MIP and Office Online integration

Many of us have been looking forward to the integration of Microsoft Information Protection (i.e. the Sensitivity Labels) with Office Online.

It’s been a challenge explaining to organisations that documents can be classified and protected with state-of-the-art functions, only to disappoint them by explaining: no, you cannot use them in Office Online. Nor can you use eDiscovery or search, for that matter.

Or explaining the nasty error-message to end-users: “Cannot open this document because it is protected with Information Rights Management”.

During Ignite 2019 we got a glimpse of the new integration with Office and SharePoint Online. And this looks very promising indeed! At this moment we can try out this new integration as it has been release in public preview. Yeah!

So, it’s time to take a look.

Public preview – PowerShell

To be able to use the new integration features, you’ll have to activate them. It’s quite simple and uses PowerShell. Be sure to have the latest SharePoint Online Management PowerShell cmdlets installed. You can find these here.

Login and run this cmdlet.

How does it work?

When opening a document from a SharePoint library (and I’ll be using Word for this), you’ll notice the “Sensitivity” button appear. From a user’s perspective this location makes sense. It’s the same location in the desktop-app. And there you’ll see the labels. Easy!

The label itself can be found in the informationbar at the bottom of the screen. Again, the same as in the desktop-app.

In the library itself you can now add the “Sensitivity” column. You could do this already, but now it shows you the labels 🙂 Please note though: these labels are not metadata-columns! More on that later.

Now some other cool stuff. The document’s preview is available. No more error-messages. This works from the information-pane and also in the thumbnail view.

Quick findings

Ok, so this looks pretty awesome and I like it a lot. But…… I do have some quick findings or thoughts. Please note that these are “working as designed”, but I do expect users to have some questions on these.

Co-autoring with the desktop-app

Co-authoring of protected (i.e. encrypted by MIP) documents is easy and works great in the Online apps. However, when the document is also opened in the desktop-app, this document is locked for editing. The online version switches to  “Reading View” and the document becomes read-only.

Please note that the “Learn More” link does provide reasons why the document cannot be edited. But this reason (it’s protected) isn’t there. So that’s something Microsoft needs to add 🙂

It’s not metadata

I know this  is working as designed and know the reasons why, but this aspect might confuse some people. Although the sensitivity label shows up as a column in the SharePoint library, it is not metadata. Also, a label is applied to a document, not a folder or documentset. Which means:

• There’s no bulk-edit option;
• You cannot change the sensitivity from the information-pane;
• You cannot set a “default” label on the library, folder or metadata level.

Again: I understand the reasons why. But it needs some explaining.

There are some options if you don’t (want to) use automatic classification or a default label. You can use Cloud App Security to set labels in your library. Use a file-policy to do so.

Or, quick and dirty, use OneDrive synch and the unified labeling client 🙂

This works: the documents are classified and the label shows up in Office Online. But in my test-site, the label did not show up in the “Sensitivity” column.

All in all

This really, really looks and works great. But we’re not there yet. Some of the findings really need to be considered. Stay tuned for a follow-up article on the site- and Office Groups classification possibilities (also, in public preview).