Section about "Conditional Access" is confusing
Closed this issue · 1 comments
We recommend enabling AIP-based conditional access policies for your internal users only.
What does "AIP-based conditional access policies" actually means?
Enable conditional access policies for AIP for internal users only:
Does that mean : a conditional access policy which applies to the application "Microsoft Azure Information Protection (00000012-0000-0000-c000-000000000000)"?
If it is the case, then this is not accurate. When opening a protected document with Word/Excel/PowerPoint the application is "Microsoft Office (d3590ed6-52b3-4102-aeff-aad2292ab01c)"
The documentation should clearly state which conditional access policies' option would require external users to have a guest account in the tenant.
My tests show that a policy with restrict access based on the IP address does not prevent external users without guest account from opening a protected document, but a conditional access policy requiring MFA does. (I have not tested further)
Document Details
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
- ID: a93961dd-63a4-e584-4faa-a905a38964e3
- Version Independent ID: 0fe5c8d8-31ef-27f4-b66a-dc93a402aea5
- Content: Known issues - Azure Information Protection
- Content Source: Azure-RMSDocs/known-issues.md
- Service: information-protection
- GitHub Login: @aashishr
- Microsoft Alias: aashishr
Thanks for your dedication to our documentation. Unfortunately, at this time we have been unable to review your issue in a timely manner and we sincerely apologize for the delayed response. We are closing this issue for now, but if you feel that it's still a concern, please respond and let us know. If you determine another possible update to our documentation, please don't hesitate to reach out again. #please-close