Protected PDFs Now Generally Available with Microsoft Information Protection

Glitches Removed and Smoother Operation

Following October’s preview of a joint effort between Microsoft and Adobe to support Azure Information Protection for PDF files, the integration reached General Availability on December 11. As you’d expect, some of the glitches observed in the preview have been cleaned up and the integration seems pretty solid, like better visibility of Microsoft Information Protection (MIP) label information in protected files.

Azure Information Protection detail in a protected PDF

I tested the integration with the latest version of Adobe Acrobat DC. First, I removed all traces of the preview integration, including an older version of the Unified Labeling client, Acrobat DC, and the AIP plug-in. I then rebooted my PC and installed the latest version of the Unified Labeling client, Acrobat DC, and the plug-in. Everything worked as expected.

PowerShell Protection

Cmdlets to work with Microsoft Information Protection labels are included in the AIPService PowerShell module. You can use these cmdlets to protect PDFs in bulk. Before starting, you need to know the GUID for the label you want to apply. You can get this by running the Get-Label cmdlet in the Exchange Online Management module (use the Connect-IPSSession cmdlet to connect to the compliance endpoint first). Equipped with the label GUID, we can construct some code to find a set of files and apply the label to each file. Here’s a quick example that you can easily customize by setting the target location and target files variables to point to the files you want to process.

$TargetLocation = “c:\Temp\”
$TargetFiles = “*.pdf”
$Files = (Get-ChildItem ($TargetLocation + $TargetFiles) -File -Recurse)
ForEach ($F in $Files) {
   $FileName = $TargetLocation + $F.Name
   $FileStatus = (Get-AipFileStatus -Path $FileName)  
   If ($FileStatus.IsLabeled -eq $False) {
      Set-AIPFileLabel -Path $FileName -Label $LabelId }

Protected PDFs in Office 365

The current integration works with both the older AIP and Office 365 sensitivity labels labels and is designed to operate with files stored in Windows. PDFs are very popular in Office 365 environments, so it’s likely that protected PDFs will end up inside Office 365 as email attachments or stored in SharePoint Online and OneDrive for Business.

If you upload a protected PDF to a SharePoint Online document library and then try to open it, SharePoint can use the browser or an online viewer. If you use the Edge browser, it supports protected documents. Other browsers will use the viewer which doesn’t work with protected PDFs. You’ll have to download the PDF to a PC that has a supported PDF reader (like the Azure Information Protection viewer or Acrobat DC with the plug-in)  installed to be able to read the content.

Error when accessing a protected PDF

Future Integration with Office 365?

It’s possible that Microsoft and Adobe will work together to enhance the integration by extending it into Office 365 so that access to protected PDFs is smoother and that users can use Office 365 sensitivity labels to protect PDFs in addition to AIP labels. 

For more information about Microsoft Information Protection and rights management protection, read Chapter 24 of the Office 365 for IT Pros eBook.

3 Replies to “Protected PDFs Now Generally Available with Microsoft Information Protection”

    1. You need an Azure Information Protection (P1) license to protect content (including PDFs) with AIP.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.