Escolar Documentos
Profissional Documentos
Cultura Documentos
Before you deploy Azure Information Protection for your organization, make sure that you have the
following prerequisites.
For protection-only: You must have an Office 365 plan that includes Azure Information Protection.
To make sure that your organization's subscription includes the Azure Information Protection
features that you want to use, review the feature list from the Azure Information Protection
pricing page.
If you have questions about licensing, read through the frequently asked questions for licensing.
Tip
Looking to see if your Office 365 plan or Exchange Online standalone plan supports the new
capabilities from Office 365 Message Encryption, to send protected emails to personal email
addresses? For example, Gmail, Yahoo, and Microsoft. Check the following resources:
If you have questions about subscriptions or licensing, do not post them on this page. Instead, see
if they are answered in the frequently asked questions for licensing. If your question is not
answered there, contact your Microsoft Account Manager or Microsoft Support.
https://docs.microsoft.com/en-us/azure/information-protection/requirements 1/5
4/9/2019 Requirements for Azure Information Protection - AIP | Microsoft Docs
Single sign-on (SSO) is supported for Azure Information Protection, so that users are not repeatedly
prompted for their credentials. If you use another vendor solution for federation, check with that
vendor how to configure it for Azure AD. WS-Trust is a common requirement for these solutions to
support single sign-on.
Multi-factor authentication (MFA) is supported with Azure Information Protection when you have
the required client software and correctly configured MFA supporting infrastructure.
For more information about authentication requirements, see Azure Active Directory requirements
for Azure Information Protection.
For more information about the requirements for user and group accounts for authorization,
see Preparing users and groups for Azure Information Protection.
Client devices
Users must have client devices (computer or mobile device) that run an operating system that
supports Azure Information Protection.
The following devices support the Azure Information Protection client, which lets users classify and
label their documents and emails:
In addition to installing the Azure Information Protection client on physical computers, you can also
install it on virtual machines. Check whether the software vendor for the virtual desktop solution
has additional configuration that might be required to run the Azure Information Protection client.
For example, for Citrix solutions, you might need to disable Citrix Application Programming
https://docs.microsoft.com/en-us/azure/information-protection/requirements 2/5
4/9/2019 Requirements for Azure Information Protection - AIP | Microsoft Docs
Interface (API) hooks for Office (winword.exe, excel.exe, outlook.exe, powerpoint.exe) and the Azure
Information Protection client (msip.app.exe, msip.viewer.exe).
For the listed server versions, the Azure Information Protection client is supported for Remote
Desktop Services. If you delete user profiles when you use the Azure Information Protection client
with Remote Desktop Services, do not delete the %Appdata%\Microsoft\Protect folder.
When the Azure Information Protection client protects the data by using the Azure Rights
Management service, the data can be consumed by the same devices that support the Azure Rights
Management service.
The Azure Information Protection client has additional prerequisites that are listed in the admin
guide.
Applications
The Azure Information Protection client can label and protect documents and emails by using the
Office applications Word, Excel, PowerPoint, and Outlook from any of the following Office editions:
Office apps minimum version 1805, build 9330.2078 from Office 365 Business or Microsoft
365 Business when the user is assigned a license for Azure Rights Management (also known
as Azure Information Protection for Office 365)
Other editions of Office cannot protect documents and emails by using a Rights Management
service. For these editions, Azure Information Protection is supported for classification only.
Consequently, labels that apply protection do not display to users on the Azure Information
Protection bar or from the Protect button on the Office ribbon.
The Azure Information Protection client does not support multiple versions of Office on the same
computer. This client also does not support switching user accounts in Office.
For information about which Office editions support the protection service, see Applications that
support Azure Rights Management data protection.
https://docs.microsoft.com/en-us/azure/information-protection/requirements 3/5
4/9/2019 Requirements for Azure Information Protection - AIP | Microsoft Docs
In addition to the information in the Office article, specific to Azure Information Protection:
If you use a web proxy that requires authentication, you must configure it to use integrated
Windows authentication with the user's Active Directory logon credentials.
Tip: Because of how Chrome displays secure connections in the address bar, you can use
this browser to quickly check whether your client connection is terminated before it
reaches the Azure Rights Management service. Enter the following URL into the browser
address bar: https://admin.na.aadrm.com/admin/admin.svc
Don't worry about what the browser window displays. Instead, click the padlock in the
address bar to view the site information. The site information lets you see the issuing
certification authority (CA). If the certificate is not issued by a Microsoft CA, it is very likely
your secure client-to-service connection is being terminated and needs reconfiguration on
your firewall. The following picture shows an example of a Microsoft issuing CA. If you see
an internal CA issued the certificate, this configuration is not compatible with Azure
Information Protection.
On-premises servers
If you want to use the Azure Rights Management service from Azure Information Protection with
on-premises servers, the following products are supported:
Exchange Server
SharePoint Server
https://docs.microsoft.com/en-us/azure/information-protection/requirements 4/5
4/9/2019 Requirements for Azure Information Protection - AIP | Microsoft Docs
For information about the additional requirements for this scenario, see On-premises servers that
support Azure Rights Management data protection.
The following deployment scenario is not supported unless you are using AD RMS for HYOK
protection with Azure Information Protection (the "hold your own key" configuration):
Running AD RMS and Azure RMS side by side in the same organization, except during
migration, as described in Migrating from AD RMS to Azure Information Protection.
There is a supported migration path from AD RMS to Azure Information Protection, and from Azure
Information Protection to AD RMS. If you deploy Azure Information Protection and then decide
that you no longer want to use this cloud service, see Decommissioning and deactivating Azure
Information Protection.
https://docs.microsoft.com/en-us/azure/information-protection/requirements 5/5