Encrypt button disappearing from Outlook
Hello, We seem to be having an issue with the Office 365 Office Message Encryption (OME) for a couple of customers. They are properly licensed with Business Premium and AIP Plan 1 and have the latest version of the Office desktop (1812.11126.20196). The button has just disappeared. Recently, it's been upgraded from the previous envelope with red circle to the new lock icon. Yesterday, it is now either grayed out or the tab has completely been removed from the "New" message window in the "Options" section. It was working fine the day before. Not sure if this is related to the recent update of the Office client, but other customers with the same set up are not experiencing this issue. The current affected customers still have the ability to use OWA to use the Protect/Encrypt button or mail flow rules I created for a work around. I have also tried using the Online Repair option, new Outlook profile, and uninstall and reinstall. These do not resolved the issue. Also, they do not have the AIP client software installed. I have not checked this out yet, has the other customers with the same licensing and set up or working as expected.Retirement notification for the Azure Information Protection Unified Labeling add-in for Office
We are officially announcing the retirement of the Azure Information Protection (AIP) Unified Labeling add-in for Office and starting the 12-month clock, after which it will reach retirement on April 11, 2024.Announcing public preview of Microsoft Endpoint Data Loss Prevention
UPDATE: We are excited to announce that Microsoft Endpoint DLP has finished rolling out in Public Preview to entitled customers! See the Get Started section in this blog post for links and instructions to get started, and visit our forum to share your questions & feedback at https://aka.ms/mip/yammer Ensuring that sensitive data is protected from risky or inappropriate sharing, transfer, or use has always been a top priority for organizations. The new reality of significant numbers of employees working from home or other remote locations indefinitely has created renewed emphasis on providing strong and coordinated protection on the endpoints they use every day. To help customers accelerate their deployment of a comprehensive information protection strategy across all their environments, we are announcing the public preview of Microsoft Endpoint Data Loss Prevention (DLP). At Microsoft, we have long invested in developing cutting-edge information protection solutions for our customers. Microsoft Information Protection (MIP) is a built-in, intelligent, unified, and extensible solution that understands and classifies your data, keeps it protected, and prevents data loss across Microsoft 365 apps (e.g., Word, PowerPoint, Excel, Outlook), services (e.g., Microsoft Teams, SharePoint, Exchange), third-party SaaS applications, and more – on premises or in the cloud. Endpoint DLP now extends MIP classification and protection to devices. Microsoft 365 customers only need to create DLP policies once in the Microsoft 365 compliance center. They can then apply the policies to Exchange, Teams, SharePoint, OneDrive for Business, and now – to endpoints as well. All that is required is for the endpoint to be onboarded in your environment using your established device management onboarding process. Endpoint DLP identifies and protects information on endpoints. Endpoint DLP does not restrict or limit the use of applications, web browsers, or other services when sensitive data is not present. It delivers three core capabilities: Native protection, seamless deployment, and integrated insights. Native protection Endpoint DLP is native to Windows 10 and the new Microsoft Edge browser. There is no need to install or manage additional DLP software on Windows 10 machines anymore. Providing DLP experiences natively on the endpoint has many benefits. A familiar look and feel users are already accustomed to from applications and services they use every day is just the beginning. Endpoint DLP also reduces end-user training time and alert confusion, increases user confidence in prescribed guidance and remediations, and improves policy compliance – without reducing productivity. Users are automatically alerted when they take an inappropriate or risky action with sensitive data and are provided with actionable policy tips and guidance to remediate properly. For example, in Figure 2, a user attempts to copy sensitive data from the Word document – Project Obsidian Spec.docx – which contains sensitive information about an updated engine chip design. In this example, the policy is set as ‘Block’ without the option to Override. When the user performs the activity – in this case, copying sensitive data, the event is recorded, and the user is notified that this action is being blocked because copying this data is not allowed, per the DLP policy. The user experience for third-party applications is similar. In Figure 3 below, a user tries to copy a document with sensitive data – Project Obsidian.pdf – to a personal Dropbox account using Microsoft Edge. In this example, the DLP policy is set as ‘Block with Override.’ The user is notified this action is blocked because copying the file to that specific cloud application is not allowed, and the event is recorded and available for review and analysis in the Microsoft 365 compliance center console. Seamless deployment Endpoint DLP is managed via the cloud and the Microsoft 365 compliance center, eliminating the need to deploy and operate additional consoles, event management systems, databases, and hardware on premises. As an integral part of MIP, Endpoint DLP leverages the same robust classification system to identify sensitive data accurately and consistently. It is easy to get started with data protection using our 100+ built-in sensitive data types and over 40 templates for common industry regulations. MIP policies can be deployed to Endpoint DLP without additional reconfiguration. Organizations that use MIP’s intuitive interface to create custom sensitive content identifiers and policies can deploy these to Endpoint DLP without any reconfiguration as well. Organizations also require flexibility when deploying policies to ensure they minimize disruptions to users and maximize policy effectiveness. Microsoft DLP solutions offer three different modes to monitor and restrict activities in each DLP policy to ensure the intended compliance objectives are achieved: Audit: only records policy violation events without impacting end user activity Block with Override: records and blocks the activity, but allows the user to override when they have a legitimate business need Block: records and blocks the activity without the ability to override Endpoint DLP can enforce policies for a broad range of activities unique to the endpoint including: Copying a sensitive file to an external USB media device Copying a sensitive file to a network share Uploading a sensitive file to a cloud service Printing a sensitive file Copying sensitive content to the clipboard Accessing a sensitive file by an unallowed app The seamless deployment of Endpoint DLP reduces the strain of incorporating endpoints into existing DLP programs. It increases consistency of compliance across cloud and native workloads and ensures immediate value upon deployment. Device telemetry, for instance, is available in the Microsoft 365 compliance center without having to configure any policies. Microsoft 365 compliance center’s Activity Explorer view filters events to identify risky activities and provides details on specific actions, user, and file details. This streamlines responses, and you can quickly remediate potential risks of unintended or intentional data breaches. Integrated insights Microsoft Endpoint DLP integrates with other Security and Compliance solutions such as MIP, Microsoft Threat Protection, and Insider Risk Management in Microsoft 365. Endpoint DLP enriches the other solutions with precise insights about device activity of sensitive content. This provides comprehensive coverage and visibility of active data protections, device states and user actions required by organizations to meet regulatory and policy compliance. Microsoft Threat Protection provides integrated protection against sophisticated attacks. It unifies a pre- and post-breach defense suite that natively coordinates detection, prevention, investigation and response across endpoints, identities, email, and applications. This is critical insight that can be used in addition to DLP findings to quickly assess if there are additional factors to consider, beyond the DLP policy violation itself and if a broader set of remediations need to take place. Insider Risk Management in Microsoft 365 provides organizations with the ability to detect, investigate, and take actions on risky insider activities. Organizations can define a range of acceptable thresholds for a broad set of user and device activities beyond which an alert is generated and displayed in an interactive chart that plots risks and risk level over time for current or past activities. This critical insight can be used in addition to DLP event information to enhance the context of findings and quickly assess the scope of policy violations to help triage intentional versus accidental policy violations. Endpoint DLP reduces the dependence on individual and uncoordinated solutions from disparate providers to monitor user actions, remediate policy violations, and educate users in context on the correct handling of sensitive data at the endpoint, on-premises and in the cloud. Get Started Endpoint DLP starts rolling out to customers’ tenants in Microsoft 365 E5/A5, Microsoft 365 E5/A5 Compliance, and Microsoft 365 E5/A5 Information Protection and Governance. To learn more about Endpoint DLP, visit our documentation. Endpoint DLP is part of a broad and comprehensive set of capabilities to identify, protect and govern your sensitive data. Get the latest version of Edge Chromium that’s integrated with Endpoint DLP, on the Microsoft Edge page. To learn more about our Information Protection and Governance solutions, on the documentation page. You can sign up for a trial of Microsoft 365 E5 or navigate to the Microsoft 365 compliance center to get started today. Thank you, Maithili Dandige, Principal Group Program Manager, Microsoft Information Protection and Compliance Engineering Eric Ouellet, Senior Product Marketing Manager, Microsoft 365 Compliance
Announcing timelines for sunsetting label management in the Azure portal and AIP client (classic)
At Microsoft, our goal is to provide a built-in, intelligent, unified and extensible solution to protect sensitive data across your digital estate – in Microsoft 365 cloud services, on-premises, third-party SaaS applications, and more. With Microsoft Information Protection (MIP), we are building a unified set of capabilities for classification, labeling and protection not only in Office apps, but also in other popular productivity services where information resides (e.g., SharePoint Online, Exchange Online, Power BI). Over the past year, we consistently delivered built-in capabilities in MIP. You can now use built-in labels to protect documents and emails in the latest Office apps (Word, PowerPoint, Excel, Outlook) on all platforms including the web, iOS, Android, Mac, and Windows. Built-in labeling experiences with MIP provide a variety of benefits over a client plug-in including: Greater protection coverage: Available for Office apps on Windows, web, Mac, Android and iOS Lower maintenance costs: No need to deploy/update additional software Better performance: Office apps launch faster as there is no need to load add-ins A single portal – the Microsoft 365 compliance center – unifies labeling and protection policy management across Azure Information Protection (AIP), Office 365 and Windows. In this blog, we will cover (1) The new unified labeling client (2) Timelines to sunset label management in the Azure portal and AIP client (classic) and (3) A step-by-step guide to help you transition to MIP. New features in the unified labeling client (now available) Since the release of the unified labeling client version in October 2019, we have seen strong customer adoption. Customer feedback also indicated strong interest in features such as on-premises scanner, dynamic and per app content marking, etc. The new unified labeling client version now addresses these requests to further enable you to transition to the unified labeling platform. New features in the unified labeling client include support for dynamic content marking and pre-app content marking, support for customizable policy tips for automatic and recommended labels, support for offline labeling, and improvement for migration from third-party solutions to sensitivity labeling. More detailed information on these new features can be found in the client release version history. In addition, this unified labeling client includes the unified labeling scanner for on-premises data discovery that provides more accurate and flexible data classification by extending support to custom information types, complex conditions, and dictionaries. Scanner deployments can now easily scale out by creating scanner pools. For more information about these features, read this blog. Refer to this webinar to learn more about moving to unified labeling. Timelines to sunset label management in the Azure portal and AIP client (classic) With label management in the Microsoft 365 compliance center now at parity with the AIP portal experience, we are announcing that we will sunset label management in the Azure portal as of March 31, 2021. This extended timeframe will give customers currently using the Azure portal more than twelve months to transition to MIP’s unified labeling platform where the existing AIP value will continue to be fully supported. We are also announcing that the AIP client (classic) will be sunsetting on March 31, 2021. Again, this extended timeframe allows customers currently using the classic client more than a year to transition to either built-in labeling on Office ProPlus or the new unified labeling client. Step by step guide to transition to MIP If you are an existing AIP customer, we recommend the following steps to transition to MIP: Activate unified labeling from the Azure portal and migrate labels to the Microsoft 365 compliance center to apply policies uniformly across on-premises, Microsoft 365 cloud services and more. This transition has no impact on existing AIP clients, and administrators can perform this step right away. The process takes only a few minutes, depending on the number of labels and complexity Copy your policies to the Microsoft 365 compliance center or create new policies there Publish your labels with label policies from the Microsoft 365 compliance center Download the latest unified labeling client for Windows if you are not yet fully on Office 365 ProPlus Train end users to apply labels and protection in Office applications across web, Mac, iOS, Android and Windows. Read this article to know which labeling capabilities are available across platforms Learn more about transitioning from Azure Information Protection to the unified labeling platform in this blog post, and get detailed instructions on how to migrate here. Once you transition from the Azure portal to the Microsoft 365 compliance center, we recommend that you take advantage of the built-in labeling in the latest Office apps in web, Mac, iOS and Android. On the Windows platform, we suggest you use our built-in labeling capabilities in Office ProPlus apps as well. However, if you are not on Office 365 ProPlus fully yet, or need certain advanced capabilities listed here, we recommend using the latest unified labeling client for Windows. Extended support for the AIP classic client Some customers may need features (e.g. ability for admins to track and revoke protected documents, logging events to Windows event log on set/remove label, holding your own key for content decryption) that are not yet in the latest release of the unified client. Users of the classic client who feel blocked from transitioning to the unified labeling platform can ask for extended support for the classic client. To be eligible, customers must have actively used one or more blocking feature in the past 90 days and must have completed migration of labels from the Azure portal to the Microsoft 365 compliance center. File for extended support before September 30, 2020 to be eligible for extension consideration. Important notice for GCC customers We expect unified labeling will be available to Office 365 U.S. Government Community (GCC) services in the second half of 2020. Meanwhile GCC customers who own licenses for AIP will receive continued support for the classic client for 12 months after the general availability of unified labeling for GCC cloud. Extended support requests for GCC customers are not required. We are excited about our own journey with Microsoft Information Protection and look forward to continuing to deliver this industry-leading solution to our customers.The Data Loss Prevention Ninja Training is here!
**January 2025: Under Construction** Short link: https://aka.ms/DLPNinja The Microsoft Purview Data Loss Prevention Ninja Training is here! We are very excited and pleased to announce this rendition of the Ninja Training Series. With all the other training out there, our team has been working diligently to get this content out there. There are several videos and resources out there and the overall purpose of the Microsoft Purview Data Loss Prevention Ninja training is to help you master this realm. We aim to get you up-to-date links to the community blogs, training videos, Interactive Guides, learning paths, and any other relevant documentation. To make it easier for you to start and advance your knowledge gradually without throwing you in deep waters, we split content in each offering into three levels: beginner, intermediate, and advanced. Please find the Microsoft Purview Information Protection Ninja Training here. In addition, after each section, there will be a knowledge check based on the training material you’d have just finished! Since there’s a lot of content, the goal of these knowledge checks is to help you determine if you were able to get a few of the major key takeaways. There’ll be a fun certificate issued at the end of the training: Disclaimer: This is NOT an official Microsoft certification and only acts as a way of recognizing your participation in this training content. Lastly, this training will be updated one to two times a year to ensure you all have the latest and greatest material! If there's any topic you'd like for us to include and/or have any thoughts on this training, please let us know what you think below in the comments! Legend/Acronyms (D) Microsoft Documentation (V) Video (B) Blog (P) PDF (S) Site (SBD) Scenario Based Demo (Video) (DAG) Deployment Acceleration Guide MIP Microsoft Information Protection (old terminology for Microsoft Purview Information Protection) AIP Azure Information Protection ULC Unified Labeling Client SIT Sensitive Information Type RBAC Role-based access control eDLP Endpoint DLP OME Office 365 Message Encryption EDM Exact Data Match DLP Data Loss Prevention SPO SharePoint Online OCR Optical character recognition MCAS Microsoft Cloud App Security (old terminology for Microsoft Defender for Cloud Apps) TC Trainable Classifiers ODSP OneDrive SharePoint EXO Exchange Online Microsoft Purview Data Loss Prevention (DLP) Microsoft’s DLP solution provides a broad range of capabilities to address the modern workplace and the unique challenges represented by these very different scenarios. One of the key investment areas is in providing a unified and comprehensive solution across the many different kinds of environments and services where sensitive data is stored, used or shared. This includes platforms native to Microsoft and also non-Microsoft services and apps. Beginner Training Public forums to contact the overall information protection team Yammer Tech Community Introducing Microsoft Purview (V) In this video, hear from Microsoft executives on this new product family and our vision for the future of data governance. Introduction to Microsoft Purview Data Loss Prevention? (V) In this video, you’ll find an overview on Microsoft Purview Data Loss Prevention. Quick overview on new Exchange DLP Predicates (V) This video provides a quick walk through on creating an Exchange DLP policy and a soft focus on the new predicates and actions. Microsoft Purview Information Protection Framework (D) Check out the above documentation to see how Microsoft Purview Information Protection uses 3 pillars to deploy an information protection solution. Protect Data with Zero Trust (LP) Zero Trust isn't a tool or product, it's an essential security strategy, with data at its core. Here, you'll learn how to identify and protect your data using a Zero Trust approach. Learn about data loss prevention (D) Learn about DLP basics and Microsoft Unified DLP and why it’s uniquely positioned to protect your data in the cloud. How to secure your data with Microsoft Security (V) The above video is a quick summary on how to protect your data. Microsoft Purview Information Protection and Data Loss Prevention Roadmap (S) Please check out the above site on the latest items on our public roadmap. Microsoft Purview Information Protection support for PDF and GitHub (V) and Ignite Conversation (V) The above videos walk through announcements regarding support for PDF and GitHub Microsoft Defender for Cloud Apps integration (D) Please visit the above documentation to learn more about how Microsoft Purview Information Protection integrates with Microsoft Defender for Cloud Apps Trainable Classifiers (D) Check out the documentation to create custom trainable classifiers. Retrain a classifier in content explorer (D) The above documentation shows you how to improve the performance of custom trainable classifiers by providing them more feedback. Explain data loss prevention reporting capabilities (LP) The above learning path walks you through reporting in the Microsoft Purview Compliance Portal. Review and analyze data loss prevention reports (LP) The above learning path walks you through analyzing reports in the Microsoft Purview Compliance Portal. Beginner Knowledge Check Intermediate Training Microsoft Compliance Extension for Chrome (B) aka Microsoft Purview Extension (D) Please check out the above blog and Microsoft Doc to understand what we’re doing to expand our DLP capabilities to Chrome. Microsoft Purview extension for Firefox (D) The above documentation details procedures to roll out the Microsoft Purview extension for Firefox. Data Loss Prevention and Endpoint DLP (V) This video details how Microsoft approaches information protection across Files, emails, Teams, endpoints and others. How DLP works between the Compliance portal and Exchange admin center (D) You can create a data loss prevention (DLP) policy in two different admin centers; the above document walks through the differences and similarities. Data Loss Prevention across endpoints, apps, & services | Microsoft Purview (V) This video walks you through how to protect sensitive data everywhere you create, view, and access information with one Data Loss Prevention policy in Microsoft Purview. Data Loss Prevention Policy Tips Reference Guide (D) and Quick Overview (V) Please check out the above documentation and short video on where we support policy tips. Create a DLP Policy for Microsoft 365 Online Services (IG) Please use the above interactive guide to see how to create DLP policies. Apply Microsoft Purview Endpoint DLP to Devices (IG) Please use the above interactive guide to see how to create Endpoint DLP policies. Sites for testing documentation (S) The above site details locations where you can get sample data. Scope of DLP Protection for Microsoft Teams (D) The above documentation walks through how DLP protection is applied differently to Teams entities. Manage DLP alerts in the Microsoft Purview compliance portal (LP) The above learning path walks you through managing DLP alerts. Endpoint activities you can monitor and best practices (LP) The above learning path walks you through Endpoint DLP activities and best practices. Troubleshoot and Manage Microsoft Purview Data Loss Prevention for your Endpoint Devices (B) The above blog goes through a quick guide to troubleshooting Endpoint DLP. Microsoft Purview DLP Interactive Guides (IG) Please visit the above home page to see the latest interactive guides walking you through DLP. Learn how to investigate Microsoft Purview Data Loss Prevention alerts in Microsoft 365 Defender (B) This blog is a step-by-step guided walkthrough of the Microsoft 365 Defender Analyst experience for Microsoft Purview Data Loss Prevention (DLP) incident management. Intermediate Knowledge Check Advanced Training Microsoft Defender for Cloud Apps and Data Loss Preventions (D) Please check out the documentation above detailing how the integration to Microsoft Defender for Cloud Apps further enhances your data loss prevention plan. Power BI: Learn about centralized data loss prevention policies (V) This video highlights DLP capabilities with Power BI. Take a unified and comprehensive approach to prevent data exfiltration with Microsoft (V) This video helps show how we can help you prevent unauthorized sharing, use, and transfer of sensitive information across your applications, services, endpoints, and on-premises file shares – all from a single place. Onboard macOS devices into Microsoft 365 (D), capability announcement (B), and additional screengrabs (B) Please use the documentation above to deploy macOS devices into Endpoint DLP and check out the blog to see a few screengrabs on how the user experience. Troubleshooting Guides (D) Resolve issues that affect DLP policy tips Changes to a data loss prevention policy don't take effect in Outlook 2013 in Microsoft 365 DLP policy tips in Security and Compliance Center don't work in OWA/Outlook How to troubleshoot data loss prevention policy tips in Exchange Online Protection in Microsoft 365 Please check out the below documentation to find guides on common issues. Securing data in an AI-first world with Microsoft Purview (B) The above blog details some new updates on AI with Microsoft Purview. Common questions on Microsoft Purview Data Loss Prevention for endpoints (B) This guide covers the top-of-mind FAQs on Microsoft Purview Data Loss Prevention for endpoints (referred to as Endpoint DLP in the blog). Guidance for investigating Microsoft Purview Data Loss Prevention incidents (B) This blog provides guidance for choosing the best investigation experience suited for your organization when using Microsoft Purview Data Loss Prevention. Data Loss Prevention: From on-premises to cloud (PDF) This whitepaper focuses on why you should move to cloud-native data loss prevention. The Microsoft Purview DLP Migration Assistant for Symantec (IG) Follow the above IG to get guidance on migrating from Symantec to Microsoft Purview DLP. Migrating from Windows Information Protection to Microsoft Purview (B) The above blog gives guidance on how to migrate from WIP to the Microsoft Purview stack. Insider Risk in Conditional Access | Microsoft Entra + Microsoft Purview Adaptive Protection (V) The above video goes through how to protect your organization from insider threats with Microsoft Entra's Conditional Access and Adaptive Protection in Microsoft Purview. Please check out this link for a blog with more details. (B) Protect sensitive data throughout its Copilot journey (B) The above details how the native integration enables organizations to leverage the power of GenAI when working with sensitive data as Copilot can understand and honor the controls such as encryption and provide comprehensive visibility into usage. Protect at the speed and scale of AI with Copilot for Security in Microsoft Purview (B) The above blog details the embedded experiences of Copilot for Security in Microsoft Purview (Communication Compliance, Data Loss Prevention, Insider Risk Management, and eDiscovery. Strengthen protection to mitigate data overexposure in GenAI tools with data classification/labeling (B) The blog above goes into detail on OCR, its cost, and how it goes into the AI Realm with Microsoft Purview Information Protection and Data Loss Prevention. Microsoft Purview Exact Data Match (EDM) support for multi-token corroborative evidence (B) The above blog goes into the new feature that improves the accuracy and effectiveness of EDM detection. Advanced Knowledge Check Once you’ve finished the training and the knowledge checks, please go to our attestation portal to generate your certificate; you'll see it in your inbox within 3-5 business days (Coming Soon). We hope you enjoy this training!
