-->
Applies to: Azure Information Protection, Office 365
Apple has several parental control features for the Mac to help protect them as they browse the internet, use apps, and play games. You can even set time limits for your little ones' computer activities, so they don't overuse their allotted screen time. Here's how to set up and manage Parental controls on your Mac. Introduced in 2007 and required by 2012, sandboxing is a tool used by macOS to limit the damage that a hijacked app can do. Apple says, “While App Sandbox doesn’t prevent attacks against your app, it does minimize the harm a successful one can cause. MacOS app sandboxing protects users by limiting how much trouble an application can cause. The new MacKeeper app delivers multilayered protection from malware, online threats, and identity theft & Mac performance optimization. Learn what is MacKeeper.
The applications and solutions listed on this page have native support for the Azure Rights Management (Azure RMS) service, which provides data protection for Azure Information Protection.
These applications and solutions are known as 'RMS-enlighted', and have Rights Management and usage restrictions tightly integrated using Rights Management APIs.
- In the early days of SIP, some developers ran into problems when the system would keep core functionality of their apps from working properly because those apps made changes to the way the operating system worked by editing the system files that SIP was now in place to protect.
- Mac App Blocker enables users to block access to Mac applications by placing them on a Blocked Apps list, which is password protected. Mac App Blocker allows users to share their computer or leave it unattended while being assured that their private data cannot be opened. Also, a timeout value may be assigned to each app on the list, so that.
Note
Unless stated otherwise, the supported capabilities apply to both Azure RMS and AD RMS.
AD RMS support on iOS, Android, macOS, and Windows Phone 8.1 also requires the Active Directory Rights Management Services Mobile Device Extension.
Windows RMS-enlightened applications
Type | Supported applications |
---|---|
Word, Excel, PowerPoint | - Microsoft 365 apps - Office 2010 - Office 2013 - Office 2016 - Office 2019 - Office for the web (viewing protected documents) - Web browser |
- Outlook 2010 - Outlook 2013 - Outlook 2016 - Outlook 2019 - Outlook from Microsoft 365 Apps for Enterprise - Web browser - Windows Mail | |
Other file types | - Visio from Microsoft 365 apps, Office 2019, and Office 2016: .vsdm,.vsdx,.vssm, .vstm, .vssx, .vstx - Azure Information Protection client for Windows: Text, images, pfile - SealPath RMS plugin for AutoCAD: .dwg |
macOS RMS-enlightened applications
Type | Supported applications |
---|---|
Word, Excel, PowerPoint | - Microsoft 365 apps, version 16.40 or later - Office 2019 for Mac, version 16.40 or later - Office 2016 for Mac, version 16.16.27 or later - Office for the web - Web browser |
- Outlook 2019 for Mac, version 16.40 or later - Outlook 2016 for Mac, version 16.16.27 or later - Web browser | |
Other file types | RMS sharing app (viewing protected text, images, generically protected files) |
Android RMS-enlightened applications
Type | Supported applications |
---|---|
Word, Excel, PowerPoint | - GigaTrust App for Android - Office for the web - Office Mobile (unless using sensitivity labels, limited to viewing and editing protected documents) - Web browser |
- 9Folders - Azure Information Protection app (viewing protected emails) - BlackBerry Work - GigaTrust App for Android - Citrix WorxMail - NitroDesk - Outlook for Android - Samsung Email (S3 and later) - TITUS Classification for Mobile - Web browser | |
Other file types | Azure Information Protection app (viewing protected text and images) |
iOS RMS-enlightened applications
Type | Supported applications |
---|---|
Word, Excel, PowerPoint | - GigaTrust - Office Mobile - Office for the web - TITUS Docs - Web browser |
- Azure Information Protection app (viewing protected email) - BlackBerry Work - Citrix WorxMail - NitroDesk - Outlook for iPad and iPhone - TITUS Mail - Web browser | |
Other file types | - Azure Information Protection app (viewing protecting text and images) - TITUS Docs: Pfile |
Windows 10 mobile RMS-enlightened applications
Type | Supported applications |
---|---|
Word, Excel, PowerPoint | - Office Mobile apps (viewing protected documents using Azure RMS) - Web browser |
- Citrix WorxMail - Outlook Mail (viewing protected emails) - Web browser | |
Other file types | Not supported |
Blackberry 10 RMS-enlightened applications
Type | Supported applications |
---|---|
Word, Excel, PowerPoint | - Web browser |
- Blackberry email - Web browser | |
Other file types | Not supported |
Additional details about RMS-enlightened applications
For more information about the tables RMS-enlightened applications listed above, see:
Viewing protected content in email clients
When an email client protects a message, any Office files that are attached to the message, and are currently unprotected, are protected together with the email message. In such cases, both the email message and attachments can be viewed in the email client, by authorized recipients only.
However, if only the attachment is protected, but not the email message itself, the attachment cannot be previewed by the email client, even by authorized recipients.
Tip
For email clients that don't support protecting emails, consider using Exchange Online mail flow rules to apply this protection.
Supported text and image file types
File types other than Office files and email messages include text and image file types, with extensions such as .txt,.xml,.jpg, and .jpeg.
These files change their file name extension after they're natively protected by Rights Management, and then become read-only.
Files that cannot be natively protected have a .pfile file name extension after they are generically protected by Rights Management.
For more information, see the File types supported.
Microsoft 365 app support
Includes:
- Office apps minimum version 1805, build 9330.2078 from Microsoft 365 Apps for Business or Microsoft 365 Business Premium. Supported only when the user is assigned a license for Azure Rights Management (also known as Azure Information Protection for Microsoft 365 Business Premium).
- Microsoft 365 Apps for Enterprise.
Viewing protected documents in Office for the web
Supported only with Microsoft SharePoint and OneDrive, and the documents are unprotected before they are uploaded to a protected library.
Web browser support
- Web browsers are supported for Word, Excel, and PowerPoint files, when the Office attachments are protected by using Microsoft 365 Message Encryption with the new capabilities.
- For emails, web browsers are supported only in the following scenarios:
- If both the sender and the recipient are part of the same organization
- If the sender or recipient is using Exchange Online
- If the sender is using Exchange on-premises in a hybrid configuration
Email clients using Exchange ActiveSync IRM
The following email clients use Exchange ActiveSync IRM, which must be enabled by the Exchange administrator:
- Windows Mail
- 9Folders
- GigaTrust App for Android
- NitroDesk
- Outlook for Android
- Samsung Email (S3 and later)
- Outlook for iPad and iPhone
- Blackberry Email
Users can view, reply, and reply all for protected email messages but cannot protect new email messages.
If the email application cannot render the message because the Exchange ActiveSync IRM is not enabled, the recipient can view the email in a web browser when the sender uses Exchange Online, or Exchange on-premises in a hybrid configuration.
Azure RMS support for Office
Azure RMS is tightly integrated into the Word, Excel, PowerPoint, and Outlook apps, where this functionality is often referred to as Information Rights Management (IRM).
See also: Office Applications Service Description
Windows computers for Information Rights Management (IRM)
The following Office client suites support protecting files and emails on Windows computers by using the Azure Rights Management service:
- Office apps minimum version 1805, build 9330.2078 from Microsoft 365 Apps for Business or Microsoft 365 Business Premium when the user is assigned a license for Azure Rights Management (also known as Azure Information Protection for Microsoft 365)
- Microsoft 365 Apps for EnterpriseThese editions of Office are included with most but not all subscriptions that include data protection from Azure Information Protection. Check your subscription information to see if Microsoft 365 Apps for Enterprise ProPlus is included. You'll also find this information in the Azure Information Protection datasheet.
- Office Professional Plus 2019
- Office Professional Plus 2016
- Office Professional Plus 2013
- Office Professional Plus 2010 with Service Pack 2
All editions of Office (with the exception of Office 2007) support consuming protected content.
Azure Rights Management service with Office Professional Plus 2010 and Service Pack 2 or Office Professional 2010 with Service Pack 2
When you use the Azure Rights Management service with Office Professional Plus 2010 and Service Pack 2 or Office Professional 2010 with Service Pack 2, you must also have the AIP client for Windows.
Additionally, this configuration:
- Is not supported on Windows 10.
- Does not support forms-based authentication for federated user accounts. These accounts must use Windows-Integrated Authentication.
- Does not support the ability to override template protection using custom permissions selected with the AIP client. In this scenario, the original protection must first be removed before custom permissions can be applied.
Mac computers for Information Rights Management (IRM)
The following Office client suites support protecting files and emails on macOS by using Azure RMS:
- Microsoft 365 Apps for Enterprise
- Office Standard 2019 for Mac
- Office Standard 2016 for Mac
All editions of Office for Mac 2019 and Office for Mac 2016 support consuming protected content.
Tip
To get started with protecting documents by using Office for Mac, you might find the following FAQ useful: How do I configure a Mac computer to protect and track documents?
Azure Information Protection apps for iOS and Android
The Azure Information Protection app for iOS and Android provides a viewer for rights-protected email messages (.rpmsg files) when these mobile devices don't have an email app that can open protected emails. This app can also open rights-protected PDF files, and pictures and text files that are rights-protected.
If your iOS and Android devices are enrolled by Microsoft Intune, users can install the app from the Company Portal and you can manage the app by using Intune's app protection policies.
For more information about how to use app, see the FAQ for Microsoft Azure Information Protection app for iOS and Android.
The Azure Information Protection client for Windows
The Azure Information Protection (AIP) client includes two versions, with administrator and user guides for each version:
- Unified labeling client:
- Classic client:
Download the relevant app from the Microsoft Azure Information Protection page.
Note
Not sure about the differences between these two versions? See the relevant FAQ.
Rights Management sharing app
For Mac computers, the Rights Management sharing app offers a viewer for protected PDF files (.ppdf), protected text images, and generically protected files. It can also protect image files, but not other files. To protect Office files on these computers, use Office for Mac or Microsoft 365 Apps for Enterprise.
For more information, see the FAQ for Microsoft Rights Management Sharing Application for Mobile Platforms
Download the Rights Management sharing app for Mac computers from the Microsoft Azure Information Protection page.
Other applications that support Azure Information Protection
In addition to the applications listed above, any application that supports the APIs for the Azure Rights Management service can be integrated with Azure Information Protection.
Best Mac Os Apps
Sketch app for windows. Examples may include line-of-business applications written in-house, or applications from software vendors, written using the RSM SDKs.
For more information, see the Azure Information Protection Developer's Guide.
Applications that are not supported by Azure RMS
Applications not currently supported by Azure RMS include:
- Microsoft OneDrive for SharePoint Server 2013
- XPS Viewer
- Applications running on Windows versions earlier than Windows 7, Service Pack 1
Next steps
See also:
- Requirements for Azure Information Protection.
- How applications support the Azure Rights Management service.
- Configuring applications for Azure Rights Management.
For the latest information about solutions that support the Azure Rights Management service and Azure Information Protection, see the blog post, Microsoft Ignite 2019 – Microsoft Information Protection solutions Partner ecosystem showcase.
Published June 17th, 2012 at 8:31 PM EDT , modified April 25th, 2014 at 12:17 PM EDT
Mac OS X is certainly not impervious to malware, and there have been some imperfections in Apple’s handling of security issues over the years. Apps for mac softonic. However, there are some very innovative security features in Mac OS X that can do a lot to help protect you, if you let them. The key is knowing what they are and what they do, so that you don’t unintentionally disable something without understanding the consequences.
File Quarantine
File quarantine is a feature of Mac OS X introduced in Leopard. It is explained very well in Apple Support article HT3662, but here’s the gist of it: when you download a potentially dangerous file using a quarantine-aware application (such as Safari or Mail), that file will be “quarantined.” When you try to open it, the OS will warn you and ask if you really want to open it. Obviously, if you see this warning when trying to open something you didn’t think was an application – for example, if you thought the file was a song in MP3 format or a picture in JPEG format – you probably shouldn’t open it.
Mac Os Protected Apps Windows 10
XProtect
In Snow Leopard, quarantine was expanded to also check for trojans. Quarantine now uses a technology Apple has quietly named XProtect to scan downloads for known malware. The list of recognized trojans has been expanded many times from the original two (RSPlug and iServices) included in 10.6.0, and as of Security Update 2011-003, new malware definitions are downloaded daily, when available. If you try to open a quarantined file that is actually a trojan, you will get a very different and scarier warning that tells you the application is malware.
Example XProtect warning. Image referenced from Apple.com.
Mac Os Must Have Apps
Any of Apple’s applications that allow you to download support quarantine. However, results are more mixed with third-party applications. Some will support quarantine and some will not. Especially when using peer-to-peer file sharing programs, which are one of the biggest vectors for malware, I strongly advise testing support for quarantine. Download an application from a trusted source, and if you can open it without a quarantine warning, you know that the program that downloaded it does not support quarantine and could provide malware with a backdoor into your system by letting it sneak past quarantine.
There are many web sites that will tell you how to turn these “annoying” warnings off. I strongly recommend that you do no such thing, as this can also give malware a way to sneak onto your system. Although this system has its flaws – sometimes not receiving updates in as timely a fashion as would be desired – it is nonetheless an important security feature.
The list of definitions can be found, by those interested in such things, at the following path on a Mac OS X 10.6 or 10.7 system:
/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist
If you choose Go -> Go To Folder in the Finder and paste that path into the window, that will take you there. Getting inside the CoreTypes.bundle “file” manually may be a stumper, otherwise, for those who don’t know the trick.
Gatekeeper
In Mountain Lion (OS X 10.8), Apple added Gatekeeper, which provides for a way to limit what applications are allowed to run based on code signing. Code signing is a method by which a developer uses a security certificate issued by Apple to cryptographically sign their app, verifying ownership of the code found in the app. A code-signed app cannot be modified without breaking the signature.
In System Preferences -> Security & Privacy -> General, you will see a control to set what applications are allowed, via three radio buttons. You can allow only applications downloaded from the Mac App Store, the most restrictive option. In this case, applications you downloaded from any other source will not open.
You can also choose to allow applications from the App Store and those from “identified developers.” This means that applications from outside the App Store will work if they have been code-signed by a developer who is registered with Apple. Although malware has been seen now and then with a valid developer signature (either stolen or registered with false credentials), that hasn’t become common. In addition, every time this has happened, Apple simply revoked the certificate in question, halting the spread of the malware. This is probably the ideal setting for most people, since it provides a significant amount of protection without being too restrictive.
The third radio button allows you to give any application, regardless of source, the right to run. This is the same behavior as in previous systems, and you should still have XProtect defending you against known malware. However, malware has been known to get past XProtect, since XProtect – like any anti-malware software – can only protect against known threats. This is the least safe option, and I discourage its use.
Free Apps For Mac
Fortunately, if you want to open a legit app that has not been signed, there’s a way to do that without changing the setting… simply control-click the app and choose Open from the menu that appears. This will result in a warning, but you will be allowed to open the app if you choose to, rather than being blocked completely. App memory full mac.
Gatekeeper is integrated with the quarantine system, and thus is only capable of blocking applications that would trigger a quarantine warning (ie, those that are downloaded from the internet via quarantine-aware apps). Do not be surprised when your Gatekeeper preference does not appear to be respected for apps that were already on your machine at the time you installed Mountain Lion. For good or for ill, those apps are considered to be “trusted” apps, and will not be blocked by Gatekeeper.
It is important to understand that quarantine, XProtect and Gatekeeper will not protect you against malware that enters your system through vulnerabilities in third-party software, such as Java or Flash. Such software can provide a back door that lets that malware sneak in behind the system’s back. As such, I highly recommend disabling Java if you have it enabled, or not installing it in the first place in Lion and Mountain Lion. Flash is less easy to do without, but you could use a browser that provides “click to play” access to plugins, or the ClickToPlugin extension for Safari, to make Flash a bit safer.
If you do have Flash or Java installed and enabled in your web browser, Apple has established a pattern of blocking insecure versions of these plugins whenever vulnerabilities are discovered that could affect Mac users. The XProtect system was updated to include minimum allowed versions of these plugins, and these minimum versions are changed as needed. This prevents those vulnerabilities from being used to infect Mac users (after XProtect gets updated, at least). As with quarantine, this has caused some unrest among those who want to run old plugins, but I strongly recommend that you do not follow any instructions that tell you how to modify these minimum version numbers!
Adware
Mac OS X does not currently protect you very well against adware. There are a number of adware programs out there these days, which get installed through devious methods. Sometimes they are included with installers downloaded from unscrupulous download sites, such as Softonic or Download.com. Sometimes they are found on sites offering Adobe Flash Player updates, video plug-ins, video streaming apps and other assorted junkware, but what you end up downloading is really just an adware installer with no signs of the promised software. Often they are found when downloading files from torrents or from piracy sites (like Pirate Bay).
Unfortunately, most adware is not detected by XProtect in Mac OS X, nor is it blocked by Gatekeeper. In fact, most anti-virus apps won’t even detect adware at all, and if they do, they only call it a PUA (Potentially Unwanted Application) or PUP (Potentially Unwanted Program) rather than actually calling it adware.
If you think you might be infected with some kind of adware, see my Adware Removal Guide for assistance.
<- What are the threats? | Do I need anti-virus software? -> |