There has been few new advanced settings made available for Azure Information Protection (AIP):

  • Report an issue from the AIP client
  • Pop-up in Outlook to warm, justify or block sending emails

To implement these advanced settings you need to the Advanced Settings option available in the contextual menu of the policy

image

 

Report an issue

To add the option to report an issue when end-user is using the Azure Information Protection client, you need to add the following key and value

  • Name: ReportAnIssueLink
  • Value: either an HTTP link (to your support web site or ticketing system) or an email address using the mailto:emailaddress format (like mailto:support@mycompany.com)

image

This then will be available using the Help and Feedback link from the AIP client or the Office add-in

imageimageimage

If you set an email address, the AIP client automatically set the subject

Azure Information Protection – Report An Issue (version: 2.0.500.1)

and prepopulates the email body with some information and help end-users to provide the log

Thank you for taking the time to report an issue with Azure Information Protection.
Please provide details about your environment and what you are trying to do, the steps to reproduce the problem, and attach log files.
To get the log files: From the Office ribbon >  Protect > Help and Feedback > Export Logs

Azure Information Protection client version: 2.0.500.1
Tenant ID: 9519ae3a-c7dd-4780-855e-53329f64cafe
Office version: 16.0.11328.20146 ProPlus
OS version: Microsoft Windows NT 10.0.17763.0

 

Pop-up in Outlook

NOTE these settings requires the preview client for AIP (available version at the time of writing 1.48.1.0) available from https://www.microsoft.com/en-us/download/details.aspx?id=53018

When you configure this advanced policy setting, users will got a pop-up message in Outlook – preventing the immediate send action – warming or asking them for justification.

This will be executed if any of the following condition is detected:

  • email or attachment do not have a label; attachment can then be an Office or PDF document
  • email or attachment has a specific label; in this case the attachment can be any file type

When any of these conditions is detected, end-user will then have a pop-up either:

  • to ask end-user to confirm or cancel the action
  • to ask for justification (pre-defined or free text). The justification is added into the email header (msip_justification) to be available to other systems, like a data loss prevention (DLP)
  • to block the email being sent with explanation

 

Apply to specific labels

If you want to apply these notification to specific labels, you need to know the label ID’s. Multiple ID’s can be used (using a comma-separated string) for each action

  • Warm message
    • Name: OutlookWarnUntrustedCollaborationLabel
    • Value: labelid1,labelid2,labelid3 – for example 85f7ff2c-51a6-4faf-aeac-03af8c49311f,c3d292c4-379c-440e-bf39-bffd060ce058

image

  • Request for justification
    • Name: OutlookJustifyUntrustedCollaborationLabel
    • Value: labelid1,labelid2,labelid3 – for example 85f7ff2c-51a6-4faf-aeac-03af8c49311f,c3d292c4-379c-440e-bf39-bffd060ce058

image

  • Bock message
    • Name: OutlookBlockUntrustedCollaborationLabel
    • Value: labelid1,labelid2,labelid3 – for example 85f7ff2c-51a6-4faf-aeac-03af8c49311f,c3d292c4-379c-440e-bf39-bffd060ce058

image

 

Apply if not label is defined

If you want to enable these notifications for email/attachment with no label

  • Warm message
    • Name: OutlookUnlabeledCollaborationAction
    • Value: Warn
  • Request for justification
    • Name: OutlookUnlabeledCollaborationAction
    • Value: Justify
  • Bock message
    • Name: OutlookUnlabeledCollaborationAction
    • Value: Block
  • Turn off the notification for unlabelled email/attachment
    • Name: OutlookUnlabeledCollaborationAction
    • Value: Off

image

 

Domain exclusion

You can also set a domain list exclusion for these pop-ups using the below setting. When your end-user is sending an email to a recipient with an email address associated with the listed domain, the notification will not be displayed.

  • Name: OutlookCollaborationTrustedDomains
  • Value: list of domain using comma-separated string; like microsoft.com,mycompany.net