Monday, March 6, 2017

Windows 10, v1507 End of Servicing?

Windows 10 has already with us for some time, coming to 2 years in July 2017. There are 3 build/version since Windows 10 released, v1507, v1511, v1607. Many people asked which build/version should I install? I would answer the latest. That is not because the latest has improvement or new feature set. It is simply because I want to ensure that the Windows keeps receiving its security and critical patches. If you interested on what’s new on every new Windows 10 release.

Yes, according to this site, Windows 10, v1507 end of servicing will be occur in May 2017. End of servicing simply means that Microsoft will not provide security and critical patches to Windows 10, v1507 from May 2017 onwards.

Plan now and move forward with SCCM!!!

WIndows 10 Servicing

Thursday, December 22, 2016

AIP Custom Condition (Regular Expression) Tips

Today I will share my experience on configuring regular expression for automatic or recommended classification. The configuration in Azure Portal is quite straight forward. If you wish to know how to configure, Microsoft actually documented well. Refer to https://docs.microsoft.com/en-us/information-protection/deploy-use/configure-policy-classification

This is how the configuration looks like:

image

Okay, back to the custom condition, it supports Word, Phrase, and Regular Expression. Talking about Regular Expression, there is a lot regular expression tester out there. I personally like this one, http://regexr.com/.

image

Taking (#[A-Z][A-Z&][A-Z][0-9][0-9][0-9][0][2]#) as example, after I built the regular expression, I can test it out at the bottom, and it will be highlighted in blue if it match the regular expression. It is so easy and convenient. After you satisfied, copy the regular expression and paste it to the Azure Portal. Enjoy!!

Tuesday, December 13, 2016

Azure AIP/RMS: SharePoint Permission vs IRM Permission Mapping

Mr.Customer asked me about how SharePoint Permission map to IRM Permission? Will the IRM Permission takeover or replace the SharePoint Permission granted to user?

https://support.office.com/en-us/article/Apply-Information-Rights-Management-to-a-list-or-library-3bdb5c4e-94fc-4741-b02f-4e7cc3c54aa1 This article actually explained the questions above. However, there is a little doubt here. Do we need all the Permission configured on the left in order to map the IRM Permissions?

For example: To map the Full Control IRM Permission. Do we need both Manage Permissions, and Manage Web Site in SharePoint Permission? Or we just need only one of the SharePoint Permission?

image

To answer the little doubt above, I ran few rounds of test in my environment. The answer is any one of the SharePoint Permission. You need either Manage Permissions OR Manage Web Site in SharePoint Permission to map the Full Control IRM Permission.

Another example, if Edit Items SharePoint Permission assigned to the user, he/she will have the Edit, Copy, and Save IRM Permissions. It Doesn’t Requires All 3 SharePoint Permissions (Edit Items, Manage Lists, Add and Customize Pages) To Be Assigned In Order To Map The Edit, Copy, and Save IRM Permissions !! Anyone will do….

I did some further testing by enabling “Allow viewers to write on a copy of the downloaded document” This setting will allow the user to download and edit the downloaded/offline copy. This setting OVERWRITE those with View Items SharePoint Permission OR Read IRM Permission to edit the downloaded /offline copy.

image

My two cents is View Items SharePoint Permission OR Read IRM Permission is meant to control the documents so that user can View only (cannot edit, modify, copy, save, etc). By enabling the “Allow viewers to write on a copy of the downloaded document” simply defeat the purpose of trying to control the documents. Enabling this setting wisely.

So long, and Thanks for reading!