AIP – The new Azure Information Protection Unified Labelling client now supports tracking and access revocation (preview)

This has been a major feature missing on the Azure Information Protection Unified Labelling client; the ability to track and revoke access to protected documents.

If you have been using Azure RMS/Azure Information Protection (the ‘classic’ one), you already know this feature has been available for quite some time.

Well, the new version of the AIP Unified client (2.9.111.0) – available for download here https://www.microsoft.com/en-us/download/details.aspx?id=53018) – is now allowing you to enjoy the tracking and revocation feature too.

Your administrator has nothing to do to enable the tracking feature; this is enabled by default.

However, if your administrator wish to turn it off the below command can be executed

Set-LabelPolicy -Identity Global -AdvancedSettings @{EnableTrackAndRevoke=”False”}

Once you have installed the latest version of the AIP client, you can then revoke access directly from the Sensitivity button

image_thumb  image_thumb[1]

Any document protected with AIP prior to the client upgrade will be automatically registered for tracking the next time they are opened with the updated client.

The tracking capability still does not use the tracking portal we used to have with the ‘classic’ version.

You will need to use the below PowerShell commands to first get the ContentID of your document and then use it to get the tracking information

Get-AipServiceDocumentLog –ContentName <document file name> –Owner <document owner email address> –FromTime <start of the time range to get the tracking details like: “12/01/2020 00:00:00”> -ToTime <end of the time range to get the tracking details like: “12/31/2020 23:59:59”>

Get-AipServiceTrackingLog –ContentId <contentid from the above command>

Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies