- Microsoft Powerpoint Wants To Use Your Confidential Information Macbook
- Microsoft Powerpoint Wants To Use Your Confidential Information Mac And Windows
2020-4-2 Microsoft 365 licensing guidance for security & compliance. When you create a sensitivity label, you can restrict access to content that the label will be applied to. For example, with the encryption settings for a sensitivity label, you can protect content so that: Only users within your organization can open a confidential document or email. Quit all Microsoft Office for Mac applications. On the Go menu, click Home. Open Library. The Library folder is hidden in MAC OS X Lion. To display this folder, hold down the OPTION key while you click the Go menu. Open the Preferences folder. Look for a file that is named com.microsoft.powerpoint.plist. 2020-4-2 After you or your Mac administrator resets the password of your macOS user account, your Mac might ask you to update your keychain password or enter the password of your login keychain.It might also tell you that the system was unable to unlock your login keychain. That's because your login keychain is still using your old password. 2017-8-24 Messages Agent wants to use your confidential information stored in 'FaceTime: email address.com' in your keychain. Do you want to allow access to this item? Always Allow Deny Allow. This has been happening since i've updated to OS X Yosemite 10.10.
-->Microsoft 365 licensing guidance for security & compliance.
When you create a sensitivity label, you can restrict access to content that the label will be applied to. For example, with the encryption settings for a sensitivity label, you can protect content so that:
- Only users within your organization can open a confidential document or email.
- Only users in the marketing department can edit and print the promotion announcement document or email, while all other users in your organization can only read it.
- Users cannot forward an email or copy information from it that contains news about an internal reorganization.
- The current price list that is sent to business partners cannot be opened after a specified date.
When a document or email is encrypted, access to the content is restricted, so that it:
- Can be decrypted only by users authorized by the label’s encryption settings.
- Remains encrypted no matter where it resides, inside or outside your organization, even if the file’s renamed.
- Is encrypted both at rest (for example, in a OneDrive account) and in transit (for example, a sent email).
Finally, as an admin, when you configure a sensitivity label to apply encryption, you can choose either to:
- Assign permissions now, so that you determine exactly which users get which permissions to content with that label.
- Let users assign permissions when they apply the label to content. This way, you can allow people in your organization some flexibility that they might need to collaborate and get their work done.
The encryption settings are available when you create a sensitivity label in the Microsoft 365 compliance center, Microsoft 365 security center, or Office 365 Security & Compliance Center.
Understand how the encryption works
Encryption uses the Azure Rights Management service (Azure RMS) from Azure Information Protection. This protection solution uses encryption, identity, and authorization policies. To learn more, see What is Azure Rights Management? from the Azure Information Protection documentation.
When you use this encryption solution, the super user feature ensures that authorized people and services can always read and inspect the data that has been encrypted for your organization. If necessary, the encryption can then be removed or changed. For more information, see Configuring super users for Azure Information Protection and discovery services or data recovery.
How to configure a label for encryption
Create or edit a sensitivity label, and on the Encryption page of the wizard, select one of the following options:
- None: The default setting for a new label. No new encryption is applied.
- Apply: Turns on encryption, and you then specify encryption settings.
- Remove: Removes encryption if the document or email is encrypted.
Note
The Remove option is supported by the Azure Information Protection unified labeling client only. When you use built-in labeling, a label with this option is visible in Office apps and services and if selected, the encryption behavior is the same as None.
Configuring the encryption options:
What happens to existing encryption when a label's applied
If a sensitivity label is applied to unencrypted content, the outcome of the encryption options you can select is self-explanatory. For example, if encryption is set to None, the content remains unencrypted.
Protect your Mac from malware. MacOS has many features that help protect your Mac and your personal information from malicious software, or malware. One common way malware is distributed is by embedding it in a harmless-looking app. You can reduce this risk. 2020-3-19 Original Title: Help me to fix “Warning! Spyware detected on your computer!”Alert 'Warning! Spyware detected on your laptop or computer!' , which is really a message i.
However, the content might be already encrypted. For example, another user might have applied:
- Their own permissions, which include user-defined permissions when prompted by a label, custom permissions by the Azure Information Protection client, and the Restricted Access document protection from within an Office app.
- An Azure Rights Management protection template that encrypts the content independently from a label. This category includes mail flow rules that apply encryption by using rights protection.
- A label that applies encryption with permissions assigned by the administrator.
The following table identifies what happens to existing encryption when a sensitivity label is applied to that content:
Encryption: None | Encryption: Apply | Encryption: Remove | |
---|---|---|---|
Permissions specified by a user | Original encryption is preserved | New label encryption is applied | Original encryption is removed |
Protection template | Original encryption is preserved | New label encryption is applied | Original encryption is removed |
Label with administator-defined permissions | Original encryption is removed | New label encryption is applied | Original encryption is removed |
Note that in the cases where the new label encryption is applied or the original encryption is removed, this happens only if the user applying the label has a usage right or role that supports this action:
- The usage right Export or Full Control.
- The role of Rights Management issuer or Rights Management owner, or super user.
If the user doesn't have one of these rights or roles, the label can't be applied and so the original encryption is preserved. The user sees the following message: You don't have permission to make this change to the sensitivity label. Please contact the content owner.
For example, the person who applies Do Not Forward to an email message can relabel the thread to replace the encryption or remove it, because they are the Rights Management owner for the email. But with the exception of super users, recipients of this email can't relabel it because they don't have the required usage rights.
Email attachments for encrypted email messages
When an email message is encrypted by any method, any unencrypted Office documents that are attached to the email automatically inherit the same encryption settings.
Documents that are already encrypted and then added as attachments always preserve their original encryption.
Configure encryption settings
When you select Apply on the Encryption page of the wizard to create or edit a sensitivity label, choose whether to:
- Assign permissions now, so that you can determine exactly which users get which permissions to content that has the label applied. For more information, see the next section Assign permissions now.
- Let users assign permissions when your users apply the label to content. With this option, you can allow people in your organization some flexibility that they might need to collaborate and get their work done. For more information, see the Let users assign permissions section on this page.
For example, if you have a sensitivity label named Highly Confidential that will be applied to your most sensitive content, you might want to decide now who gets what type of permissions to that content.
Alternatively, if you have a sensitivity label named Business Contracts, and your organization's workflow requires that your people collaborate on this content with different people on an ad hoc basis, you might want to allow your users to decide who gets permissions when they assign the label. This flexibility both helps your users' productivity and reduces the requests for your admins to update or create new sensitivity labels to address specific scenarios.
Choosing whether to assign permissions now or let users assign permissions:
Assign permissions now
Use the following options to control who can access email or documents to which this label is applied. You can:
Allow access to labeled content to expire, either on a specific date or after a specific number of days after the label is applied. After this time, users won’t be able to open the labeled item. If you specify a date, it is effective midnight on that date in your current time zone. (Note that some email clients might not enforce expiration and show emails past their expiration date, due to their caching mechanisms.)
Allow offline access never, always, or for a specific number of days after the label is applied. If you restrict offline access to never or a number of days, when that threshold is reached, users must be reauthenticated and their access is logged. For more information, see the next section on the Rights Management use license.
Settings for access control for encrypted content:
Rights Management use license for offline access
When a user opens a document or email that’s been protected by encryption from the Azure Rights Management service, an Azure Rights Management use license for that content is granted to the user. This use license is a certificate that contains the user's usage rights for the document or email, and the encryption key that was used to encrypt the content. The use license also contains an expiration date if this has been set, and how long the use license is valid.
If no expiration date has been set, the default use license validity period for a tenant is 30 days. For the duration of the use license, the user is not reauthenticated or reauthorized for the content. This process lets the user continue to open the protected document or email without an internet connection. When the use license validity period expires, the next time the user accesses the protected document or email, the user must be reauthenticated and reauthorized.
Microsoft Powerpoint Wants To Use Your Confidential Information Macbook
In addition to reauthentication, the encryption settings and user group membership is reevaluated. This means that users could experience different access results for the same document or email if there are changes in the encryption settings or group membership from when they last accessed the content.
To learn how to change the default 30-day setting, see Rights Management use license.
Assign permissions to specific users or groups
You can grant permissions to specific people so that only they can interact with the labeled content:
First, add users or groups that will be assigned permissions to the labeled content.
Then, choose which permissions those users should have for the labeled content.
Assigning permissions:
Add users or groups
When you assign permissions, you can choose:
- Everyone in your organization (all tenant members). This setting excludes guest accounts.
- Any authenticated users. Make sure you understand the requirements and limitations of this setting before selecting it.
- Any specific user or email-enabled security group, distribution group, Office 365 group, or dynamic distribution group.
- Any email address or domain. Use this option to specify all users in another organization who uses Azure AD, by entering any domain name from that organization. You can also use this option for social providers, by entering their domain name such as gmail.com, hotmail.com, or outlook.com.
Note
If you specify a domain from an organization that uses Azure AD, you can't restrict access to that specific domain. Instead, all verified domains in Azure AD are automatically included for the tenant that owns the domain name you specify.
When you choose all tenant members or browse the directory, the users or groups must have an email address.
As a best practice, use groups rather than users. This strategy keeps your configuration simpler.
Requirements and limitations for Add any authenticated users
This setting doesn't restrict who can access the content that the label encrypts, while still encrypting the content and providing you with options to restrict how the content can be used (permissions), and accessed (expiry and offline access). However, the application opening the encrypted content must be able to support the authentication being used. For this reason, federated social providers such as Google, and onetime passcode authentication work for email only, and only when you use Exchange Online. Microsoft accounts can be used with Office 365 apps and the Azure Information Protection viewer.
Some typical scenarios for the any authenticated users setting:
- You don't mind who views the content, but you want to restrict how it is used. For example, you don't want the content to be edited, copied, or printed.
- You don't need to restrict who accesses the content, but you want to be able to confirm who opens it.
- You have a requirement that the content must be encrypted at rest and in transit, but it doesn't require access controls.
Choose permissions
When you choose which permissions to allow for those users or groups, you can select either:
- A predefined permissions level with a preset group of rights, such as Co-Author or Reviewer.
- Custom permissions, where you choose one or more usage rights.
For more information to help you select the appropriate permissions, see Usage rights and descriptions.
Note that the same label can grant different permissions to different users. For example, a single label can assign some users as Reviewer and a different user as Co-author, as shown in the following screenshot.
To do this, add users or groups, assign them permissions, and save those settings. Then repeat these steps, adding users and assigning them permissions, saving the settings each time. You can repeat this configuration as often as necessary, to define different permissions for different users. How do i activate microsoft office on my mac.
Rights Management issuer (user applying the sensitivity label) always has Full Control
Encryption for a sensitivity label uses the Azure Rights Management service from Azure Information Protection. When a user applies a sensitivity label to protect a document or email by using encryption, that user becomes the Rights Management issuer for that content.
The Rights Management issuer is always granted Full Control permissions for the document or email, and in addition:
- If the encryption settings include an expiration date, the Rights Management issuer can still open and edit the document or email after that date.
- The Rights Management issuer can always access the document or email offline.
- The Rights Management issuer can still open a document after it is revoked.
For more information, see Rights Management issuer and Rights Management owner.
Let users assign permissions
You can use these options to let users assign permissions when they manually apply a sensitivity label to content:
In Outlook, a user can select restrictions equivalent to the Do Not Forward option for their chosen recipients.
In Word, PowerPoint, and Excel, a user is prompted to select their own permissions for specific users, groups, or organizations.
Note
This option for Word, PowerPoint, and Excel is supported by the Azure Information Protection unified labeling client. For apps that use built-in labeling, support is currently in preview for Windows and Mac.
If this option is selected but isn't supported for a user's app, either that label doesn't display to the user, or (currently rolling out in preview for iOS and Android) the label displays for consistency, but it can't be applied with an explanation message to users.
When the options are supported, use the following table to identify when users see the sensitivity label:
Setting | Label visible in Outlook | Label visible in Word, Excel, PowerPoint |
---|---|---|
In Outlook, enforce restrictions equivalent to the Do Not Forward option | Yes | No |
In Word, PowerPoint, and Excel, prompt users to specify permissions | No | Yes |
When both settings are selected, the label is therefore visible in both Outlook and in Word, Excel, and PowerPoint.
A sensitivity label that lets users assign permissions can be applied to content only manually by users; it can't be auto-applied or used as a recommended label.
Configuring the user-assigned permissions:
Outlook restrictions
In Outlook, when a user applies a sensitivity label that lets them assign permissions to a message, the restrictions are the same as the Do Not Forward option. The user will see the label name and description at the top of the message, which indicates the content's being protected. Unlike Word, PowerPoint, and Excel (see the next section), users aren't prompted to select specific permissions.
When the Do Not Forward option is applied to an email, the email is encrypted and recipients must be authenticated. Then, the recipients cannot forward it, print it, or copy from it. For example, in the Outlook client, the Forward button is not available, the Save As and Print menu options are not available, and you cannot add or change recipients in the To, Cc, or Bcc boxes.
Unencrypted Office documents that are attached to the email automatically inherit the same restrictions. The usage rights applied to these documents are Edit Content, Edit; Save; View, Open, Read; and Allow Macros. If the user wants different usage rights for an attachment, or the attachment is not an Office document that supports this inherited protection, the user needs to protect the file before attaching it to the email.
Word, PowerPoint, and Excel permissions
In Word, PowerPoint, and Excel, when a user applies a sensitivity label that lets them assign permissions to a document, they are prompted to specify their choice of users and permissions when the encryption is applied.
For example, with the Azure Information Protection unified labeling client, users can:
- Select a permission level, such as Viewer (which assigns View Only permission) or Co-Author (which assigns View, Edit, Copy, and Print permissions).
- Select users, groups, or organizations. This can include people both inside or outside your organizations.
- Set an expiration date, after which the selected users cannot access the content. For more information, see the above section Rights Management use license for offline access.
For built-in labeling, users see the same dialog box if they select the following:
Windows: File tab > Info > Protect Document > Restrict Access > Restricted Access
MacOS: Review tab > Protection > Permissions > Restricted Access
Example configurations for the encryption settings
For each example that follows, do the configuration from the Encryption page of the wizard when you create or edit a sensitivity label. First make sure that the Encryption is set to Apply:
Example 1: Label that applies Do Not Forward to send an encrypted email to a Gmail account
This label displays only in Outlook and Outlook on the web, and you must use Exchange Online. Instruct users to select this label when they need to send an encrypted email to people using a Gmail account (or any other email account outside your organization).
Your users type the Gmail email address in the To box. Then, they select the label and the Do Not Forward option is automatically added to the email. The result is that recipients cannot forward the email, or print it, copy from it, or save the email outside their mailbox by using the Save As option.
On the Encryption page: For Assign permissions now or let users decide? select Let users assign permissions when they apply the label.
Select the checkbox: In Outlook, enforce restrictions equivalent to the Do Not Forward option.
If selected, clear the checkbox: In Word, PowerPoint, and Excel, prompt users to specify permissions.
Select Next and complete the wizard.
Example 2: Label that restricts read-only permission to all users in another organization
This label is suitable for sharing very sensitive documents as read-only, and the documents always require an internet connection to view them.
This label is not suitable for emails.
On the Encryption page: For Assign permissions now or let users decide? select Assign permissions now.
For Allow offline access, select Never.
Select Assign permissions.
On the Assign permissions pane, select Add these email address or domains.
In the text box, enter the name of a domain from the other organization, for example, fabrikam.com. Then select Add.
Select Choose permissions from present or custom.
On the Choose permissions from present or custom pane, select the dropdown box, select Viewer, and then select Save.
Back on the Assign Permissions pane, select Save.
On the Encryption page, select Next and complete the wizard.
Microsoft Powerpoint Wants To Use Your Confidential Information Mac And Windows
Example 3: Add external users to an existing label that encrypts content
The new users that you add will be able open documents and emails that have already been protected with this label. The permissions that you grant these users can be different from the permissions that the existing users have.
On the Encryption page: For Assign permissions now or let users decide? make sure Assign permissions now is selected.
Select Assign permissions.
On the Assign permissions pane, select Add these email address or domains.
In the text box, enter the email address of the first user (or group) to add, and then select Add.
Select Choose permissions from present or custom.
On the Choose permissions from present or custom pane, select the permissions for this user (or group), and then select Save.
Back on the Assign Permissions pane, repeat steps 3 through 6 for each user (or group) that you want to add to this label. Then click Save.
On the Encryption page, select Next and complete the wizard.
Example 4: Label that encrypts content but doesn't restrict who can access it
This configuration has the advantage that you don't need to specify users, groups, or domains to encrypt an email or document. The content will still be encrypted and you can still specify usage rights, an expiry date, and offline access.
Use this configuration only when you do not need to restrict who can open the protected document or email. More information about this setting
On the Encryption page: For Assign permissions now or let users decide? make sure Assign permissions now is selected.
Configure settings for User access to content expires and Allow offline access as required.
Select Assign permissions.
On the Assign permissions pane, select Add any authenticated users.
For Users and groups, you see AuthenticatedUsers automatically added. You can't change this value, only delete it, which cancels the Add any authenticated users selection.
Select Choose permissions from present or custom.
On the Choose permissions from present or custom pane, select the dropdown box, select Viewerpermissions you want, and then select Save.
Back on the Assign Permissions pane, select Save.
On the Encryption page, select Next and complete the wizard.
Considerations for encrypted content
Encrypting your most sensitive documents and emails helps to ensure that only authorized people can access this data. However, there are some considerations to take into account:
If your organization hasn't enabled sensitivity labels for Office files in SharePoint and OneDrive (public preview):
- Search, eDiscovery, and Delve will not work for encrypted files.
- DLP policies work for the metadata of these encrypted files (including retention label information) but not the content of these files (such as credit card numbers within files).
- Users can't open encrypted files using Office on the web. When sensitivity labels for Office files in SharePoint and OneDrive is enabled, users can use Office on the web to open encrypted files, with some limitations that include encryption that has been applied with an on-premises key (known as 'hold your own key', or HYOK), and encryption that has been applied independently from a sensitivity label.
For multiple users to edit an encrypted file at the same time, they must all be using Office for the web. If this isn't the case, and the file is already open:
- In Office apps (Windows, Mac, Android, and iOS), users see a File In Use message with the name of the person who has checked out the file. They can then view a read-only copy or save and edit a copy of the file, and receive notification when the file is available.
- In Office for the web, users see an error message that they can't edit the document with other people. They can then select Open in Reading View.
The AutoSave functionality in Office apps (Windows, Mac, Android, and iOS) is disabled for encrypted files. Users see a message that the file has restricted permissions that must be removed before AutoSave can be turned on.
Encrypted files might take longer to open in Office apps (Windows, Mac, Android, and iOS).
The following actions for encrypted files aren't supported from Office apps (Windows, Mac, Android, and iOS), and users see an error message that something went wrong. However, SharePoint functionality can be used as an alternative:
- View, restore, and save copies of previous versions. As an alternative, users can do these actions using Office on the web when you enable and configure versioning for a list or library.
- Change the name or location of files. As an alternative, users can rename a file, folder, or link in a document library in SharePoint.
For the best collaboration experience for files that are encrypted by a sensitivity label, we recommend you use sensitivity labels for Office files in SharePoint and OneDrive and Office for the web.
Important prerequisites
Before you can use encryption, you might need to do some configuration tasks.
Activate protection from Azure Information Protection
For sensitivity labels to apply encryption, the protection service (Azure Rights Management) from Azure Information Protection must be activated for your tenant. In newer tenants, this is the default setting, but you might need to manually activate the service. For more information, see Activating the protection service from Azure Information Protection.
Configure Exchange for Azure Information Protection
Exchange does not have to be configured for Azure Information Protection before users can apply labels in Outlook to encrypt their emails. However, until Exchange is configured for Azure Information Protection, you do not get the full functionality of using Azure Rights Management protection with Exchange.
For example, users cannot view encrypted emails on mobile phones or with Outlook on the web, encrypted emails cannot be indexed for search, and you cannot configure Exchange Online DLP for Rights Management protection.
To ensure that Exchange can support these additional scenarios, see the following:
- For Exchange Online, see the instructions for Exchange Online: IRM Configuration.
- For Exchange on-premises, you must deploy the RMS connector and configure your Exchange servers.
Wow, your PowerPoint 2011 for Mac slideshow is such a hit , that your boss wants you to broadcast it to the global offices. With Office 2011 for Mac, you can run a PowerPoint slide show with on your computer, and your audience can watch as your show plays live, online, in a Web browser.
The audience doesn’t even have to have PowerPoint, although a high-speed Internet connection is required for both the presenter and the audience.
Here’s how to broadcast a slide show:
Open your presentation in PowerPoint.
Click the Ribbon’s Slide Show tab, and in the Play Slide Show group, click Broadcast Slide Show.
Alternatively, choose Slide Show→Broadcast Slide Show from the menu bar.
Click the Connect button.
Enter your Windows Live ID and password in the text boxes provided.
If you don’t have a Windows Live ID, click the Get a Live ID button and fill in the required information to sign up.
(Optional) Select the check box to save your password in the Mac OS Keychain so that you don’t have to enter it again in the future.
It may take a minute to log in.
After you log in, the Broadcast Slide Show dialog displays and shows the Broadcast Link. You distribute this link to your audience.
In the Broadcast Slide Show dialog, choose how to send your audience the link to view your slide show. You can choose to send it in an e-mail or to copy it into a chat.
When you’re ready and your audience is watching, click the Play Slide Show button.
When the show is over, the presenter’s Mac shows the presentation in Broadcast view, and the show keeps running for the presenter and the audience until the presenter clicks one of the End Broadcast buttons. The presenter can keep the show alive and re-broadcast the slide show using the Broadcast tab of the Ribbon (retaining the same URL) by not ending the show.
There are some limitations to broadcasting a slide show. The most important one is that sounds and movies won’t play to your audience. Animations and transitions may not play. The Pen tool will display lines on the presenter’s screen, but not on the audience screens.