Hi everyone, and welcome to an important post for those of you who have been using the document tracking and revocation feature. We received feedback from some of you around privacy and compliance when using this feature and weve tried to address that with this release.
We are excited to release in preview the new Do not track feature which gives organizations flexibility to configure a group of users within their company who should not be tracked because of privacy or compliance reasons.
You can now configure Do not track for users by adding them to a mail enabled group email address from Azure AD (can be a cloud native or sync group). Once configured, you will no longer be able to track activities of users of this group. Admins can configure the feature for specific groups by running new PowerShell commands added to the admin tool.
Lets take a deeper look
In your organization due to privacy and/or compliance reasons if you have users who should not have document tracking activities tracked, add them to a group that is stored in Azure AD, and specify this group with the Set-AadrmDoNotTrackUserGroup cmdlet.
For the members of this group, activities related to documents that others have shared with them is not logged to the document tracking site. In addition, no email notifications are sent to the user who protected and shared the documents.
As you can see in example below, Bob is member of the AIPDonotTrack group.
We have a document shared with both Bob and Tim:
Bob and Tim both viewed the document but we can only see Tims document tracking activities, because Bob is in the AIPDonotTrack group.
A few questions you may have
I have added users to the Do not track group and yet I see their previous document tracking activity in the portal. Why?
This is expected behavior. You will see the users previous (prior to them getting added to Do not track group) document tracking activities in the portal in Timeline, Map pages. The List page on the other hand shows only most recent activity per user so that will not contain the Do not track users activity.
Will admins still be able to track Do not track users document tracking activities?
Yes, but that will be supported soon. Until then no user (including global admins) can view document tracking activities of Do not track users.
Can Do not track users still track and revoke their protected documents?
Absolutely. When you use this configuration in your company, all users including the Do not track user group can still use the document tracking site and revoke access to documents that they have protected.
We know this can be a lot to absorb, and we are here to help! Engage with us on Yammer, Twitter or send us an e-mail to askipteam@microsoft.com.
It really is very easy to get started with AIP. We have a lot of information available to help you, from great documentation to engaging with us via Yammer and e-mail. What are you waiting for? Get to it!
- Download the new unified client from our Download Center
- Start a trial and kick the tires
- Learn more about Information Protection
- Get deep technical and scenario documentation
Thank you,
Dan Plastina on behalf of our enthusiastic Azure IP team.
Twitter: @DanPlastina
Useful links: aka.ms/DanPlastina (PDF)