Protecting PDFs the Native Way

Native Means No Extra Product Needed

In October 2018, Microsoft and Adobe launched the public preview of a “native” integration of rights management protection for Adobe PDF documents. Native means that the PDF files are protected using the ISO standard for PDF encryption (ISO 32000-2:2017) and can be opened and processed by applications which support the standard. Microsoft has also published a list of PDF readers that support protection applied by Azure Information Protection.

PDFs are a very popular way to exchange business documents between organizations. The big advantage for companies who invest in Azure Information Protection is that they will no longer need to buy, deploy, and manage third-party add-on products to read protected PDFs. Instead, they’ll be able to use Adobe Acrobat (Microsoft’s preferred reader) to open and interact with protected PDFs and have the rights defined for the file respected by the reader.

Figure 1 shows the security information for a PDF protected with Azure Information Protection. One disappointing point is that you don’t see the name of the template applied to protect the file (in this case, “Confidential”). This feature might be added by the time the preview turns into a generally available product.

AIP-Acrobat
Figure 1: Viewing the Security information for a PDF protected with Azure Information Protection

Unlike previous third-party implementations of rights-management protected PDFs, which use a PPDF file extension to show the encrypted nature of the files, native-protected files keep their PDF file extension.

New Software Needed

To apply native protection to PDF files, you need the latest version of the Azure Information Protection client. To read the files, you need a supported reader that understands both the ISO standard and how to display the rights assigned by Azure Information Protection, such as Adobe Acrobat (third-party readers like Foxit are also available). To use Acrobat, you currently need the preview released on October 12, which contains a preview of the integration plug-in. Both the reader and the plug-in must be installed.

Available in 2019

It’s important to underline that what’s been released is a preview that is not intended for use in production and only supports a specific version of Adobe Acrobat for now. Microsoft and Adobe aren’t saying when the native integration will be generally available, but I expect this to happen in or around early 2019. The new capability should be popular with Office 365 tenants as it will remove some complexity (and maybe cost) from their protection infrastructures.


All aspects of Azure Information Protection (including protected PDFs) are covered in Chapter 24 of the Office 365 for IT Pros eBook.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.