Protect documents to HKUST users

When there are needs to protect documents (Word, Excel, PowerPoint) to be viewed by HKUST members including staff / students or project account owners, you can use any of the following permission options with Office 2013 / 2016 for Windows or Office 2016 for Mac.

• HKUST - Confidential
• HKUST - Confidential View Only

The table below summarized the properties of the above options:

​​	HKUST - Confidential​	​HKUST - Confidential View Only
​Read	Yes	Yes
​Modify	Yes	​No
​Print	​No	​No
​Copy	​No	​No

HKUST - Confidential View Only:  This content is proprietary information intended for internal users only. This content cannot be modified.

HKUST - Confidential: This content is proprietary information intended for internal users only. This content can be modified but cannot be copied and printed.

To protect your document:

1. Open your Office application such as Word, Excel, PowerPoint
2. Select the File menu
3. Select Protect Document
4. Select HKUST - Confidential or HKUST - Confidential View Only under Restrict Access
   

Read HKUST Confidential Message

To view protected documents, users are advised to use Microsoft Office in any of the following platforms:

• iOS
• Android
• Windows (Outlook 2013 / 2016)
• Mac OS (Outlook 2016)

Protect documents with combination of users

You can also protect Office documents using the option Restrict Access:

1. Open your Office document
2. Click File -> Protect Document -> Restrict Access -> Restricted Access
   
3. Tick the Restrict permission to this document option and enter the email addresses of users in the Read... and Change... boxes separate name with semicolon.
   
4. Click More Options... if you would like others to print your document, etc. if it is necessary
   
5. Click OK and then save your protected document

Protect documents using Azure Information Protection client

Apart from using Microsoft Office to protect your document, user may also Azure Information Protection client with custom protections:

• Install Azure Information Protection client
• How to view files that have been protected?
• How to protect a file on a Windows platform?
• How to tell a file is protected?
• How to change the protection on a file?
• How to remove protection on files?

Install Azure Information Protection client

1. Check if your devices support AIP:
   • Computers:
     • Windows 7, 8, 8.1, 10 (x86, x64)
     • Mac OS X: 10.8 or above
   • Mobile devices:
     • iPhone and iPad: iOS 8.0 or above
     • Android phones and tablets: 4.4 or above
     • Windows phone: 8.1
     • Windows tablets: Windows 10 Mobile and Windows 8.1 RT
2. You can protect documents using the AIP client for Windows 7, 8, 8.1 or 10 only.
3. For Windows/Mac OS, Office 2013 / 2016 (Windows) or Office 2016 (Mac) is required for reading protect documents.
4. For Windows platform, logon your computer with Administrative right.
5. Download the correct the Azure Information Protection client (AzInfoProtection.exe), which is available in various perform, including Windows, Mac OS X, iOS, and Android. (Not all supported client devices support all AIP capabilities, please click here to identify which applications support the AIP capabilities, and the exceptions.)
6. Run AzInfoProtection.exe (some Windows users will need to install Microsoft .Net Framework 4 before you can install the AIP Sharing application. You may skip the configuration for Office 2010 if both Office 2013 and Office 2010 are co-exist in your computer). Below is screen capture for Windows:
   
7. Close the application upon completed the installation
   

How to view files that have been protected?

When the Azure Information Protection client application is installed on your computer or mobile devices (iPad, iPhone), you could view a protected file by simply double-clicking it. The document may be an attachment in an email message, or you may see it when you use File Explorer. You can only view protected document if you have the required permission.

Protected MS Office document files can be opened by Office 2013, 2016 that are enlightened for AIP. For protected PDF, TXT, JPG, PNG files (with .ppdf/.ptxt/.pjpg/.ppng/.pgif file name extension), they must be opened by using Azure Information Protection viewer or Azure Information Protection client.

How to protect a file on Windows platform?

When you protect a file in-place, it replaces the original unprotected file. You can then leave the protected file where it is, and copy it to another folder or device. You can also attach the protected file to an email message.

To protect a file on a device:

1. In File Explorer, select a file to protect. Right-click, and then select Classify and protect.
   
   Note: You can also protect multiple files and a folder. When you select a folder, all the files in that folder are automatically selected for protection. You will need to perform file protection for any newly added files as new files will not be automatically protected.

2. Select Protect with custom permissions with one of the following options:
   • Viewer – View Only
     Users can view the attachments, but cannot print, edit, or copy content.
   • Reviewer – View and Edit
     User can view and edit the attachments, but cannot print or copy content.
   • Co-Author – View, Edit, Copy and Print
     Users can view, edit, copy, and print the attachments, but cannot unprotect the content.
   • Co-owner – All permission
     Users have full control for the attachments; they can view, edit, print, and unprotect the content.
   • Only for me
3. ​Select the users, groups or organizations or type the users email address(es). For example, a Viewer permission for cctest@ust.hk:
   
4. Click Apply and you may see a dialog box telling you that the files are protected.

Note: Only the Windows version can add protection to PDF files.

How to tell a file is protected?

If you are the document owner, just invoke the office document and the Office application will tell you the permission status:

• HKUST - CONFIDENTIAL VIEW ONLY
• HKUST - CONFIDENTIAL
• RESTRICTED ACCESS

For non-office documents such as PDF, PNG, GIF, JPG, etc., you will note a protected icon of the file in the file explorer or just displays name of the protected documents without any indication (with file extension such as .ppdf, .ppng, .pgif or .pjpg) . For the following example, files gifo1 and pdf01 are protected, but not the others:

How to change the protection on a file?

Just follows the steps in How to protect a file on Windows to assign new protection. For files with custom permission together with specified users, you may just update the user list and select the right permission. For example, adding cctestpg@ust.hk@ust.hk to the user groups or permission:

How to remove protection on files?

If you want to remove the protection from a file, right-click the file, click Classify and protect, and then un-check the protect with custom permissions option (Note: You must be an owner of the file to remove the protection).

How to send protected documents via email?

If the document is already protected using  AIP (this is the recommended way to protect documents containing high risk data),  you can just attach the protect document using any email tools such as Outlook, OWA, Thunderbird etc. and sent to the recipients.

In case you would like to send a protected copy of your document using email tools such as Outlook 2013 or Outlook 2016, you may following the steps in Send Confidential Email using Microsoft Outlook. Please note that only the attachment copy in the email is protected while the original document remains UN-protected.

Please note that if your original document is already protected (say with the HKUST - Confidential protection) and you would like to send to specific users using custom permission, the newly selected options (Viewer, Reviewer, Co-Author, Co-Owner) becomes the new protection for the attachment copy.