingContent: 21 | # Cards and links should be based on top customer tasks or top subjects 22 | # Start card title with a verb 23 | # Card 24 | - title: About Azure Information Protection 25 | linkLists: 26 | - linkListType: overview 27 | links: 28 | - text: What is Azure Information Protection? 29 | url: what-is-information-protection.md 30 | 31 | # Card 32 | - title: Manage your root encryption key 33 | linkLists: 34 | - linkListType: how-to-guide 35 | links: 36 | - text: Planning and implementing your Azure Information Protection tenant key 37 | url: plan-implement-tenant-key.md 38 | 39 | # Card 40 | - title: Microsoft Information Protection SDK 41 | linkLists: 42 | - linkListType: overview 43 | links: 44 | - text: About the MIP SDK 45 | url: /information-protection/develop/overview 46 | - linkListType: quickstart 47 | links: 48 | - text: Setup and configuration 49 | url: /information-protection/develop/setup-configure-mip 50 | - text: AD RMS Protection 51 | url: /information-protection/develop/quick-app-adrms 52 | - linkListType: reference 53 | links: 54 | - text: API reference for C++ 55 | url: /information-protection/develop/version-release-history 56 | 57 | -------------------------------------------------------------------------------- /Azure-RMSDocs/media/ADRMS_MSRMSApp_AccessKeys.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/ADRMS_MSRMSApp_AccessKeys.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/ADRMS_MSRMSApp_EmailMessage.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/ADRMS_MSRMSApp_EmailMessage.PNG -------------------------------------------------------------------------------- /Azure-RMSDocs/media/ADRMS_MSRMSApp_ExplorerTrackUsage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/ADRMS_MSRMSApp_ExplorerTrackUsage.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/ADRMS_MSRMSApp_OfficeToolbarTrackUsage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/ADRMS_MSRMSApp_OfficeToolbarTrackUsage.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/ADRMS_MSRMSApp_OutlookMessageTrackUsage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/ADRMS_MSRMSApp_OutlookMessageTrackUsage.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/ADRMS_MSRMSApp_OutlookTrackUsage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/ADRMS_MSRMSApp_OutlookTrackUsage.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/ADRMS_MSRMSApp_Pfile.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/ADRMS_MSRMSApp_Pfile.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/ADRMS_MSRMSApp_PfilePermission.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/ADRMS_MSRMSApp_PfilePermission.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/ADRMS_MSRMSApp_RemoveProtection.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/ADRMS_MSRMSApp_RemoveProtection.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/ADRMS_MSRMSApp_RestrictedAccess.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/ADRMS_MSRMSApp_RestrictedAccess.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/ADRMS_MSRMSApp_SP_CompanyDefined.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/ADRMS_MSRMSApp_SP_CompanyDefined.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/ADRMS_MSRMSApp_SP_OfficeToolbar.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/ADRMS_MSRMSApp_SP_OfficeToolbar.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/ADRMS_MSRMSApp_SP_OutlookToolbar.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/ADRMS_MSRMSApp_SP_OutlookToolbar.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/ADRMS_MSRMSApp_ShareProtectedMenu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/ADRMS_MSRMSApp_ShareProtectedMenu.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/AzRMS.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/AzRMS.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/AzRMS_SecretColaFormula_final.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/AzRMS_SecretColaFormula_final.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/AzRMS_SharePointConnector.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/AzRMS_SharePointConnector.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/AzRMS_documentconsumption1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/AzRMS_documentconsumption1.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/AzRMS_documentconsumption2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/AzRMS_documentconsumption2.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/AzRMS_documentconsumption3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/AzRMS_documentconsumption3.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/AzRMS_documentprotection1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/AzRMS_documentprotection1.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/AzRMS_documentprotection2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/AzRMS_documentprotection2.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/AzRMS_documentprotection3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/AzRMS_documentprotection3.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/AzRMS_elements.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/AzRMS_elements.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/AzRMS_useractivation2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/AzRMS_useractivation2.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/Pfile.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/Pfile.PNG -------------------------------------------------------------------------------- /Azure-RMSDocs/media/RMS_Logging.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/RMS_Logging.PNG -------------------------------------------------------------------------------- /Azure-RMSDocs/media/RMS_connector.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/RMS_connector.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/add-new-cluster-sample.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/add-new-cluster-sample.PNG -------------------------------------------------------------------------------- /Azure-RMSDocs/media/admin-approval-for-mip-in-adobe-reader.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/admin-approval-for-mip-in-adobe-reader.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/aip-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/aip-icon.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/android-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/android-icon.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/api-permissions-app.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/api-permissions-app.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/aws-name-role-aip.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/aws-name-role-aip.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/classify-protect-dialog.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/classify-protect-dialog.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/client-about.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/client-about.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/client-viewer-stretched-images.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/client-viewer-stretched-images.PNG -------------------------------------------------------------------------------- /Azure-RMSDocs/media/configure-blockymessage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/configure-blockymessage.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/configure-exemptdomain.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/configure-exemptdomain.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/content-rescan-update.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/content-rescan-update.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/cross-tenant-consent.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/cross-tenant-consent.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/develop/android-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/develop/android-icon.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/develop/ios-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/develop/ios-icon.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/download.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/download.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/edge_open_browser.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/edge_open_browser.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/example-email-footerv2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/example-email-footerv2.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/excel2016-infoprotect-barv2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/excel2016-infoprotect-barv2.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/excelproplus-infoprotect-bar.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/excelproplus-infoprotect-bar.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/export-scanner-repositories.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/export-scanner-repositories.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/fiddler-tls-inspection.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/fiddler-tls-inspection.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/fiddler-tls-secure-connection.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/fiddler-tls-secure-connection.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/gifs/quickstart-add-aip-to-portal.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/gifs/quickstart-add-aip-to-portal.gif -------------------------------------------------------------------------------- /Azure-RMSDocs/media/half-support-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/half-support-icon.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/i-add.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/i-add.PNG -------------------------------------------------------------------------------- /Azure-RMSDocs/media/i-clusters.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/i-clusters.PNG -------------------------------------------------------------------------------- /Azure-RMSDocs/media/i-columns.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/i-columns.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/i-content-scan-jobs.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/i-content-scan-jobs.PNG -------------------------------------------------------------------------------- /Azure-RMSDocs/media/i-copy-policies.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/i-copy-policies.PNG -------------------------------------------------------------------------------- /Azure-RMSDocs/media/i-log-analytics.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/i-log-analytics.PNG -------------------------------------------------------------------------------- /Azure-RMSDocs/media/i-network-scan-jobs.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/i-network-scan-jobs.PNG -------------------------------------------------------------------------------- /Azure-RMSDocs/media/i-publish.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/i-publish.PNG -------------------------------------------------------------------------------- /Azure-RMSDocs/media/i-refresh.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/i-refresh.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/i-repositories.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/i-repositories.PNG -------------------------------------------------------------------------------- /Azure-RMSDocs/media/i-scan-now.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/i-scan-now.PNG -------------------------------------------------------------------------------- /Azure-RMSDocs/media/i-sensitivity.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/i-sensitivity.PNG -------------------------------------------------------------------------------- /Azure-RMSDocs/media/i-unassign.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/i-unassign.PNG -------------------------------------------------------------------------------- /Azure-RMSDocs/media/i_categorize.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 22 | 23 | i_categorize 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | -------------------------------------------------------------------------------- /Azure-RMSDocs/media/i_config-tools.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 26 | 27 | i_config-tools 28 | 29 | 30 | 31 | 32 | 33 | -------------------------------------------------------------------------------- /Azure-RMSDocs/media/i_learn-about.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 30 | 31 | i_learn-about 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | -------------------------------------------------------------------------------- /Azure-RMSDocs/media/i_portal.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 19 | 20 | i_portal 21 | 22 | 23 | 24 | 25 | 26 | 27 | -------------------------------------------------------------------------------- /Azure-RMSDocs/media/i_quick-start.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 27 | 28 | i_quick-start 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | -------------------------------------------------------------------------------- /Azure-RMSDocs/media/i_search.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 23 | 24 | i_search 25 | 26 | 27 | 28 | 29 | 30 | -------------------------------------------------------------------------------- /Azure-RMSDocs/media/import-scanner-repositories.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/import-scanner-repositories.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/info-protect-azurerms-activated.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/info-protect-azurerms-activated.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/info-protect-azurerms-deactivated.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/info-protect-azurerms-deactivated.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/info-protect-barv2-not-set-callout.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/info-protect-barv2-not-set-callout.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/info-protect-nodefaultlabels.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/info-protect-nodefaultlabels.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/info-protect-policy-default-labelsv2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/info-protect-policy-default-labelsv2.PNG -------------------------------------------------------------------------------- /Azure-RMSDocs/media/info-protect-policy-default-settings-quickstart.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/info-protect-policy-default-settings-quickstart.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/info-protect-policy-default-settingsv3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/info-protect-policy-default-settingsv3.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/info-types-to-be-discovered.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/info-types-to-be-discovered.jpg -------------------------------------------------------------------------------- /Azure-RMSDocs/media/infoprotect-protectbutton-pulldown.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/infoprotect-protectbutton-pulldown.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/information-banner-custom-protection.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/information-banner-custom-protection.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/information-protection-scanner.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/information-protection-scanner.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/ios-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/ios-icon.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/ios-share-to-aip-viewer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/ios-share-to-aip-viewer.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/justification-client.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/justification-client.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/justification-office.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/justification-office.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/labelname_scc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/labelname_scc.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/linkcss.js: -------------------------------------------------------------------------------- 1 | writeCSS(scriptPath()); 2 | 3 | function scriptPath() 4 | { 5 | var col = document.scripts; 6 | return col[col.length - 1].src; 7 | } 8 | 9 | function writeCSS(spath) 10 | { 11 | // Get a base CSS name based on the browser. 12 | var css = "backsdkn.css"; 13 | if (navigator.appName == "Microsoft Internet Explorer") { 14 | var sVer = navigator.appVersion; 15 | sVer = sVer.substring(0, sVer.indexOf(".")); 16 | if (sVer >= 4) 17 | css = "backsdk4.css"; 18 | else 19 | css = "backsdk3.css"; 20 | } 21 | 22 | // The CSS is in the same directory as the script. 23 | css = spath.replace(/linkcss.js/, css); 24 | document.writeln(''); 25 | } -------------------------------------------------------------------------------- /Azure-RMSDocs/media/log-analytics-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/log-analytics-icon.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/migration-status-banner.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/migration-status-banner.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/network-scan-job-demo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/network-scan-job-demo.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/no-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/no-icon.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/ome-message.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/ome-message.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/onfigure-justifymessage2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/onfigure-justifymessage2.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/protect-custom-permissions.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/protect-custom-permissions.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/protect-from-file-explorer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/protect-from-file-explorer.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/protected-pdf-in-adobe-reader.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/protected-pdf-in-adobe-reader.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/protecting-pub-files.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/protecting-pub-files.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/protection-bar-configured.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/protection-bar-configured.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/activate.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/activate.PNG -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/aip-client-compare-across-platforms.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/aip-client-compare-across-platforms.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/assign-cluster-all.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/assign-cluster-all.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/assign-cluster.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/assign-cluster.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/assign-content-scan-job.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/assign-content-scan-job.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/compare-migrated-labels-small.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/compare-migrated-labels-small.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/compare-migrated-labels.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/compare-migrated-labels.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/confirm-activation.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/confirm-activation.PNG -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/content-scan-job-data-discovery.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/content-scan-job-data-discovery.PNG -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/i-network-scan-jobs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/i-network-scan-jobs.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/i-nodes.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/i-nodes.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/i-repos.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/i-repos.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/network-scan-job.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/network-scan-job.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/pin-to-dashboard.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/pin-to-dashboard.PNG -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/powershell-sign-in.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/powershell-sign-in.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/protect-sensitivity-button-compare.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/protect-sensitivity-button-compare.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/qs-add-new-cluster.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/qs-add-new-cluster.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/qs-post-install-scanner.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/qs-post-install-scanner.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/quickstart-add-cs-job.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/quickstart-add-cs-job.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/risky-repos-small.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/risky-repos-small.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/risky-repos.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/risky-repos.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/sample-aip-client-office.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/sample-aip-client-office.PNG -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/sample-built-in-client-office.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/sample-built-in-client-office.PNG -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/sample-compare-classic.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/sample-compare-classic.PNG -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/sample-office-on-the-web.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/sample-office-on-the-web.PNG -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/sample-outlook-on-the-web.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/sample-outlook-on-the-web.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/sample-test-scanner.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/sample-test-scanner.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/save-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/save-icon.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/scanned-network.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/scanned-network.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/ul-see-blockmessage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/ul-see-blockmessage.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/ul-see-custom-blockmessage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/ul-see-custom-blockmessage.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/ul-see-nolabljustify-custom.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/ul-see-nolabljustify-custom.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/ul-see-nolabljustify.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/ul-see-nolabljustify.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/qs-tutor/ul-see-warnmessage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/qs-tutor/ul-see-warnmessage.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/recipients-only-label.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/recipients-only-label.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/recipients-only-label2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/recipients-only-label2.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/right-click-classify-protect-folder.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/right-click-classify-protect-folder.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/risky-repos-small.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/risky-repos-small.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/risky-repos.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/risky-repos.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/sample-popup-block.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/sample-popup-block.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/sample-popup-justify.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/sample-popup-justify.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/sample-popup-warn.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/sample-popup-warn.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/scanner-file-types-purview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/scanner-file-types-purview.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/scanner-file-types.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/scanner-file-types.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/scanner-repositories-bar.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/scanner-repositories-bar.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/scanner-repository-add.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/scanner-repository-add.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/scanner-rescan-files.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/scanner-rescan-files.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/scanner-scan-now.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/scanner-scan-now.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/scanner-stop-scan.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/scanner-stop-scan.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/search-for-aip.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/search-for-aip.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/select-aip-viewer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/select-aip-viewer.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/selected-sensitivity-options.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/selected-sensitivity-options.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/sensitivity-not-set-callout.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/sensitivity-not-set-callout.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/share-protected-emailv2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/share-protected-emailv2.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/small/android-icon-small.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/small/android-icon-small.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/small/ios-icon-small.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/small/ios-icon-small.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/small/network-scan-job-demo-small.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/small/network-scan-job-demo-small.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/small/risky-repos-small.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/small/risky-repos-small.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/templates-exchangeonline-callouts.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/templates-exchangeonline-callouts.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/track-and-revoke.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/track-and-revoke.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/track-revoke-word.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/track-revoke-word.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/track-usage-callout.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/track-usage-callout.PNG -------------------------------------------------------------------------------- /Azure-RMSDocs/media/track-usage-calloutv3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/track-usage-calloutv3.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/tracking-site-admin-icon.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/tracking-site-admin-icon.PNG -------------------------------------------------------------------------------- /Azure-RMSDocs/media/tracking-site-exit-admin-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/tracking-site-exit-admin-icon.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/tracking-site-export-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/tracking-site-export-icon.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/tracking-site-revoke-access-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/tracking-site-revoke-access-icon.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/tracking-site-settings-email.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/tracking-site-settings-email.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/treat-rec-labeling-as-automatic.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/treat-rec-labeling-as-automatic.jpg -------------------------------------------------------------------------------- /Azure-RMSDocs/media/ul-scanner-arch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/ul-scanner-arch.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/v2delete-label.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/v2delete-label.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/v2edit-label.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/v2edit-label.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/v2info-protect-dialog-labels-dimmed.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/v2info-protect-dialog-labels-dimmed.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/v2word2016-calloutsv2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/v2word2016-calloutsv2.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/validate-rms-connector.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/validate-rms-connector.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/videos-gifs/dke.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/videos-gifs/dke.gif -------------------------------------------------------------------------------- /Azure-RMSDocs/media/what-is-mip.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/what-is-mip.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/windows-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/windows-icon.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/yes-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/yes-icon.png -------------------------------------------------------------------------------- /Azure-RMSDocs/media/yes-plus-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/Azure-RMSDocs/media/yes-plus-icon.png -------------------------------------------------------------------------------- /Azure-RMSDocs/migrate-softwarekey-to-softwarekey.md: -------------------------------------------------------------------------------- 1 | --- 2 | # required metadata 3 | 4 | title: Migrate software-protected key to software-protected key - AIP 5 | description: Instructions that are part of the migration path from AD RMS to Azure Information Protection, and are applicable only if your AD RMS key is software-protected and you want to migrate to Azure Information Protection with a software-protected tenant key. 6 | author: aashishr 7 | ms.author: aashishr 8 | manager: aashishr 9 | ms.date: 11/11/2020 10 | ms.topic: how-to 11 | ms.collection: M365-security-compliance 12 | ms.service: information-protection 13 | ms.assetid: 81a5cf4f-c1f3-44a9-ad42-66e95f33ed27 14 | 15 | # optional metadata 16 | 17 | #ROBOTS: 18 | #audience: 19 | #ms.devlang: 20 | ms.subservice: migration 21 | ms.reviewer: esaggese 22 | ms.suite: ems 23 | #ms.tgt_pltfrm: 24 | ms.custom: admin 25 | 26 | --- 27 | 28 | 29 | # Step 2: Software-protected key to software-protected key migration 30 | 31 | These instructions are part of the [migration path from AD RMS to Azure Information Protection](migrate-from-ad-rms-to-azure-rms.md), and are applicable only if your AD RMS key is software-protected and you want to migrate to Azure Information Protection with a software-protected tenant key. 32 | 33 | If this is not your chosen configuration scenario, go back to [Step 4. Export configuration data from AD RMS and import it to Azure RMS](migrate-from-ad-rms-phase2.md#step-4-export-configuration-data-from-ad-rms-and-import-it-to-azure-information-protection) and choose a different configuration. 34 | 35 | Use the following procedure to import the AD RMS configuration to Azure Information Protection, to result in your Azure Information Protection tenant key that is managed by Microsoft. 36 | 37 | ## To import the configuration data to Azure Information Protection 38 | 39 | 1. On an internet-connected workstation, use the [Connect-AipService](/powershell/module/aipservice/connect-aipservice) cmdlet to connect to the Azure Rights Management service: 40 | 41 | ```PowerShell 42 | Connect-AipService 43 | ``` 44 | 45 | When prompted, enter your Azure Rights Management tenant administrator credentials (typically, you will use an account that is a global administrator for Azure Active Directory or Office 365). 46 | 47 | 2. Use the [Import-AipServiceTpd](/powershell/module/aipservice/import-aipservicetpd) cmdlet to upload each exported trusted publishing domain (.xml) file. For example, you should have at least one additional file to import if you upgraded your AD RMS cluster for Cryptographic Mode 2. 48 | 49 | To run this cmdlet, you will need the password that you specified earlier for each configuration data file. 50 | 51 | For example, first run the following to store the password: 52 | 53 | ```PowerShell 54 | $TPD_Password = Read-Host -AsSecureString 55 | ``` 56 | 57 | Enter the password that you specified to export the first configuration data file. Then, using E:\contosokey1.xml as an example for that configuration file, run the following command and confirm that you want to perform this action: 58 | 59 | ```PowerShell 60 | Import-AipServiceTpd -TpdFile E:\contosokey1.xml -ProtectionPassword $TPD_Password -Verbose 61 | ``` 62 | 63 | 3. When you have uploaded each file, run [Set-AipServiceKeyProperties](/powershell/module/aipservice/set-aipservicekeyproperties) to identify the imported key that matches the currently active SLC key in AD RMS. This key will become the active tenant key for your Azure Rights Management service. 64 | 65 | 4. Use the [Disconnect-AipService](/powershell/module/aipservice/disconnect-aipservice) cmdlet to disconnect from the Azure Rights Management service: 66 | 67 | ```PowerShell 68 | Disconnect-AipService 69 | ``` 70 | 71 | You’re now ready to go to [Step 5. Activate the Azure Rights Management service](migrate-from-ad-rms-phase2.md#step-5-activate-the-azure-rights-management-service). 72 | 73 | 74 | -------------------------------------------------------------------------------- /Azure-RMSDocs/operations-tenant-key.md: -------------------------------------------------------------------------------- 1 | --- 2 | # required metadata 3 | 4 | title: Operations for your Azure Information Protection tenant key 5 | description: Identify the different levels of control and responsibility that you have for your Azure Information Protection tenant key. 6 | author: aashishr 7 | ms.author: aashishr 8 | manager: aashishr 9 | ms.date: 11/11/2020 10 | ms.topic: conceptual 11 | ms.collection: M365-security-compliance 12 | ms.service: information-protection 13 | ms.assetid: 1284d0ee-0a72-45ba-a64c-3dcb25846c3d 14 | 15 | # optional metadata 16 | 17 | #ROBOTS: 18 | #audience: 19 | #ms.devlang: 20 | ms.subservice: kms 21 | ms.reviewer: esaggese 22 | ms.suite: ems 23 | #ms.tgt_pltfrm: 24 | ms.custom: admin 25 | 26 | --- 27 | 28 | # Operations for your Azure Information Protection tenant key 29 | 30 | [!INCLUDE [looking-for-mip](includes/looking-for-mip.md)] 31 | 32 | Depending on your tenant key topology for Azure Information Protection, you have different levels of control and responsibility for your Azure Information Protection tenant key. The two key topologies are **Microsoft-managed** and **customer-managed**. 33 | 34 | When you manage your own tenant key in Azure Key Vault, this is often referred to as bring your own key (BYOK). For more information about this scenario and how to choose between the two tenant key topologies, see [Planning and implementing your Azure Information Protection tenant key](plan-implement-tenant-key.md). 35 | 36 | The following table identifies the operations that you can do, depending on the topology that you’ve chosen for your Azure Information Protection tenant key. 37 | 38 | |Life cycle operation|Microsoft-managed (default)|Customer-managed (BYOK)| 39 | |-----------------------|-------------------------------|---------------------------| 40 | |Revoke your tenant key|No (automatic)|Yes| 41 | |Rekey your tenant key|Yes|Yes| 42 | |Backup and recover your tenant key|No|Yes| 43 | |Export your tenant key|Yes|No| 44 | |Respond to a breach|Yes|Yes| 45 | 46 | After you have identified which topology you have implemented, select one of the following links for more information about these operations for your Azure Information Protection tenant key: 47 | 48 | - [Microsoft-managed tenant key](operations-microsoft-managed-tenant-key.md) 49 | - [Customer-managed tenant key](operations-customer-managed-tenant-key.md) 50 | 51 | However, if you want to create an Azure Information Protection tenant key by importing a trusted publishing domain (TPD) from Active Directory Rights Management Services, this import operation is part of the [migration from AD RMS to Azure Information Protection](migrate-from-ad-rms-to-azure-rms.md). As part of the design, an AD RMS TPD can only be imported to one tenant. 52 | 53 | -------------------------------------------------------------------------------- /Azure-RMSDocs/removed-sunset-services.md: -------------------------------------------------------------------------------- 1 | --- 2 | # required metadata 3 | 4 | title: Removed and retired services - Azure Information Protection 5 | description: Learn about removed or retired services that you may have used or are still using with Azure Information Protection 6 | author: aashishr 7 | ms.author: aashishr 8 | manager: aashishr 9 | ms.date: 02/16/2022 10 | ms.topic: conceptual 11 | ms.collection: M365-security-compliance 12 | ms.service: information-protection 13 | 14 | --- 15 | 16 | # Removed and retired services 17 | 18 | [!INCLUDE [looking-for-mip](includes/looking-for-mip.md)] 19 | 20 | This article describes the current status for services that we've removed and retired, or are currently sunsetting, which you may have used or are still using with Azure Information Protection. 21 | 22 | ## The AIP classic client 23 | 24 | To provide a unified and streamlined customer experience, we have retired the **Azure Information Protection classic client** and **labeling management** pages in the Azure portal as of **March 31, 2022**. This means that: 25 | 26 | - No further support is provided for the classic client 27 | - Maintenance versions will no longer be released 28 | - The **Labels** and **Policies** tabs have been removed from the Azure portal 29 | - The classic client can no longer acquire policies from the Azure portal 30 | 31 | We recommend that all customers migrate to unified labeling, and enable [built-in sensitivity labeling for Office applications](/microsoft-365/compliance/sensitivity-labels). 32 | 33 | For more information, see: 34 | 35 | - [Final reminder to migrate from Azure Information Protection classic client to unified labeling 36 | ](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/final-reminder-to-migrate-from-azure-information-protection/ba-p/2731734). 37 | - [Learn about built-in labeling and the AIP unified labeling client](rms-client/use-client.md) 38 | - [Archived classic client documentation](/previous-versions/azure/information-protection/) 39 | 40 | ## Azure Information Protection analytics 41 | 42 | Azure Information Protection analytics pages in the Azure portal have been deprecated and are no longer available. Instead, we highly recommend that you use the Microsoft Purview compliance portal's activity explorer and M365 unified audit log, which provide comprehensive logging and reporting. 43 | 44 | Customers who already have AIP audit logs configured will continue to have those audit logs forwarded to their Log Analytics workspaces until March 31, 2023. At that point, customers will not be able to have any new AIP data forwarded to their Log Analytics workspace. 45 | 46 | For more information, see: 47 | 48 | - [Analytics and central reporting for Azure Information Protection](/azure/information-protection/reports-aip) 49 | - [Admin guide to auditing and reporting for the AIP Unified Labeling client](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/admin-guide-to-auditing-and-reporting-for-the-aip-unified/ba-p/3610727) 50 | - [Get started with activity explorer](/microsoft-365/compliance/data-classification-activity-explorer) 51 | - [Get started with content explorer](/microsoft-365/compliance/data-classification-content-explorer) 52 | - [AIP Yammer community post](https://aka.ms/AIPAuditLogDeprecation) 53 | 54 | ## AIP and legacy Windows and Office, SharePoint, and Exchange versions 55 | 56 | - [Windows 7 extended supported ended on January 14, 2020](/lifecycle/products/windows-7). 57 | 58 | We strongly encourage you to upgrade to a newer version of Windows. 59 | 60 | However, if you have Extended Security Updates (ESU) and a support contract, AIP support is available to continue keeping your Windows 7 systems secure. 61 | 62 | For more information, check with your support contact. 63 | 64 | - [Office 2010](/lifecycle/products/microsoft-office-2010) and [Exchange Server 2010](/lifecycle/products/exchange-server-2010) extended support ended on October 13, 2020. 65 | 66 | This support will not be extended, and ESU will not be offered for Office 2010. 67 | 68 | We strongly encourage you to upgrade to a newer version of Office 365. 69 | 70 | - [SharePoint Server 2010 extended support ended on April 13, 2021](/lifecycle/products/microsoft-sharepoint-server-2010). 71 | 72 | For more information, check with your support contact. 73 | -------------------------------------------------------------------------------- /Azure-RMSDocs/verify.md: -------------------------------------------------------------------------------- 1 | --- 2 | # required metadata 3 | 4 | title: Verifying Azure Rights Management - AIP 5 | description: Instructions to verify that the protection service from Azure Information Protection is working as expected. 6 | author: aashishr 7 | ms.author: aashishr 8 | manager: aashishr 9 | ms.date: 05/03/2020 10 | ms.topic: how-to 11 | ms.collection: M365-security-compliance 12 | ms.service: information-protection 13 | ms.assetid: 08664a01-81a5-4fa5-884c-7306ee55dba0 14 | 15 | # optional metadata 16 | 17 | #ROBOTS: 18 | #audience: 19 | #ms.devlang: 20 | ms.subservice: azurerms 21 | ms.reviewer: esaggese 22 | ms.suite: ems 23 | #ms.tgt_pltfrm: 24 | ms.custom: admin 25 | 26 | --- 27 | 28 | # Verifying the Azure Rights Management service 29 | 30 | 31 | When the protection service (Azure Rights Management) from Azure Information Protection is activated and you have performed any additional configuration steps that are required for your organization, you are ready to verify that this protection service is working as expected. 32 | 33 | A simple verification test is to protect a document or email message by using one user account, and then attempt to open and use that protected content from another user account on a different computer. 34 | 35 | ## Next steps 36 | 37 | You can monitor how your organization is using this protection service by using usage logging. For more information, see [Logging and analyzing the protection usage from Azure Information Protection](log-analyze-usage.md). 38 | 39 | 40 | 41 | -------------------------------------------------------------------------------- /Azure-RMSDocs/what-is-information-protection.md: -------------------------------------------------------------------------------- 1 | --- 2 | # required metadata 3 | 4 | title: What is Azure Information Protection (AIP)? 5 | description: Azure Information Protection (AIP) extends the Microsoft Purview Information Protection framework to extend the labeling and classification functionality provided by Microsoft 365. 6 | author: aashishr 7 | ms.author: aashishr 8 | manager: aashishr 9 | ms.date: 11/09/2020 10 | ms.topic: overview 11 | ms.collection: M365-security-compliance 12 | ms.service: information-protection 13 | 14 | # optional metadata 15 | 16 | #ROBOTS: 17 | #audience: 18 | #ms.devlang: 19 | #ms.reviewer: eymanor 20 | #ms.suite: ems 21 | #ms.tgt_pltfrm: 22 | search.appverid: 23 | - MET150 24 | Customer intent: As an administrator, I want to extend Microsoft 365's labeling and classification functionality to File Explorer, PowerShell, third party apps and services, and more. 25 | --- 26 | 27 | # What is Azure Information Protection? 28 | 29 | [!INCLUDE [looking-for-mip](includes/looking-for-mip.md)] 30 | 31 | Azure Information Protection (AIP) provides the encryption service, [Azure Rights Management](what-is-azure-rms.md), that's used by Microsoft Purview Information Protection and the following capabilities: 32 | 33 | - [Sensitivity labels](/purview/sensitivity-labels) 34 | - [Microsoft Purview Information Protection client](/purview/information-protection-client) 35 | - [Microsoft Purview Information Protection scanner](/purview/deploy-scanner) 36 | - [Microsoft Information Protection SDK](#microsoft-information-protection-sdk) 37 | 38 | For a comprehensive list of capabilities from Microsoft Purview Information Protection, see [Protect your sensitive data with Microsoft Purview](/purview/information-protection). 39 | 40 | ## Microsoft Information Protection SDK 41 | 42 | The Microsoft Information Protection SDK extends sensitivity labels to third-party apps and services. Developers can use the SDK to build built-in support for applying labels and protection to files. 43 | 44 | For example, you might use the MIP SDK for: 45 | 46 | - A line-of-business application that applies sensitivity labels to files on export. 47 | - A CAD/CAM design application that provides support for built-in labeling. 48 | - A cloud access security broker or data loss prevention solution that reasons over data encrypted with Azure Information Protection. 49 | 50 | For more information, see the [Microsoft Information Protection SDK overview](/information-protection/develop/overview). -------------------------------------------------------------------------------- /LICENSE-CODE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | Copyright (c) Microsoft Corporation 3 | 4 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and 5 | associated documentation files (the "Software"), to deal in the Software without restriction, 6 | including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, 7 | and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, 8 | subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included in all copies or substantial 11 | portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT 14 | NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 15 | IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, 16 | WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 17 | SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Github repository for Microsoft technical documentation 2 | 3 | You've found one of the GitHub repositories that houses the source content for [Microsoft Learn](https://learn.microsoft.com/). 4 | 5 | ## Microsoft Open Source Code of Conduct 6 | 7 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). 8 | For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. 9 | -------------------------------------------------------------------------------- /ThirdPartyNotices: -------------------------------------------------------------------------------- 1 | ##Legal Notices 2 | Microsoft and any contributors grant you a license to the Microsoft documentation and other content 3 | in this repository under the [Creative Commons Attribution 4.0 International Public License](https://creativecommons.org/licenses/by/4.0/legalcode), 4 | see the [LICENSE](LICENSE) file, and grant you a license to any code in the repository under the [MIT License](https://opensource.org/licenses/MIT), see the 5 | [LICENSE-CODE](LICENSE-CODE) file. 6 | 7 | Microsoft, Windows, Microsoft Azure and/or other Microsoft products and services referenced in the documentation 8 | may be either trademarks or registered trademarks of Microsoft in the United States and/or other countries. 9 | The licenses for this project do not grant you rights to use any Microsoft names, logos, or trademarks. 10 | Microsoft's general trademark guidelines can be found at http://go.microsoft.com/fwlink/?LinkID=254653. 11 | 12 | Privacy information can be found at https://privacy.microsoft.com/en-us/ 13 | 14 | Microsoft and any contributors reserve all others rights, whether under their respective copyrights, patents, 15 | or trademarks, whether by implication, estoppel or otherwise. -------------------------------------------------------------------------------- /UpdateSubmodule.ps1: -------------------------------------------------------------------------------- 1 | #This tool will only update submodules in local workspace. 2 | 3 | param( 4 | [string]$credential, 5 | [switch]$remote=$False 6 | ) 7 | 8 | $WorkingFolder = (Split-Path $script:MyInvocation.MyCommand.Path -Parent) 9 | $submoduleMetaFile = (Join-Path -Path $WorkingFolder -ChildPath ".gitmodules") 10 | 11 | function Add-Credential { 12 | param ([string]$gitUrl, [string]$credential) 13 | 14 | $blocks = $gitUrl -split "/|\\" 15 | $protocol = "https:" 16 | $outItems = New-Object System.Collections.Generic.List[System.Object] 17 | if (($blocks[0] -eq "https:") -Or ($blocks[0] -eq "http:") -Or ($blocks[0] -eq "git:")) { 18 | $protocol = $blocks[0] 19 | } 20 | for ($i=1; $i -lt $blocks.Length; $i++) { 21 | if ($blocks[$i]) { 22 | $outItems.Add($blocks[$i]) 23 | } 24 | } 25 | return ("{0}{1}{2}" -f $protocol,"//$credential@",($outItems -join "/")) 26 | } 27 | 28 | if (!$credential) { 29 | Write-Host "Please specify a credential info (-credential username:password or -credential username:token) to access git." 30 | Write-Host "Terminated." 31 | Exit 1 32 | } 33 | 34 | #Update Repository 35 | Write-Host "************************************************" 36 | #Set current working director 37 | Set-Location $WorkingFolder 38 | 39 | if (!(Test-Path $submoduleMetaFile)) { 40 | Write-Host "Error: The submodule metadata file $submoduleMetaFile doesn't exists, please add submodule first." 41 | Write-Host "Terminated." 42 | Exit 1 43 | } 44 | 45 | Write-Host "git submodule init" 46 | git submodule init 47 | $content = [IO.File]::ReadAllText("$submoduleMetaFile") 48 | $contents = $content -split "\[|\]" 49 | for ($i=1; $i -lt $contents.Length; $i=$i+2) { 50 | $submoduleName = ($contents[$i] -split '"')[1] 51 | $properties = ($contents[$i+1].Trim() -split '["\r\n?"|"\n\r?"]') 52 | $items = New-Object System.Collections.Generic.List[System.Object] 53 | foreach ($property in $properties) { 54 | $property = $property.Trim() 55 | if ($property) { 56 | $items.Add($property) 57 | } 58 | } 59 | $items = $items.toArray() 60 | $submoduleUrl = ($items[1] -split "=")[1].Trim() 61 | $submoduleUrl = Add-Credential -gitUrl $submoduleUrl -credential $credential 62 | git config submodule."$submoduleName".url $submoduleUrl 63 | } 64 | Write-Host "git submodule update" 65 | git submodule update 66 | if ($remote) { 67 | Write-Host "git submodule update --remote" 68 | git submodule update --remote 69 | } 70 | Write-Host "************************************************" 71 | -------------------------------------------------------------------------------- /mip/breadcrumb/toc.yml: -------------------------------------------------------------------------------- 1 | - name: Docs 2 | tocHref: / 3 | topicHref: / 4 | items: 5 | - name: Enterprise Mobility + Security 6 | tocHref: /enterprise-mobility-security/ 7 | topicHref: /enterprise-mobility-security/index 8 | items: 9 | - name: Microsoft Information Protection 10 | tocHref: /mip/ 11 | topicHref: /mip/index 12 | items: 13 | - name: Develop 14 | tocHref: /mip/develop/ 15 | topicHref: /mip/develop/index 16 | -------------------------------------------------------------------------------- /mip/develop/concept-async-observers-policy-cpp.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Concepts - Policy SDK observers in the MIP SDK. 3 | description: The MIP SDK is designed to be almost entirely asynchronous. This article will help you understand how Policy SDK observers are implemented and used for asynchronicity. 4 | author: msmbaldwin 5 | ms.service: information-protection 6 | ms.topic: conceptual 7 | ms.date: 04/10/2025 8 | ms.author: mbaldwin 9 | --- 10 | 11 | # Microsoft Information Protection SDK - Policy SDK Observers 12 | 13 | The Policy SDK contains one observer class. Observer members are virtual and should be overridden to handle callbacks for asynchronous operations. 14 | 15 | - [`mip::PolicyProfile::Observer`](https://microsoftdocs.github.io/mip-sdk-docs/cpp/classProtectionProfile_1_1Observer.html) 16 | 17 | When an asynchronous operation completes, the `OnXxx()` member function corresponding to the result is called. Examples are `OnLoadSuccess()`, `OnLoadFailure()`, and `OnAddEngineSuccess()` for `mip::Profile::Observer`. 18 | 19 | The examples below demonstrate the promise/future pattern, which is also used by the SDK samples, and can be extended to implement the desired callback behavior. 20 | 21 | ## Profile Observer Implementation 22 | 23 | In the following example, we've created a class, `ProfileObserver` that is derived from `mip::Profile::Observer`. The member functions have been overridden to use the future/promise pattern used throughout the samples. 24 | 25 | **Note**: The below samples are only partially implemented and do not include overrides for the `mip::ProfileEngine` related observers. 26 | 27 | ### profile_observer.h 28 | 29 | In the header, we define `ProfileObserver`, deriving from `mip::Profile::Observer`, then override each of the member functions. 30 | 31 | ```cpp 32 | class ProfileObserver final : public mip::Profile::Observer { 33 | public: 34 | ProfileObserver() { } 35 | void OnLoadSuccess(const std::shared_ptr& profile, const std::shared_ptr& context) override; 36 | void OnLoadFailure(const std::exception_ptr& error, const std::shared_ptr& context) override; 37 | //TODO: Implement remaining members 38 | }; 39 | ``` 40 | 41 | ### profile_observer.cpp 42 | 43 | In the implementation itself, we define an action to take for each observer member function. 44 | 45 | Each member accepts two parameters. The first is a shared pointer to the class handled by the function. `ProfileObserver::OnLoadSuccess` would expect to receive a `mip::Profile`. `ProfileObserver::OnAddEngineSuccess` would expect `mip::ProfileEngine`. 46 | 47 | The second is a shared pointer to the *context*. In our implementation the context is a reference to a `std::promise`, passed in as `shared_ptr`. The first line of the function casts this to `std::promise`, then stored in an object called `promise`. 48 | 49 | Finally, the future is made ready by setting the `promise->set_value()` and passing in the `mip::Profile` object. 50 | 51 | ```cpp 52 | #include "profile_observer.h" 53 | #include 54 | 55 | //Called when Profile is successfully loaded 56 | void ProfileObserver::OnLoadSuccess(const std::shared_ptr& profile, const std::shared_ptr& context) { 57 | //cast context to promise 58 | auto promise = std::static_pointer_cast>>(context); 59 | //set promise value to profile 60 | promise->set_value(profile); 61 | } 62 | 63 | //Called when Profile fails to load 64 | void ProfileObserver::OnLoadFailure(const std::exception_ptr& error, const std::shared_ptr& context) { 65 | auto promise = std::static_pointer_cast>>(context); 66 | promise->set_exception(error); 67 | } 68 | 69 | //TODO: Implement remaining observer members 70 | ``` 71 | 72 | When performing any asynchronous operation, the observer implementation is passed to the settings constructor or async function itself. 73 | 74 | -------------------------------------------------------------------------------- /mip/develop/concept-async-observers.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Concepts - Observers in the MIP SDK. 3 | description: The MIP SDK is designed to be almost entirely asynchronous. This article will help you understand how Observers are implemented and used for asynchronicity. 4 | author: msmbaldwin 5 | ms.service: information-protection 6 | ms.topic: conceptual 7 | ms.date: 04/10/2025 8 | ms.author: mbaldwin 9 | --- 10 | # Microsoft Information Protection SDK - Observer concepts 11 | 12 | The MIP SDK is designed to be almost entirely asynchronous. For example, any operation resulting in network or file IO is performed asynchronously. To handle the event notifications for these asynchronous events, the SDK makes use of the [observer pattern](https://wikipedia.org/wiki/Observer_pattern). 13 | 14 | ## Implementation overview 15 | 16 | When constructing an object that will perform an asynchronous operation, an `Observer` class must be implemented. Observers will receive the notification events related to the various asynchronous operations in the MIP SDK, and provide the result to the caller. 17 | 18 | Functions in each `Observer` class are virtual and are overridden for the preferred asynchronous pattern. The SDK implements the event notification observer pattern via `std::promise` and `std::future`. 19 | 20 | Each class-specific observer contains a set of success and error/failure functions, for the outcome of an async operation. *Success* functions return the object associated with the operation. *Error*/*Failure* functions return an exception that contains details on why the operation was unsuccessful. 21 | 22 | As an example, `FileProfile` supports the following two operations: 23 | 24 | - It can add a new engine to the profile via `FileProfile::AddEngineAsync`. 25 | - It can unload an engine from the profile via `FileProfile::UnloadEngineAsync`. 26 | 27 | Since two `Observer` functions are implemented per asynchronous operation, it can be assumed that there are **four** `Observer` methods associated with `FileProfile`: 28 | 29 | - `FileProfileObserver::OnAddEngineSuccess()` 30 | - `FileProfileObserver::OnAddEngineError()` 31 | - `FileProfileObserver::OnUnloadEngineSuccess` 32 | - `FileProfileObserver::OnUnloadEngineError()`. 33 | 34 | ## MIP SDK Observer Classes 35 | 36 | The MIP File SDK contains two observers: 37 | 38 | * `mip::FileProfile::Observer` 39 | * `mip::FileHandler::Observer` 40 | 41 | The MIP Policy SDK has just a single observer: 42 | 43 | * `mip::Profile::Observer` 44 | 45 | The MIP Protection SDK has three observers: 46 | 47 | * `mip::ProtectionProfile::Observer` 48 | * `mip::ProtectionEngine::Observer` 49 | * `mip::ProtectionHandler::Observer` 50 | 51 | ## Next Steps 52 | 53 | Learn more about how observers are implemented and used, by the various SDKs: 54 | 55 | * [File SDK Observers (C++)](concept-async-observers-file-cpp.md) 56 | * [Policy SDK Observers (C++)](concept-async-observers-policy-cpp.md) 57 | * [Protection SDK Observers (C++)](concept-async-observers-protection-cpp.md) 58 | -------------------------------------------------------------------------------- /mip/develop/concept-authentication-cpp.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Concepts - Authentication in the MIP SDK. 3 | description: This article will help you understand how the MIP SDK implements authentication, and the requirements for client applications to provide OAuth2 access token acquisition logic. 4 | author: msmbaldwin 5 | ms.service: information-protection 6 | ms.topic: conceptual 7 | ms.date: 04/10/2025 8 | ms.author: mbaldwin 9 | --- 10 | 11 | # Microsoft Information Protection SDK - Authentication concepts 12 | 13 | Authentication in the MIP SDK is performed by extending the class `mip::AuthDelegate` to implement your preferred method of authentication. `mip::AuthDelegate` contains: 14 | 15 | - `mip::AuthDelegate::OAuth2Challenge` - a class that manages the OAuth2 authority info and provides to the client application. 16 | - `mip::AuthDelegate::OAuth2Token` - a class manages OAuth2 access token acquisition (from the client application) and token storage. 17 | - `mip::AuthDelegate::AcquireOAuth2Token()` - a pure virtual function, whose implementation determines the method of access token acquisition. After being called by the SDK, it acquires the access token, then provides it back to the SDK's authentication logic. 18 | 19 | `mip::AuthDelegate::AcquireOAuth2Token` accepts the following parameters, and returns a bool indicating whether token acquisition was successful: 20 | 21 | - `mip::Identity`: The identity of the user or service to be authenticated, if known. 22 | - `mip::AuthDelegate::OAuth2Challenge`: Accepts four parameters, **authority**, **resource**, **claims**, and **scopes**. **Authority** is the service the token will be generated against. **Resource** is the service we're trying to access. The SDK will handle passing these parameters into the delegate when called. **Claims** are the label-specific claims required by the protection service. **Scopes** are the Microsoft Entra permission scopes required to access the resource. 23 | - `mip::AuthDelegate::OAuth2Token`: The token result is written to this object. It will be consumed by the SDK when the engine is loaded. Outside of our authentication implementation, it shouldn't be necessary to get or set this value anywhere. 24 | 25 | **Important:** Applications don't call `AcquireOAuth2Token` directly. The SDK will call this function when required. 26 | 27 | ## Next steps 28 | 29 | For simplicity, samples demonstrating the delegate will implement token acquisition by calling an external script. This script can be replaced by any other type of script, an open-source OAuth2 library, or a custom OAuth2 library. 30 | 31 | - [Acquire an access token using Python](concept-authentication-acquire-token-py.md) 32 | -------------------------------------------------------------------------------- /mip/develop/concept-classification-labels.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Concepts - Classification labels 3 | description: This article will help you understand how labels are used for data classification. 4 | author: msmbaldwin 5 | ms.service: information-protection 6 | ms.topic: conceptual 7 | ms.date: 04/10/2025 8 | ms.author: mbaldwin 9 | --- 10 | 11 | # Microsoft Information Protection SDK - Classification label concepts 12 | 13 | As part of a comprehensive data protection strategy, organizations should implement a data classification system that outlines the levels of sensitivity of data within the organization, and then map document attributes to those classifications. 14 | 15 | Attributes related to classification typically involve the **risk** to the organization if that document or data should be lost or seen by unintended subjects. In the familiar United States government classification system, there are three classification levels. Each has a definition that describes when that classification should be applied: 16 | 17 | * **Top Secret**: Shall be applied to information, the unauthorized disclosure of which reasonably could be expected to cause exceptionally grave damage to the national security that the original classification authority is able to identify or describe. 18 | * **Secret**: Shall be applied to information, the unauthorized disclosure of which reasonably could be expected to cause serious damage to the national security that the original classification authority is able to identify or describe. 19 | * **Confidential**: Shall be applied to information, the unauthorized disclosure of which reasonably could be expected to cause damage to the national security that the original classification authority is able to identify or describe. 20 | * **Unclassified**: This isn't actually a classification, but rather the absence of one of the above three. 21 | 22 | In a commercial or private sector application, we may define a list similar to the default in the Azure Information Protection Service, with monetary values attached. 23 | 24 | * **Highly Confidential**: Shall be applied to information, the unauthorized disclosure of which reasonably could be expected to cause damages greater than USD $1M. 25 | * **Confidential**: Shall be applied to information, the unauthorized disclosure of which reasonably could be expected to cause damages greater than USD $100K. 26 | * **General**: Shall be applied to information, the unauthorized disclosure of which reasonably could be expected to cause little measurable damages. 27 | * **Public**: Shall be applied to information intended for public, external consumption. 28 | * **Non-Business**: Shall be applied to information that is not related to company business, direct or indirect. 29 | 30 | Each classification describes the risk to the business in the event of unauthorized disclosure of that information. After identifying these classification and conditions, attributes should be identified that help data owners to understand which classification to apply. 31 | 32 | ## Labeling 33 | 34 | The act of associating a data classification with a set of information is referred to as **labeling**. Because the MIP SDK is dealing in applying classification **labels** to documents, we don't refer to classifications, but rather to labels. A user or process has already **classified** the data based on knowledge of the information: The MIP SDK will then **label** the information. 35 | 36 | ## Labels in the MIP SDK 37 | 38 | Labels are a fundamental component of the MIP SDK. Labels drive the tagging, protection, and content marking of all documents touched by the SDK. The SDK can: 39 | 40 | * Apply labels to documents 41 | * Read existing labels on documents 42 | * Change an existing label and mandate justification if required by policy 43 | * Remove a label from a document 44 | 45 | The label will apply protection and content marking based on configuration label administrators have defined in Security and Compliance Center. 46 | 47 | ## mip::Label vs. mip::ContentLabel 48 | 49 | Two types of label exist in the MIP SDK. `Label` and `ContentLabel`. 50 | 51 | * Label: A label that can be applied by a user or process as defined in the organizational policy. 52 | * ContentLabel: A label that already exists on a document or information. It can be read, updated, or removed. 53 | 54 | In other words, the `ContentLabel` is a `Label` that has been applied to a piece of information. 55 | 56 | ## Metadata 57 | 58 | The SDK also supported adding extra metadata to documents in the form of key/value pairs. If your organization has sub-classifications or tags that describe the information in a more specific manner, the SDK can be used to apply that metadata. 59 | 60 | ## Next steps 61 | 62 | For more details on the United States government classification system, see https://www.gpo.gov/fdsys/pkg/FR-2010-01-05/html/E9-31418.htm. 63 | -------------------------------------------------------------------------------- /mip/develop/concept-consent-cpp.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Concepts - Consent in the MIP SDK. 3 | description: This article will help you understand how the MIP SDK implements consent flows for users to agree to connecting to the RMS service. 4 | author: msmbaldwin 5 | ms.service: information-protection 6 | ms.topic: conceptual 7 | ms.date: 04/10/2025 8 | ms.author: mbaldwin 9 | --- 10 | 11 | # Microsoft Information Protection SDK - Consent 12 | 13 | The `mip::Consent` enum class implements an easy-to-use approach that permits application developers to provide a custom consent experience based on the endpoint that is being accessed by the SDK. The notification can inform a user of the data that will be collected, how to get the data removed, or any other information that is required by law or compliance policies. Once the user grants consent, the application can continue. This delegate is called only when attempting to access Active Directory Rights Management Services (AD RMS). It isn't called when accessing cloud services. If your application won't support AD RMS, you can implement a delegate that always returns `Consent.AcceptAlways`. 14 | 15 | ### Implementation 16 | 17 | Consent is implemented by extending the `mip::Consent` base class and implementing `GetUserConsent` to return one of the `mip::Consent` enum values. 18 | 19 | The object derived from `mip::Consent` is passed in to the `mip::FileProfile::Settings` or `mip::ProtectionProfile::Settings` constructor. 20 | 21 | When a user performs an operation that would require providing consent, the SDK calls the `GetUserConsent` method, passing in the destination URL as the parameter. It's in this method where one would implement displaying the necessary information to the user, allowing them to make a decision on whether or not they consent to using the service. 22 | 23 | ### Consent Options 24 | 25 | - **AcceptAlways**: Consent and remember the decision. 26 | - **Accept**: Consent once. 27 | - **Reject**: Don't consent. 28 | 29 | When the SDK requests user consent with this method, the client 30 | application should present the URL to the user. Client applications should 31 | provide some means of obtaining user consent and return the appropriate 32 | Consent enum that corresponds to the user's decision. 33 | 34 | ### Sample implementation 35 | 36 | #### consent_delegate_impl.h 37 | 38 | ```cpp 39 | class ConsentDelegateImpl final : public mip::ConsentDelegate { 40 | public: 41 | ConsentDelegateImpl() = default; 42 | 43 | virtual mip::Consent GetUserConsent(const std::string& url) override; 44 | 45 | }; 46 | ``` 47 | 48 | #### consent_delegate_impl.cpp 49 | 50 | When the SDK requires consent, the `GetUserConsent` method is called *by the SDK*, and the URL passed in as a parameter. In the sample below, the user is notified that the SDK will connect to that provided URL and provides the user with an option on the commandline. Based on the choice by the user, the user accepts or rejects consent and that is passed to the SDK. If the user declines to consent, the application will throw an exception, and no call is made to the protection service. 51 | 52 | ```cpp 53 | Consent ConsentDelegateImpl::GetUserConsent(const string& url) { 54 | //Print the consent URL, ask user to choose 55 | std::cout << "SDK will connect to: " << url << std::endl; 56 | 57 | std::cout << "1) Accept Always" << std::endl; 58 | std::cout << "2) Accept" << std::endl; 59 | std::cout << "3) Reject" << std::endl; 60 | std::cout << "Select an option: "; 61 | char input; 62 | std::cin >> input; 63 | 64 | switch (input) 65 | { 66 | case '1': 67 | return Consent::AcceptAlways; 68 | break; 69 | case '2': 70 | return Consent::Accept; 71 | break; 72 | case '3': 73 | return Consent::Reject; 74 | break; 75 | default: 76 | return Consent::Reject; 77 | } 78 | } 79 | ``` 80 | 81 | When in testing, or development, or when using only the cloud-based services, a basic `ConsentDelegate` can be implemented. 82 | 83 | ```cpp 84 | Consent ConsentDelegateImpl::GetUserConsent(const string& url) { 85 | return Consent::AcceptAlways; 86 | } 87 | ``` 88 | 89 | However, in production code the user may be required to be presented with a choice to consent, depending on regional or business requirements and regulations. -------------------------------------------------------------------------------- /mip/develop/concept-data-boundary.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Concepts - Data boundary 3 | description: This article will help you understand the concepts around data compliance boundaries in MIP SDK. 4 | author: tommoser 5 | ms.service: information-protection 6 | ms.topic: conceptual 7 | ms.date: 04/10/2025 8 | ms.author: tommos 9 | --- 10 | 11 | # Concept - Data boundaries in the MIP SDK 12 | 13 | To support requirements around data privacy regulations, the Microsoft Information Protection SDK allows developers to specify a data boundary. This data boundary controls the region to which audit and telemetry events are sent and in certain cases, where these events are stored and processed. 14 | 15 | ## Data boundary values and behaviors 16 | 17 | Possible values for the `DataBoundary` enum are: 18 | 19 | | Value | Details | 20 | | ------------------------ | ----------------------------------------------------------------------------------------------------------------------- | 21 | | Default | Audit and telemetry events are emitted to the nearest collector and forwarded to the United States. | 22 | | Asia | Audit and telemetry events are emitted to a collector in the Asia Pacific region and forwarded to the United States. | 23 | | Europe_MiddleEast_Africa | Audit and telemetry events are emitted to a collector in the EMEA region and forwarded to the United States. | 24 | | European_Union | Audit and telemetry events are emitted to a collector in the European Union region and remain in region for processing. | 25 | | North_America | Audit and telemetry events are emitted to North America region and remain in region for processing. | 26 | 27 | ## When to set the data boundary 28 | 29 | Your application will need to provide an interface that allows users or administrators to set this property based on their data residency requirements. For applications with an administrative interface, this option can be done inside the admin portal. For client applications, you may need to enable deployment of a registry key, configuration value, or other setting. Your application will need to read this value and set the data boundary appropriately. 30 | 31 | In coming releases, we'll make this setting transparent based on the data boundary defined in the customer tenancy. 32 | 33 | ## Setting the data boundary 34 | 35 | The `DataBoundary` is set on the `FileEngineSettings`, `ProtectionEngineSettings`, or `PolicyEngineSettings` objects. 36 | 37 | ```csharp 38 | var engineSettings = new FileEngineSettings(identity.Email, authDelegate, "", "en-US") 39 | { 40 | Identity = identity, 41 | // Set the data boundary to EU 42 | DataBoundary = DataBoundary.European_Union 43 | }; 44 | ``` 45 | 46 | In the example above, all telemetry and audit events will be sent directly to the European Union. 47 | 48 | ## Sovereign Cloud support 49 | 50 | The `DataBoundary` setting has no effect on clouds other than the default commercial cloud. Clouds such as Government Community Cloud High (GCC High) and 21-Vianet send data directly to those clouds by default. 51 | -------------------------------------------------------------------------------- /mip/develop/concept-fips-compliance.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: MIP SDK FIPS Compliance Statement 3 | description: Details about the MIP SDK and FIPS Compliance Status 4 | author: tommoser 5 | ms.author: tommos 6 | ms.date: 04/10/2025 7 | ms.topic: conceptual 8 | ms.service: information-protection 9 | --- 10 | 11 | # FIPS 140-2 Validation 12 | 13 | The Microsoft Information Protection SDK version 1.14 and above can be configured to use the FIPS validated version of OpenSSL 3.0. To use the FIPS validated OpenSSL 3.0 module, developers must install and load the FIPS module. 14 | 15 | ## FIPS 140-2 Compliance 16 | 17 | The Microsoft Information Protection SDK uses OpenSSL to implement all cryptographic operations. OpenSSL isn't FIPS compliant without more configuration by the developer. To develop a FIPS 140-2 compliant application, OpenSSL in the MIP SDK must be configured to load the FIPS module to perform cryptographic operations instead of the default OpenSSL ciphers. 18 | 19 | ## Install and configure the FIPS Module 20 | 21 | Applications using OpenSSL can install and load the FIPS module with the following procedure published by OpenSSL: 22 | 1. Install FIPS module following [Appendix A: Installation and Usage Guidance](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4282.pdf) 23 | 2. Load FIPS module in MIP SDK by [Making all applications use the FIPS module by default](https://www.openssl.org/docs/man3.0/man7/fips_module.html). Configure the [OpenSSL_MODULES](https://www.openssl.org/docs/manmaster/man7/openssl-env.html) environment variable to the directory containing the fips.dll. 24 | 4. (Optional) Configure the FIPS module for some applications only by [Selectively making applications use the FIPS module by default](https://www.openssl.org/docs/man3.0/man7/fips_module.html) 25 | 26 | When the FIPS module is successfully loaded, the MIP SDK log declares FIPS as the OpenSSL provider. 27 | ``` 28 | "OpenSSL provider loaded: [fips]" 29 | ``` 30 | If installation fails, the OpenSSL provider remains default. 31 | ``` 32 | "OpenSSL provider loaded: [default]" 33 | ``` 34 | 35 | Limitations of MIP SDK with FIPS 140-2 validated ciphers: 36 | - Android and macOS are not supported. The FIPS module is available on Windows, Linux, and Mac. 37 | 38 | ## TLS Requirements 39 | 40 | MIP SDK prohibits the use of TLS versions prior to 1.2 unless the connection is made to an Active Directory Rights Management server. 41 | 42 | ## Cryptographic Algorithms in MIP SDK 43 | 44 | | Algorithm | Key Length | Mode | Comment | 45 | | --------- | ----------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | 46 | | AES | 128, 192, 256-bit | ECB, CBC | MIP SDK always protects by default with AES256 CBC. Legacy versions of Office (2010) require AES 128 ECB, and Office docs are still protected in this manner by Office apps. | 47 | | RSA | 2048-bit | n/a | Used for signing and protecting session key that protects a symmetric key blob. | 48 | | SHA-1 | n/a | n/a | Hash algorithm used in signature validation for legacy publishing licenses. | 49 | | SHA-256 | n/a | n/a | Hash algorithm used in data validation, signature validation, and as database keys. | 50 | 51 | ## Next Steps 52 | 53 | For details on the internals and specifics of how AIP protects content, review the following documentation: 54 | - [How Azure RMS Works](/azure/information-protection/how-does-it-work) 55 | - [MS-RMPR Protocol Specification](/openspecs/windows_protocols/ms-rmpr/d8ed4b1e-e605-4668-b173-6312cba6977e) 56 | - [Licenses, Certificates, and how AD RMS protects and consumes documents](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/licenses-and-certificates-and-how-ad-rms-protects-and-consumes/ba-p/247309) 57 | -------------------------------------------------------------------------------- /mip/develop/concept-handler-policy-auditing-cpp.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Concepts - Auditing in the Microsoft Purview Information Protection Policy SDK 3 | description: This article will help you understand how to use the Microsoft Information Protection SDK to submit Policy SDK auditing events to Azure Information Protection Analytics. 4 | services: information-protection 5 | author: tommoser 6 | ms.service: information-protection 7 | ms.topic: conceptual 8 | ms.date: 04/10/2025 9 | ms.author: tommos 10 | --- 11 | 12 | # Auditing in the MIP SDK 13 | 14 | The Azure Information Protection administration portal provides access to administrator reports. These reports provide visibility on the labels users apply, manually or automatically, across any applications that have integrated the MIP SDK. Development partners leveraging the SDK can easily enable this functionality, allowing information from their applications to surface in customer reports. 15 | 16 | ## Event Types 17 | 18 | There are three types of events that can be submitted via the SDK to Azure Information Protection Analytics. **Heartbeat events**, **discovery events**, and **change events** 19 | 20 | ### Heartbeat Events 21 | 22 | Heartbeat events are generated automatically for any application that has integrated the Policy SDK. Heartbeat events include: 23 | 24 | * TenantId 25 | * Time Generated 26 | * User Principal Name 27 | * Name of the machine where the audit was generated 28 | * Process Name 29 | * Platform 30 | * Application ID - Corresponds to the Microsoft Entra Application ID. 31 | 32 | These events are useful in detecting applications across your enterprise that are using the Microsoft Information Protection SDK. 33 | 34 | ### Discovery Events 35 | 36 | Discovery events provide information on labeled information that is read or consumed by the Policy SDK. These events are useful as they surface the devices, location, and users who are accessing information across an organization. 37 | 38 | Discovery events are generated in the Policy SDK, by setting a flag when creating the `mip::PolicyHandler` object. In the example below, the value for **isAuditDiscoveryEnabled** is set to `true`. When `mip::ExecutionState` is passed to `ComputeActions()` or `GetSensitivityLabel()` (with existing metadata information and content identifier), discovery information will be submitted to Azure Information Protection Analytics. 39 | 40 | The discovery audit is generated once the application calls `ComputeActions()` or `GetSensitivityLabel()` and provides `mip::ExecutionState`. This event is generated only once per handler. 41 | 42 | Review the `mip::ExecutionState` concepts documentation for more details on execution state. 43 | 44 | ```cpp 45 | // Create PolicyHandler, passing in true for isAuditDiscoveryEnabled 46 | auto handler = mEngine->CreatePolicyHandler(true); 47 | 48 | // Returns vector of mip::Action and generates discovery event. 49 | auto actions = handler->ComputeActions(*state); 50 | 51 | //Or, get the label for a given state 52 | auto label = handler->GetSensitivityLabel(*state); 53 | ``` 54 | 55 | In practice, **isAuditDiscoveryEnabled** should be `true` during `mip::PolicyHandler` construction, to allow file access information to flow to Azure Information Protection Analytics. 56 | 57 | ## Change Event 58 | 59 | Change events provide information about the file, the label that was applied or changed, and any justifications provided by the user. Change events are generated by calling `NotifyCommittedActions()` on the `mip::PolicyHandler`. The call is made after a change has been successfully committed to a file, passing in the `mip::ExecutionState` that was used to compute the actions. 60 | 61 | > If the application fails to call this function, no events will land in Azure Information Protection Analytics. 62 | 63 | ```cpp 64 | handler->NotifyCommittedActions(*state); 65 | ``` 66 | 67 | ## Audit Dashboard 68 | 69 | Events submitted to the Azure Information Protection audit pipeline will surface in reports at https://portal.azure.com. Azure Information Protection Analytics is in public preview and features/functionality may change. 70 | 71 | ## Next Steps 72 | 73 | - For details on the auditing experience in Azure Information Protection, see the [preview announcement blog on Tech Community](https://techcommunity.microsoft.com/t5/Azure-Information-Protection/Data-discovery-reporting-and-analytics-for-all-your-data-with/ba-p/253854). 74 | - Download the [Policy SDK Samples from GitHub and try out the Policy SDK](https://azure.microsoft.com/resources/samples/?sort=0&term=mipsdk+policyapi) 75 | -------------------------------------------------------------------------------- /mip/develop/concept-handler-policy-cpp.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Concepts - Policy handlers in the MIP SDK. 3 | description: This article will help you understand how Policy SDK handlers are created and used for calling operations. 4 | author: tommoser 5 | ms.service: information-protection 6 | ms.topic: conceptual 7 | ms.date: 04/10/2025 8 | ms.author: tommos 9 | --- 10 | # Microsoft Information Protection SDK - Policy handler concepts 11 | 12 | In the Policy SDK, `mip::PolicyHandler` exposes operations used to compute policy actions, and submit audit events. 13 | 14 | ## Policy handler functions 15 | 16 | `mip::PolicyHandler` exposes methods for reading, writing, and removing both labels and protection information. For the full list, consult the [API reference](https://microsoftdocs.github.io/mip-sdk-docs/cpp/classPolicyHandler.html). 17 | 18 | In this article, the following methods will be covered: 19 | 20 | - `ComputeActions` 21 | - `NotifyCommittedActions` 22 | 23 | ## Requirements 24 | 25 | Creating a `PolicyHandler` requires: 26 | 27 | - A `mip::MipContext` 28 | - A `mip::PolicyProfile` 29 | - A `mip::PolicyEngine` added to the `mip::PolicyProfile` 30 | - A class that implements `mip::PolicyHandler::Observer` 31 | 32 | ## Create a policy handler 33 | 34 | The first step required in obtaining policy actions, is to create a `PolicyHandler` object. This class implements functionality required to get the list of actions a specific label must take. It also implements the function to trigger an audit event. 35 | 36 | Creating the `PolicyHandler` is as easy as calling the `PolicyEngine`'s `CreatePolicyHandlerAsync` function using the promise/future pattern. 37 | 38 | `CreatePolicyHandlerAsync` accepts a single parameter: **isAuditDiscoveryEnabled**. Set this value to **true** if the application should surface heartbeat and discovery events in audit logging. 39 | 40 | > [!NOTE] 41 | > The `mip::PolicyHandler::Observer` class must be implemented in a derived class as `CreatePolicyHandler` requires the `Observer` object. 42 | 43 | ```cpp 44 | auto createPolicyHandlerPromise = std::make_shared>>(); 45 | auto createPolicyHandlerFuture = createPolicyHandlerPromise->get_future(); 46 | PolicyEngine->CreatePolicyHandlerAsync(true); 47 | auto handler = createPolicyHandlerFuture.get(); 48 | ``` 49 | 50 | After successfully creating the `PolicyHandler` object, actions may be computed and audit events submitted. 51 | 52 | ## Next Steps 53 | 54 | Now that you've learned about creation of a Policy handler: 55 | 56 | - Learn how to [create an execution state class](concept-handler-policy-executionstate-cpp.md), which is used for determining compute actions. 57 | - Download the [Policy SDK Samples from GitHub and try out the Policy SDK](https://azure.microsoft.com/resources/samples/?sort=0&term=mipsdk+policyapi) 58 | -------------------------------------------------------------------------------- /mip/develop/concept-justification.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Concept - Action Justification in MIP SDK 3 | description: This article will help you understand the scenario of how to downgrade or remove a label needing justification. 4 | author: msmbaldwin 5 | ms.service: information-protection 6 | ms.topic: conceptual 7 | ms.date: 04/10/2025 8 | ms.author: mbaldwin 9 | --- 10 | 11 | # Action Justification in MIP SDK 12 | 13 | ## Overview 14 | 15 | Label policies in Security and Compliance Center allow administrators to require **justification** upon removal or downgrade of a label. Downgrade is defined as applying a label that has a lower sensitivity value in place of the existing label. 16 | 17 | As discussed previously, File SDK provides easy-to-use interfaces for reading labels from the service, applying labels to defined file types, and reading labels from those files types. It also supports file operations for removing and changing the labels for supported filetypes. Changes to the file label is supported through `mip::FileHandler`'s `SetLabel()` function which provides the ability to set a new label to an unprotected or previously protected file, and `mip::FileHandler`'s `DeleteLabel()` function which removes the label from a previously protected file. 18 | 19 | For some of the sensitivity labels, security administrators might want to apply stricter policies, when a user attempts to downgrade the sensitivity by deleting a label or by changing the label to a less restrictive one. Administrators can configure this using label policy configuration in [security and compliance center](https://sip.compliance.microsoft.com/) by selecting the checkbox. 20 | 21 | ![Action Justification Required](./media/justify-action.png) 22 | 23 | If the file has an existing label and the label policy requires justification in the event of a label downgrade, the `SetLabel()`/`DeleteLabel()` functions will throw `mip::JustificationRequiredError`. The application must catch this exception, then provide an application interface to the user to provide input on the reason for downgrade. Once the justification is recorded, the application can set property `isDowngradeJustified` of `mip::LabelingOptions`, as well as setting the `Justification` property. 24 | 25 | ## Next Steps 26 | 27 | - Review [Action Justification Quickstart for (C++)](quick-file-justify-actions-cpp.md) 28 | - Review [Action Justification Quickstart for (C#)](quick-file-justify-actions-csharp.md) -------------------------------------------------------------------------------- /mip/develop/concept-labeling-and-protection.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Labeling and Protection - Microsoft Information Protection SDK 3 | description: Microsoft Information Protection Software Development kit operations. 4 | author: msmbaldwin 5 | ms.author: mbaldwin 6 | ms.date: 04/10/2025 7 | ms.topic: conceptual 8 | ms.service: information-protection 9 | 10 | --- 11 | 12 | # Labeling and pre-existing protection in Microsoft Information Protection SDK 13 | 14 | Microsoft Purview Information Protection supports labeling and classification services. Users and applications can apply the following to supported files: 15 | 16 | - Classification only through application of a label 17 | 18 | - Classification and protection through application of a label 19 | 20 | - Protection only 21 | 22 | This article discusses how the SDK handles attempt for applying a label to a file that has pre-existing protection. When the document has pre-existing protection either through application of a label or otherwise, SDK handles application of a new label in scenarios as below. 23 | 24 | ## Label-based protection when label metadata has been stripped 25 | 26 | If a file has a label applied and that label applied protection, then the SDK can resolve file's protection to the particular label. If a user who has "Edit" permissions on the file removes the label metadata either accidentally or maliciously, the protection still remains. When next time SDK interacts with the file, it looks at the protection data, resolves that protection template to the original label, and reapplies the label. This SDK behavior is a safety mechanism built into the SDK for information protection in case the label metadata is tampered with. 27 | 28 | ## Custom-protection and label applications 29 | 30 | If the file has some form of protection applied through an RMS template and a user tries to apply a label to the file, the SDK first should resolve the original protection to a label. Not being able to do so, SDK can not evaluate if the new protection sensitivity level is more restrictive or permissive than the original protection sensitivity and hence SDK won't apply the new label to the file. 31 | 32 | ## User-defined permissions 33 | 34 | If a file has a label applied and that label applied user-defined protection, the protection is applied to the file. In this case, the SDK can not resolve the protection to an RMS template. If a user tries to apply a new label to the file now, the SDK treats the action similar to above and won't apply the new label to the file. 35 | -------------------------------------------------------------------------------- /mip/develop/concept-logging.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Concepts - Logging 3 | description: This article helps you understand the concepts around logging in MIP SDK. 4 | author: yangczhang 5 | ms.service: information-protection 6 | ms.topic: conceptual 7 | ms.date: 04/10/2025 8 | ms.author: yangczhang 9 | --- 10 | 11 | # Concept - Logging in MIP SDK 12 | Troubleshooting custom applications that consume the MIP SDK begin with inspecting mip logs. MIP log location is configured at MipContext creation and can be queried for with *.miplog file extension. 13 | Microsoft apps and samples store MIP logs at application path\APP_DATA\mip_data. 14 | 15 | ## Mask sensitive data in MIP logs 16 | Logs in the MIP SDK don't mask sensitive content which may be personally identifiable to a customer without extra configuration. 17 | 18 | Common sensitive data in MIP SDK logs: 19 | - Email names 20 | - File names 21 | - Label names 22 | - IP addresses 23 | - MAC addresses 24 | 25 | To mask sensitive content in all miplog files generated by the MIP SDK, create a new field in the configuration .json file or configure in MipConfiguration. 26 | 27 | ## Configuration file 28 | Configuration files are the recommended path to configure custom settings in the MIP SDK and available on all supported platforms. To mask PII in MIP log files, use the following method. 29 | 30 | 1. Create a configuration file accessible by the MIP SDK for custom settings called `mip_config.json` and store the file in the following [MipConfiguration](/information-protection/develop/concept-mipcontext?branch=main#creating-mipconfiguration) path. 31 | ```cpp 32 | mipConfiguration->GetPath()/mip 33 | ``` 34 | 2. Add a new field to `mip_config.json` to set the `AllowPii` field to false. 35 | 36 | ```json 37 | {"MipLogger":{"MaxLogFilesSizeMb":40,"MaxLogFileCount":10,"AllowPii":false}} 38 | ``` 39 | Once configured, sensitive content is masked in all new MIP logs generated by the MIP SDK. 40 | 41 | ## Configure in MipConfiguration 42 | To mask PII in MIP log files with MipConfiguration, create a new `MipConfiguration` object to pass into `MipContext` with new values for the custom settings. 43 | 44 | This method is supported for C++ and C# only. Developers using the C API or Java wrappers are recommended to create a configuration file instead. 45 | ```cpp 46 | auto mipConfiguration = make_shared(appInfo, "mip_data", mip::LogLevel::Trace, false); 47 | auto loggerConfiguration = make_shared(); 48 | loggerConfiguration->isPiiAllowed = false; 49 | mipConfiguration->SetLoggerConfiguration(loggerConfiguration); 50 | auto mipContext = MipContext::Create(mipConfiguration); 51 | ``` 52 | ```csharp 53 | MipConfiguration mipConfiguration = new MipConfiguration(appInfo, "mip_data", LogLevel.Trace, false); 54 | mipConfiguration.LoggerConfigurationOverride = new LoggerConfiguration(10, 40, false); 55 | var mipContext = MIP.CreateMipContext(mipConfiguration); 56 | ``` 57 | -------------------------------------------------------------------------------- /mip/develop/concept-mipcontext.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Concepts - The core concepts in the MIP SDK - MipContext 3 | description: This article will help you understand the core SDK concept called MipContext, which drives application initialization. 4 | author: msmbaldwin 5 | ms.service: information-protection 6 | ms.topic: conceptual 7 | ms.date: 04/10/2025 8 | ms.author: mbaldwin 9 | --- 10 | 11 | # Microsoft Information Protection SDK - MipContext object concepts 12 | 13 | ## MipContext 14 | 15 | `MipContext` is the highest level object in the SDK. It's responsible for managing state across all profiles that may be created as part of an application or service. Additionally, it handles releasing MIP SDK resources once the MipContext object has been destroyed. 16 | 17 | > [!IMPORTANT] 18 | > Only a single `MipContext` per process is permitted. Creating more than one may result in unexpected behavior. `MipContext` should be created at app start, and the same MipContext used for the lifetime of the application. 19 | 20 | Once an object of `mip::MipContext` has been created, the `MipContext` object can be used to create `mip::FileProfile`, `mip::PolicyProfile`, or `mip::ProtectionProfile` objects. 21 | 22 | ### Creating MipConfiguration 23 | 24 | The `mip::MipConfiguration` class allows the application to set various application-wide configuration settings for MIP SDK. These settings include: 25 | 26 | - Application Info: Name, Application ID, Version 27 | - Storage directory for logs and cache 28 | - Logging level 29 | - Offline mode 30 | - Feature flighting settings 31 | - Delegates, including logging, storage, HTTP, JSON parsing, and XML parsing. 32 | - Diagnostic configuration 33 | 34 | ```cpp 35 | std::shared_ptr mipConfiguration = std::make_shared(mAppInfo, 36 | "mip_data", 37 | mip::LogLevel::Trace, 38 | false); 39 | ``` 40 | 41 | ```csharp 42 | MipConfiguration mipConfiguration = new MipConfiguration(appInfo, "mip_data", LogLevel.Trace, false); 43 | ``` 44 | 45 | Once `MipConfiguration` is initialized, it can be used to create the `MipContext` object. 46 | 47 | ### Creating MipContext 48 | 49 | The `MipContext::Create()` function is used, taking the provided `MipConfiguration` object, to create the `MipContext`. 50 | 51 | ```cpp 52 | std::shared_ptr mMipContext = mip::MipContext::Create(mipConfiguration); 53 | ``` 54 | 55 | ```csharp 56 | MipContext = mipContext = MIP.CreateMipContext(mipConfiguration); 57 | ``` 58 | 59 | Once the `MipContext` object is created, it can be used to create `FileProfile`, `PolicyProfile`, or `ProtectionProfile` objects, depending on which SDK your application is using. 60 | 61 | #### Shutting Down 62 | 63 | Properly destroying all MIP SDK objects requires shutting down MIPContext. This can be achieved by calling the **Shutdown** function. The `MipContext` destructor will also call `MipContext.Shutdown()` when the `MipContext` object is destroyed. 64 | 65 | 66 | #### `mip::MipContext::CreateWithCustomFeatureSettings()` 67 | 68 | > [!NOTE] 69 | > This API is deprecated in MIP SDK 1.10 and on. Please update to using `MipConfiguration` and `mip::MipContext::Create()`. 70 | 71 | Creates a new MipContext instance to be used when initializing profiles, with custom feature settings enabled. 72 | 73 | - `mip::ApplicationInfo` 74 | - A path for the MIP storage cache. 75 | - `mip::LogLevel` 76 | - (Optional) `mip::LoggerDelegate` 77 | - (Optional) `mip::TelemetryConfiguration` 78 | - `mip::FlightingFeature` 79 | 80 | ## Next Steps 81 | 82 | - Next, learn more about [Authentication concepts](concept-authentication-cpp.md) and [Observers](concept-async-observers.md). MIP provides an extensible authentication model, while observers are used to provide event notifications for asynchronous events. Both are fundamental, and apply to all MIP API sets. 83 | - Then work through the profile and engine concepts for the File, Policy, and Protection SDKs 84 | - [File SDK profile concepts](concept-profile-engine-file-profile-cpp.md) 85 | - [File SDK engine concepts](concept-profile-engine-file-engine-cpp.md) 86 | - [Policy SDK profile concepts](concept-profile-engine-file-profile-cpp.md) 87 | - [Policy SDK engine concepts](concept-profile-engine-file-engine-cpp.md) 88 | - [Protection SDK profile concepts](concept-profile-engine-file-profile-cpp.md) 89 | - [Protection SDK engine concepts](concept-profile-engine-file-engine-cpp.md) 90 | -------------------------------------------------------------------------------- /mip/develop/concept-summary-csharp.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Microsoft Information Protection SDK C# Wrapper Overview 3 | description: A quick overview on how to get started with the MIP SDK .NET wrapper, and the differences between the .NET wrapper and C++ SDK. 4 | author: tommoser 5 | ms.service: information-protection 6 | ms.topic: conceptual 7 | ms.date: 04/10/2025 8 | ms.author: tommos 9 | --- 10 | # Getting Started with the Microsoft Information Protection .NET Wrapper 11 | 12 | The Microsoft Information Protection SDK .NET Wrapper enables developers to integrate the Microsoft Purview Information Protection experience in to their own applications and services. The SDK's classification, labeling, and protection features help to ensure that information is classified, labeled, and protected no matter where it travels. 13 | 14 | The managed wrapper and all dependencies can be installed via NuGet in Visual Studio. 15 | 16 | ## Supported Platforms 17 | 18 | The Microsoft Information Protection .NET Wrapper is supported on the following .NET platforms: 19 | 20 | * .NET Standard 2.0 21 | * .NET 4.0 22 | 23 | ## Installing the Package 24 | 25 | From the Package Manager Console in Visual Studio 2017, install the package by running: 26 | 27 | `install-package Microsoft.InformationProtection.File` 28 | 29 | No additional packages are required. All of the third-party libraries are included and will copy to the output folder on build. 30 | 31 | ## Wrapper Details 32 | 33 | The .NET wrapper is a [SWIG](https://swig.org/) generated managed wrapper. The wrapper uses compiled C++ libraries from the Microsoft Information Protection SDK. These DLLs are the same DLLs that are included with the C++ version of the SDK. 34 | 35 | ## Concept Overlap 36 | 37 | There are a few fundamental differences between the C++ version of the SDK and the managed wrapper. 38 | 39 | * The .NET wrapper doesn't require the use of Observers for async operations. Any asynchronous operations are implemented via the [Task-based Asynchronous Pattern](/dotnet/standard/asynchronous-programming-patterns/task-based-asynchronous-pattern-tap). 40 | * The .NET wrapper does require the delegates that are part of the C++ SDK: AuthDelegate and ConsentDelegate. These delegates are implemented via the interfaces `IAuthDelegate` and `IConsentDelegate` 41 | 42 | ## Next Steps 43 | 44 | Next, review [Quickstart - Initialization for Microsoft Information Protection (MIP) SDK C#](quick-app-initialization-csharp.md) to get started on building a basic, MIP-enabled console application. 45 | -------------------------------------------------------------------------------- /mip/develop/index.yml: -------------------------------------------------------------------------------- 1 | ### YamlMime:Landing 2 | 3 | title: Microsoft Information Protection SDK documentation 4 | summary: Microsoft Information Protection SDK Documentation - Tutorials, API Reference 5 | 6 | metadata: 7 | title: Microsoft Information Protection SDK documentation 8 | description: Microsoft Information Protection SDK Documentation - Tutorials, API Reference 9 | services: information-protection 10 | ms.service: information-protection 11 | ms.topic: landing-page # Required 12 | ms.collection: M365-security-compliance 13 | author: msmbaldwin 14 | ms.author: mbaldwin 15 | ms.date: 06/24/2020 #Required; mm/dd/yyyy format. 16 | 17 | # linkListType: architecture | deploy | download | get-started | how-to-guide | learn | overview | quickstart | tutorial 18 | 19 | landingContent: 20 | # Cards and links should be based on top customer tasks or top subjects 21 | # Start card title with a verb 22 | # Card 23 | - title: Overview 24 | linkLists: 25 | - linkListType: overview 26 | links: 27 | - text: About the Microsoft Information Protection SDK 28 | url: overview.md 29 | 30 | 31 | # Card 32 | - title: Get started 33 | linkLists: 34 | - linkListType: overview 35 | links: 36 | - text: Setup and configuration the MIP SDK 37 | url: setup-configure-mip.md 38 | - text: Implement AD RMS Protection 39 | url: quick-app-adrms.md 40 | 41 | # Card 42 | - title: C++ Quickstarts 43 | linkLists: 44 | - linkListType: quickstart 45 | links: 46 | - text: Client application initialization 47 | url: quick-app-initialization-cpp.md 48 | - text: List sensitivity labels 49 | url: quick-file-list-labels-cpp.md 50 | - text: Set & get sensitivity labels 51 | url: quick-file-set-get-label-cpp.md 52 | - text: Lower the sensitivity label on a file 53 | url: quick-file-justify-actions-cpp.md 54 | - text: Republish File 55 | url: quick-file-republishing-cpp.md 56 | - text: Process email .msg files 57 | url: quick-email-msg-cpp.md 58 | - text: Initilize applications 59 | url: quick-protection-app-initialization-cpp.md 60 | - text: List Templates 61 | url: quick-protection-list-templates-cpp.md 62 | - text: Encrypt & decrypt Text 63 | url: quick-protection-encrypt-decrypt-text-cpp.md 64 | 65 | # Card 66 | - title: C# Quickstarts 67 | linkLists: 68 | - linkListType: quickstart 69 | links: 70 | - text: Client application initialization 71 | url: quick-app-initialization-csharp.md 72 | - text: List sensitivity labels 73 | url: quick-file-list-labels-csharp.md 74 | - text: Set & get sensitivity labels 75 | url: quick-file-set-get-label-csharp.md 76 | - text: Lower the sensitivity label on a file 77 | url: quick-file-justify-actions-csharp.md 78 | - text: Republish File 79 | url: quick-file-republishing-csharp.md 80 | - text: Process email .msg files 81 | url: quick-email-msg-csharp.md 82 | - text: Initilize applications 83 | url: quick-protection-app-initialization-csharp.md 84 | - text: List Templates 85 | url: quick-protection-list-templates-csharp.md 86 | - text: Encrypt & decrypt Text 87 | url: quick-protection-encrypt-decrypt-text-csharp.md 88 | 89 | # Card 90 | - title: Concepts 91 | linkLists: 92 | - linkListType: concept 93 | links: 94 | - text: API concepts 95 | url: concept-apis-use-cases.md 96 | - text: MipContext object concepts 97 | url: concept-mipcontext.md 98 | - text: Cache storage 99 | url: concept-cache-storage.md 100 | - text: Consent 101 | url: concept-consent-cpp.md 102 | - text: Labels 103 | url: concept-classification-labels.md 104 | - text: Metadata 105 | url: concept-mip-metadata.md 106 | -------------------------------------------------------------------------------- /mip/develop/media/concept-apis-use-cases/mip-sdk-components.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/mip/develop/media/concept-apis-use-cases/mip-sdk-components.png -------------------------------------------------------------------------------- /mip/develop/media/index/i_video.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 27 | 28 | i_video 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | -------------------------------------------------------------------------------- /mip/develop/media/index/kartik-tom-mip-sdk.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/mip/develop/media/index/kartik-tom-mip-sdk.png -------------------------------------------------------------------------------- /mip/develop/media/index/logo_Cplusplus.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 20 | 21 | logo_Cplusplus 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /mip/develop/media/index/logo_Csharp.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 16 | 17 | logo_Csharp 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /mip/develop/media/index/logo_java.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 16 | 17 | logo_java 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /mip/develop/media/index/logo_net.svg: -------------------------------------------------------------------------------- 1 | logo_NET -------------------------------------------------------------------------------- /mip/develop/media/index/logo_nodejs.svg: -------------------------------------------------------------------------------- 1 | logo_nodejs -------------------------------------------------------------------------------- /mip/develop/media/index/logo_python.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 16 | 17 | logo_python 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /mip/develop/media/index/tom-mip-sdk.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/mip/develop/media/index/tom-mip-sdk.png -------------------------------------------------------------------------------- /mip/develop/media/justify-action.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/mip/develop/media/justify-action.png -------------------------------------------------------------------------------- /mip/develop/media/quick-app-initialization-cpp/add-class.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/mip/develop/media/quick-app-initialization-cpp/add-class.png -------------------------------------------------------------------------------- /mip/develop/media/quick-app-initialization-cpp/add-nuget-package.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/mip/develop/media/quick-app-initialization-cpp/add-nuget-package.png -------------------------------------------------------------------------------- /mip/develop/media/quick-app-initialization-cpp/create-vs-solution.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/mip/develop/media/quick-app-initialization-cpp/create-vs-solution.png -------------------------------------------------------------------------------- /mip/develop/media/quick-app-initialization-cpp/set-include-lib-path-properties.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/mip/develop/media/quick-app-initialization-cpp/set-include-lib-path-properties.png -------------------------------------------------------------------------------- /mip/develop/media/quick-app-initialization-cpp/set-static-libs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/mip/develop/media/quick-app-initialization-cpp/set-static-libs.png -------------------------------------------------------------------------------- /mip/develop/media/quick-app-initialization-csharp/create-vs-solution.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/mip/develop/media/quick-app-initialization-csharp/create-vs-solution.png -------------------------------------------------------------------------------- /mip/develop/media/quick-file-list-labels-cpp/acquire-token-sign-in-consent.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/mip/develop/media/quick-file-list-labels-cpp/acquire-token-sign-in-consent.png -------------------------------------------------------------------------------- /mip/develop/media/quick-file-list-labels-cpp/acquire-token-sign-in.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/mip/develop/media/quick-file-list-labels-cpp/acquire-token-sign-in.png -------------------------------------------------------------------------------- /mip/develop/media/quick-file-set-get-label-cpp/word-sensitivity-label-not-set.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/mip/develop/media/quick-file-set-get-label-cpp/word-sensitivity-label-not-set.png -------------------------------------------------------------------------------- /mip/develop/media/setup-mip-client/aad-app-api-permissions.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/mip/develop/media/setup-mip-client/aad-app-api-permissions.png -------------------------------------------------------------------------------- /mip/develop/media/setup-mip-client/aad-app-registration-overview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/mip/develop/media/setup-mip-client/aad-app-registration-overview.png -------------------------------------------------------------------------------- /mip/develop/media/setup-mip-client/aad-app-registration.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/mip/develop/media/setup-mip-client/aad-app-registration.png -------------------------------------------------------------------------------- /mip/develop/media/setup-mip-client/visual-studio-install.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/mip/develop/media/setup-mip-client/visual-studio-install.png -------------------------------------------------------------------------------- /mip/develop/overview.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Overview - Microsoft Information Protection SDK. 3 | description: Microsoft Purview Information Protection is the unification of Microsoft's classification, labeling, and protection services, into a single administration experience and software development kit (SDK). 4 | author: msmbaldwin 5 | ms.service: information-protection 6 | ms.topic: overview 7 | ms.date: 04/10/2025 8 | ms.author: mbaldwin 9 | #Customer intent: As a an application developer or administrator, I want to get an overview of the MIP SDK, so that I can determine what it is and how it's used. 10 | --- 11 | # Overview 12 | 13 | ## Microsoft Purview Information Protection 14 | 15 | Microsoft Purview Information Protection is the unification of Microsoft's classification, labeling, and protection services: 16 | 17 | - Unified administration is provided across Microsoft 365, Azure Information Protection, Windows Information Protection, and other Microsoft services. 18 | - Third parties can use the MIP SDK to integrate with applications, using a standard, consistent data labeling schema and protection service. 19 | 20 | * [What is Office 365 Security and Compliance Center?](/office365/securitycompliance/) 21 | * [What is Azure Information Protection?](/azure/information-protection/understand-explore/what-is-information-protection) 22 | * [How does the protection work in Azure Information Protection?](/azure/information-protection/understand-explore/what-is-information-protection#how-data-is-protected) 23 | 24 | ## Microsoft Information Protection SDK 25 | 26 | The MIP SDK exposes the labeling and protection services from Office 365 Security and Compliance Center, to third-party applications and services. Developers can use the SDK to build native support for applying labels and protection to files. Developers can reason over which actions should be taken when specific labels are detected, and reason over MIP-encrypted information. 27 | 28 | The labels and protection applied to information across the suite of Microsoft services are **consistent**. Consistency allows applications and services that support MIP to read and write the labels in a common, predictable manner. 29 | 30 | High-level MIP SDK use cases include: 31 | 32 | * A line-of-business application that applies classification labels to files on export. 33 | * A CAD/CAM design application provides native support for Microsoft Purview Information Protection labeling. 34 | * A cloud access security broker or data loss prevention solution reasons over data encrypted with Azure Information Protection. 35 | 36 | For a more exhaustive list, review [API concepts](concept-apis-use-cases.md). 37 | 38 | The MIP SDK is supported on the following platforms: 39 | 40 | [!INCLUDE [MIP SDK platform support](../includes/mip-sdk-platform-support.md)] 41 | 42 | ## Next Steps 43 | 44 | Now you're ready to get started with the SDK. The first thing you'll need to do is [complete the MIP SDK setup and configuration steps](setup-configure-mip.md). These steps will ensure your Microsoft 365 subscription and client machine are set up correctly. -------------------------------------------------------------------------------- /mip/docfx.json: -------------------------------------------------------------------------------- 1 | { 2 | "build": { 3 | "content": [ 4 | { 5 | "files": [ 6 | "**/*.md", 7 | "**/*.yml" 8 | ], 9 | "exclude": [ 10 | "**/obj/**", 11 | "**/includes/**", 12 | "_themes/**", 13 | "_themes.pdf/**", 14 | "README.md", 15 | "LICENSE", 16 | "LICENSE-CODE", 17 | "ThirdPartyNotices" 18 | ] 19 | } 20 | ], 21 | "resource": [ 22 | { 23 | "files": [ 24 | "**/*.png", 25 | "**/*.jpg", 26 | "**/*.svg" 27 | ], 28 | "exclude": [ 29 | "**/obj/**", 30 | "**/includes/**", 31 | "_themes/**", 32 | "_themes.pdf/**" 33 | ] 34 | } 35 | ], 36 | "overwrite": [], 37 | "externalReference": [], 38 | "globalMetadata": { 39 | "uhfHeaderId": "MSDocsHeader-Purview", 40 | "breadcrumb_path": "/information-protection/breadcrumb/toc.json", 41 | "extendBreadcrumb": true, 42 | "feedback_system": "Standard", 43 | "feedback_product_url": "https://feedbackportal.microsoft.com/feedback/forum/5ad50ce6-8a83-ec11-8d21-0022482fa693", 44 | "feedback_help_link_url": "https://learn.microsoft.com/en-us/answers/tags/24/azure-information-protection", 45 | "feedback_help_link_type": "get-help-at-qna" 46 | }, 47 | "fileMetadata": {}, 48 | "template": [], 49 | "dest": "MIP", 50 | "markdownEngineName": "markdig" 51 | } 52 | } 53 | -------------------------------------------------------------------------------- /mip/includes/mip-sdk-platform-support.md: -------------------------------------------------------------------------------- 1 | --- 2 | author: msmbaldwin 3 | ms.author: mbaldwin 4 | ms.service: information-protection 5 | ms.topic: include 6 | ms.collection: M365-security-compliance 7 | ms.date: 04/14/2025 8 | --- 9 | 10 | | Operating system | Versions | Downloads | Notes | 11 | | ----------------------- | --------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------- | 12 | | Ubuntu | 20.04 | [C++ tar.gz](https://aka.ms/mipsdkbinaries)
[Java (Preview) tar.gz](https://aka.ms/mipsdkbinaries)
[.NET Core](https://www.nuget.org/packages/Microsoft.InformationProtection.File.Ubuntu2004/) | | 13 | | Ubuntu | 22.04 | [C++ tar.gz](https://aka.ms/mipsdkbinaries)
[Java (Preview) tar.gz](https://aka.ms/mipsdkbinaries)
[.NET Core](https://www.nuget.org/packages/Microsoft.InformationProtection.File.Ubuntu2204/) | | 14 | | Ubuntu | 24.04 | [C++ tar.gz](https://aka.ms/mipsdkbinaries)
[Java (Preview) tar.gz](https://aka.ms/mipsdkbinaries)
[.NET Core](https://www.nuget.org/packages/Microsoft.InformationProtection.File.Ubuntu2404/) | | 15 | | RedHat Enterprise Linux | 8 and 9 | [C++ tar.gz](https://aka.ms/mipsdkbinaries) | | 16 | | Debian | 10 and 11 | [C++ tar.gz](https://aka.ms/mipsdkbinaries) | | 17 | | macOS | All supported versions | [C++ .zip](https://aka.ms/mipsdkbinaries) | Xcode development requires 13 or greater. | 18 | | Windows | All supported versions, 32/64 bit | [C++](https://aka.ms/mipsdkbinaries)
[C++/.NET NuGet](https://www.nuget.org/packages?q=Microsoft.InformationProtection)
[Java (Preview) .zip](https://aka.ms/mipsdkbinaries) | | 19 | | Android | 9.0 and later | [C++ .zip](https://aka.ms/mipsdkbinaries) | Protection and Policy SDKs only. | 20 | | iOS | All supported versions | [C++ .zip](https://aka.ms/mipsdkbinaries) | Protection and Policy SDKs only. | 21 | 22 | -------------------------------------------------------------------------------- /mip/index.yml: -------------------------------------------------------------------------------- 1 | ### YamlMime:Landing 2 | 3 | title: Microsoft Purview Information Protection documentation 4 | summary: Control and help secure email, documents, and sensitive data that you share outside your company walls. From easy classification to embedded labels and permissions, enhance data protection at all times with Microsoft Purview Information Protection — no matter where it's stored or who it's shared with. 5 | 6 | metadata: 7 | title: Microsoft Purview Information Protection documentation 8 | description: Control and help secure email, documents, and sensitive data that you share outside your company walls. From easy classification to embedded labels and permissions, enhance data protection at all times with Microsoft Purview Information Protection — no matter where it's stored or who it's shared with. 9 | services: information-protection 10 | ms.service: information-protection 11 | ms.topic: landing-page # Required 12 | ms.collection: M365-security-compliance 13 | author: msmbaldwin 14 | ms.author: mbaldwin 15 | ms.date: 06/24/2020 #Required; mm/dd/yyyy format. 16 | 17 | # linkListType: architecture | deploy | download | get-started | how-to-guide | learn | overview | quickstart | tutorial 18 | 19 | landingContent: 20 | # Cards and links should be based on top customer tasks or top subjects 21 | # Start card title with a verb 22 | # Card 23 | - title: Microsoft Information Protection SDK 24 | linkLists: 25 | - linkListType: overview 26 | links: 27 | - text: Learn more about with the MIP SDK 28 | url: ./develop/overview.md 29 | - text: Get started with the MIP SDK 30 | url: ./develop/setup-configure-mip.md -------------------------------------------------------------------------------- /mip/media/index/i_video.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 27 | 28 | i_video 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | -------------------------------------------------------------------------------- /mip/media/index/tom-mip-sdk.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MicrosoftDocs/Azure-RMSDocs/13dd6a506e258258364a158075b4d80d31f507f5/mip/media/index/tom-mip-sdk.png -------------------------------------------------------------------------------- /mip/toc.yml: -------------------------------------------------------------------------------- 1 | - name: Develop and customize apps 2 | href: develop/ 3 | --------------------------------------------------------------------------------