Revoke Access to Sensitive Documents with the E-Visor Teams App & MIP
Today we will look at how the E-Visor Teams App empowers end users to control access to their sensitive files, directly from Microsoft Teams, using the revocation feature in Microsoft Information Protection (MIP). In a previous blog post, we looked at how the E-Visor Teams App shows authors who has opened their sensitive files and from where. This information is invaluable to help authors take ownership over the security of their sensitive files. And think of the productivity benefits – with the E-Visor Teams App, we can show authors who has reviewed an important document and who has not!
Knowledge is power, but with the E-Visor Teams App, we can go further. What happens if an author sees file access attempts that appear unusual?
Luckily, MIP offers a revocation feature, which prevents new access attempts to a protected file, locking it safely from all users except the author (and, of course, the administrator). The E-Visor Teams App makes this feature actionable and easy to use.
Why revoke a document?
An author may want to revoke access to a sensitive file for any number of reasons. Imagine a scenario where a user sent out an old or unapproved version of a file by mistake. As soon as our user realizes his or her mistake, they can take immediate action to prevent the further spread of this version and replace it with something more appropriate.
An author could revoke access to a sensitive file after seeing an access attempt from a user or location that seems suspicious. Imagine reviewing access attempts from the E-Visor Teams App and seeing an external user, even a competitor, attempt to open an internal-only document! Or imagine seeing an access attempt by a colleague coming from another country, when you know that user is sitting in the desk next to you! In either scenario our author can decide to immediately revoke access to the document.
In these, and similar, situations, your end users have the context necessary to know if these access attempts are expected or unexpected events and the E-Visor Teams App gives them the ability to respond accordingly. And, after authors revoke access to a file, they can continue to track access attempts to that file.
How does it work?
End users can immediately revoke access to any document they applied protection to, directly from the Information Protection section of the E-Visor Teams App. Simply find the file in the details table shown below and select the Revoke option.
E-Visor initiates the request on the author’s behalf and, within a few minutes, MIP will no longer issue new use licenses for the file. This means that new users will be unable to open the file, even if they had permissions assigned to them before the revocation action. It also means that users who had previously opened the file will no longer be able to open it after their use license expires. Use license expiration is controlled by the Allow offline access option when creating a sensitivity label:
By default, a use license will expire 30 days after issued by MIP; however, this is configurable on a per-label basis. If, for example, you configure the label to never allow offline access, a recipient will need to acquire a new use license each time he or she opens the protected file, in a process completely transparent to the end user unless the user is offline. In this example, revocation will apply immediately to all users, whether they have opened the file previously or not.
If your user thinks that further action is warranted, he or she can contact the support desk via Teams chat, Teams call, or e-mail directly from the E-Visor Teams App. Give your users knowledge and control over the use of their sensitive files and watch how they help strengthen the security posture of your organization’s most important information.
Currently, the revocation feature is unavailable to users with the MIP client built into Office. In these types of implementations, the only way to revoke a file is using PowerShell, an option realistic for only the savviest of your users. If your organization uses the built-in client, they have no recourse to respond to anomalous usage of their sensitive files! Going further, the built-in client is the only MIP client version available for Macs and mobile devices, meaning that users on these devices are unable to revoke access to documents.
Users with the Unified Labeling client can revoke access in Office from the document itself. However, E-Visor Teams App offers a streamlined experience:
- Revoke access from anywhere: Your user may discover a need to revoke a document from a different device than that used to protect the file. With the E-Visor Teams App, revoke access to a document from anywhere you can use Teams, even without access to the file and even from a Mac or mobile device. A user can also revoke multiple files simultaneously.
- Intelligent reporting: The reporting available in the E-Visor Teams App is the catalyst to discover anomalous usage of your sensitive files! Without the reporting component to tell users which files may have been compromised, users won’t know to act.
- Additional actions: Authors can configure automatic notifications to alert them anytime a user successfully or unsuccessfully opens a file. They can also proactively notify support for follow-up, all from a central location. With the E-Visor Teams App an author can see who tries to open a revoked document and proactively respond.
- Surface relevant information: The E-Visor Teams App highlights the most relevant information for your users, who can quickly see how many users have successfully and unsuccessfully attempted to open their protected files. From this summary information, authors can easily drill down for more information and actions.
We are so excited to see organizations like never before embracing MIP; let us help you get the most out of it!