Azure Information Protection unified labeling client - Version release history and support policy
Applies to: Azure Information Protection, Windows 10, Windows 8.1, Windows 8, Windows 7 with SP1, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2
Instructions for: Azure Information Protection unified labeling client for Windows
You can download the Azure Information Protection unified labeling client from the Microsoft Download Center.
After a short delay of typically a couple of weeks, the latest general availability version is also included in the Microsoft Update Catalog with a product name of Microsoft Azure Information Protection > Microsoft Azure Information Protection Unified Labeling Client, and the classification of Updates. This inclusion in the catalog means that you can upgrade the client by using WSUS or Configuration Manager, or other software deployment mechanisms that use Microsoft Update.
For more information, see Upgrading and maintaining the Azure Information Protection unified labeling client.
Servicing information and timelines
Each general availability (GA) version of the Azure Information Protection unified labeling client is supported for up to six months after the release of the subsequent GA version. The documentation does not include information about unsupported versions of the client. Fixes and new functionality are always applied to the latest GA version and will not be applied to older GA versions.
Preview versions should not be deployed for end users on production networks. Instead, use the latest preview version to see and try new functionality or fixes that are coming in the next GA version. Preview versions that are not current are not supported.
Use the following information to see what’s new or changed for a supported release of the Azure Information Protection unified labeling client for Windows. The most current release is listed first. The date format used on this page is month/day/year.
Minor fixes are not listed so if you experience a problem with the unified labeling client, we recommend that you check whether it is fixed with the latest GA release. If the problem remains, check the current preview version (if available).
This client is replacing the Azure Information Protection client (classic). To compare features and functionality with the classic client, see Compare the clients.
When you use the advanced setting OutlookDefaultLabel to set a different default label for Outlook, and the label you specify doesn't have any sublabels for the label policy, the label is correctly applied.
When the Azure Information Protection client is used in an Office app, a user with an Active Directory account that isn't configured for single sign-on is prompted to authenticate for Azure Information Protection. After successfully authenticating, the client status correctly changes to online, which enables labeling functionality.
Supported through 03/03/2020
The client can successfully download its policy and display the current sensitivity labels. This fix is required after upgrading from a previous version and you haven't configured any custom information types in your labeling center.
General performance and stability improvements.
Supported through 02/06/2020
Support for advanced settings that you configure with PowerShell for the Security & Compliance Center.
These advanced settings support the following customizations:
- Display the Information Protection bar in Office apps
- Exempt Outlook messages from mandatory labeling
- Enable recommended classification in Outlook
- Set a different default label for Outlook
- Remove "Not now" for documents when you use mandatory labeling
- Remove headers and footers from other labeling solutions
- Disable custom permissions in File Explorer
- For files protected with custom permissions, always display custom permissions to users in File Explorer
- For email messages with attachments, apply a label that matches the highest classification of those attachments
- Add "Report an Issue" for users
- Implement pop-up messages in Outlook that warn, justify, or block emails being sent
- Disable sending discovered sensitive information in documents to Azure Information Protection analytics
- Disable sending information type matches for a subset of users
- Migrate labels from Secure Islands and other labeling solutions
- Apply a custom property when a label is applied
- Configure a label to apply S/MIME protection in Outlook
- Specify a default sublabel for a parent label
- Specify a color for the label
Support for labels that are configured for user-defined permissions for Word, Excel, PowerPoint, and File Explorer. For more information, see the Let users assign permissions section in the Office documentation.
PowerShell changes in the AzureInformationProtection module:
- New cmdlet: New-AIPCustomPermissions - replaces New-RMSProtectionLicense to create an ad-hoc policy for custom permissions
- New parameters:
- CustomPermissions and RemoveProtection - added to Set-AIPFileLabel
- OnBeHalfOf - added to Set-AIPAuthentication, to be used instead of the Token parameter for non-interactive sessions
- WhatIf and DiscoveryInfoTypes - added to Set-AIPFileClassification, so that this cmdlet can run in discovery mode without applying labels
- Deprecated cmdlets that connect directly to a protection service: Clear-RMSAuthentication, Get-RMSFileStatus, Get-RMSServer, Get-RMSServerAuthentication, Get-RMSTemplate, Protect-RMSFile, Set-RMSServerAuthentication, Unprotect-RMSFile
After you change to an alternative locale in Windows, you can still apply a label with protection to a PDF document.
When a label is removed from content, protection is also removed only when it was applied as part of the label configuration. If the protection was applied independently from the label, that protection is preserved. For example, a user applied custom permissions to a file.
When automatic labeling is configured, the label applies the first time a document is saved.
Default labeling supports sublabels.
Supported through 02/15/2020
This release has a single fix to resolve a race-condition issue where sometimes, no labels display in Office apps or File Explorer.
Supported through 11/01/2019
This first general availability version of the Azure Information Protection unified labeling client for Windows supports the following features:
Upgrade from the Azure Information Protection client.
Manual, automatic, and recommended labeling: For more information about configuring automatic and recommended labeling for this client, see Apply a sensitivity label to content automatically.
File Explorer, right-click actions to classify and protect files, remove protection, and apply custom permissions.
A viewer for protected text and image files, protected PDF files, and files that are generically protected.
PowerShell commands to do the following:
Auditing data and endpoint discovery support for central reporting by using Azure Information Protection analytics.
The following label and policy settings:
- Visual marking (headers, footers, watermarks)
- Default labeling - currently limited to labels without sublabels
- Labels that apply Do Not Forward and display in Outlook only
- Justification prompts if users lower the classification level or remove a label
- Colors for the labels
Policy refresh from the admin centers:
- Each time an Office app starts and every 4 hours
- When you right-click to classify and protect a file or folder
- When you run the PowerShell cmdlets for labeling and protection
A Help and feedback dialog box, which includes reset settings and export logs.
For full details, see the comparison tables.
For more information about installing and using this client: