Frequently asked questions for Azure Information Protection

Applies to: Azure Information Protection, Office 365

Have a question about Azure Information Protection, or about the Azure Rights Management service (Azure RMS)? See if it's answered here.

These FAQ pages will be updated regularly, with new additions listed in the monthly documentation update announcements on the Enterprise Mobility and Security Blog.

What's the difference between Azure Information Protection and Azure Rights Management?

Azure Information Protection provides classification, labeling, and protection for an organization's documents and emails. The protection technology uses the Azure Rights Management service; now a component of Azure Information Protection.

What is the role of identity management for Azure Information Protection?

A user must have a valid user name and password to access content that is protected by Azure Information Protection. To read more about how Azure Information Protection helps to secure your data, see The role of Azure Information Protection in securing data.

What subscription do I need for Azure Information Protection and what features are included?

See the subscription information and feature list from the Azure Information Protection site.

If you have an Office 365 subscription that includes Rights Management, download the Azure Information Protection licensing datasheet from the Features page.

Is the Azure Information Protection client only for subscriptions that include classification and labeling?

No. Although most of the presentations and demos you've seen of the Azure Information Protection client show how it supports classification and labeling, it can also be used with subscriptions that include just the Azure Rights Management service to protect data.

When the Azure Information Protection client for Windows is installed and it doesn't have an Azure Information Protection policy, the client automatically operates in protection-only mode. In this mode, users can easily apply Rights Management templates and custom permissions. If you later purchase a subscription that does include classification and labeling, the client automatically switches to standard mode when it downloads the Azure Information Protection policy.

If you currently use the Rights Management sharing application for Windows, we recommend that you replace this with the Azure Information Protection client. Support for the sharing application will end January 31, 2018. To help with the transition, see Tasks that you used to do with the RMS sharing application.

Does Azure Information Protection support on-premises and hybrid scenarios?

Yes. Although Azure Information Protection is a cloud-based solution, it can classify, label, and protect documents and emails that are stored on-premises, as well as in the cloud.

If you have Exchange Server, SharePoint Server, and Windows file servers, you can deploy the Rights Management connector so that these on-premises servers can use the Azure Rights Management service to protect your emails and documents. You can also synchronize and federate your Active Directory domain controllers with Azure AD for a more seamless authentication experience for users, for example, by using Azure AD Connect.

The Azure Rights Management service automatically generates and manages XrML certificates as required, so it doesn’t use an on-premises PKI. For more information about how Azure Rights Management uses certificates, see the Walkthrough of how Azure RMS works: First use, content protection, content consumption section in the How does Azure RMS work? article.

I’ve heard a new release is going to be available soon, for Azure Information Protection—when will it be released?

The technical documentation does not contain information about upcoming releases. For this type of information and for release announcements, check the Enterprise Mobility and Security Blog and get the latest updates from Dan Plastina @TheRMSGuy on Twitter. If it’s an Office release that you’re interested in, be sure to also check the Office blog.

See Compliance and supporting information for Azure Information Protection.

How can I report a problem or send feedback for Azure Information Protection?

For technical support, use your standard support channels or contact Microsoft Support.

For feedback such as suggestions for improvements or new features: In your Office application, on the Home tab, in the Protection group, click Protect, and then click Help and Feedback. In the Microsoft Azure Information Protection dialog box, click Send Us Feedback. This opens an email message to be sent to the Information Protection team. We also invite you to engage with our engineering team, on their Azure Information Protection Yammer site.

What do I do if my question isn’t here?

First, review the frequently asked questions that are specific to classification and labeling, or specific to data protection. The Azure Rights Management service (Azure RMS) provides the data protection technology for Azure Information Protection and Azure RMS can be used with classification and labeling, or without:

If you question isn't answered, use the links and resources listed in Information and support for Azure Information Protection.

In addition, there are FAQs designed for end-users:


Before commenting, we ask that you review our House rules.