This has been a major feature missing on the Azure Information Protection Unified Labelling client; the ability to track and revoke access to protected documents.

If you have been using Azure RMS/Azure Information Protection (the ‘classic’ one), you already know this feature has been available for quite some time.

Well, the new version of the AIP Unified client (2.9.111.0) – available for download here https://www.microsoft.com/en-us/download/details.aspx?id=53018) – is now allowing you to enjoy the tracking and revocation feature too.

Your administrator has nothing to do to enable the tracking feature; this is enabled by default.

However, if your administrator wish to turn it off the below command can be executed

Set-LabelPolicy -Identity Global -AdvancedSettings @{EnableTrackAndRevoke=”False”}

Once you have installed the latest version of the AIP client, you can then revoke access directly from the Sensitivity button

 

Any document protected with AIP prior to the client upgrade will be automatically registered for tracking the next time they are opened with the updated client.

The tracking capability still does not use the tracking portal we used to have with the ‘classic’ version.

You will need to use the below PowerShell commands to first get the ContentID of your document and then use it to get the tracking information

Get-AipServiceDocumentLog –ContentName <document file name> –Owner <document owner email address> –FromTime <start of the time range to get the tracking details like: “12/01/2020 00:00:00”> -ToTime <end of the time range to get the tracking details like: “12/31/2020 23:59:59”>

Get-AipServiceTrackingLog –ContentId <contentid from the above command>