The Azure Information Protection client (AIP) for Windows helps you keep important documents and emails safe from people who shouldn't see them, even if your email is forwarded or your document is saved to another location. You can also use this client (AIP) to open documents that other people have protected by using the Rights Management protection technology from Azure Information Protection. Read more information about requirements for AIP https://docs.microsoft.com/en-us/azure/information-protection/get-started/requirements
All you need is a computer that runs at least Windows 7 with Service Pack 1 ,then download and install this free AIP client from Microsoft.
Before you try to install AIP client ,there are few components as prerequisites that needs to be installed on the computer before AIP can process the policies for you.
In this blog post , we will see what are the prerequisites that are required to deploy AIP client and also their detection methods on computers that are running windows 7 SP1 and above.
Since AIP client has 4 prerequisites ,we will use task sequence to deploy AIP client instead of application deployment with dependencies.
1.Microsoft .NET Framework 4.6.2 : AIP Client requires a minimum version of Microsoft .NET Framework 4.6.2 and if this is missing, the installer tries to download and install this prerequisite. When this prerequisite is installed as part of the client installation, your computer must be restarted.
2.Windows PowerShell version 4.0: The PowerShell module for the client requires Windows PowerShell version 4.0, which might need to be installed on older operating systems. For more information, see How to Install Windows PowerShell 4.0. The installer does not check or install this prerequisite for you. To confirm the version of Windows PowerShell that you are running, type $PSVersionTable
in a PowerShell session .
3.Visual C++ Redistributable for Visual Studio 2015 (32-bit version) : For computers running Windows 7 Service Pack 1, install vc_redist.x86.exe from the following download page: Visual C++ Redistributable for Visual Studio 2015
4.If you have Windows 7 SP1, the Azure Information Protection client requires a specific update, KB2533623. If your PC needs this update but it is not installed, installation completes but with a message that the Azure Information Protection client requires this update. Until this update is installed, you won't be able to use all features of the Azure Information Protection client.
In this post, i will not go step by step creation of all the prerequisites instead, will go with some important information like installation program ,detection method and requirements etc.
Note: All these prereq files require reboot including .net, PowerShell . Without reboot ,it will not install any further components hence i leave the reboot to configmgr based on the exit codes (3010 soft reboot,1641 hard reboot)
1.Microsoft .NET Framework 4.6.2 or above:
since there is newer version of .net framework 4.7.1 available ,i will go with this version instead of 4.6.2 (min version) but in detection method ,i will look for .net 4.6.2 and above. If 4.6.2 exist ,i will not do installation of this 4.7.1 and skip this install.
Installation program : "NDP471-KB4033342-x86-x64-AllOS-ENU" /q
Detection Rule: Setting type: Registry ,Hive: Software\Microsoft\NET Framework Setup\NDP\v4\Full ,Value:Release ,data type:Integer , Operator: greater than or equal to 461310 (this is .net 4.6.1 and above)
User experience: Install for system ,weather or not user logged in and determine the behaviour based on return codes.
Requirements: Free disk space: 5GB ,OS :Windows 7 and other OS if you have.
2. Windows PowerShell version 4.0: I am going create both powershell 4.0 and powershell 5.0 as some of the windows 7 machine that has version 2.0 ,cannot be upgraded to 5 directly (at least i have seen some failures)
Installation Program: wusa.exe Windows6.1-KB2819745-x64-MultiPkg.msu /quiet
Detection Method: Powershell
if (($PSVersionTable.PSVersion | Select-Object -ExpandProperty Major) -gt 4 )
{
Write-Host "Installed"
}
else
{
}
Requirement: Windows 7 (for windows 10 ,there will be powershell 5.0 so no need to install for windows 10).
Windows PowerShell version 5.1:
Installation Program: wusa.exe Win7AndW2K8R2-KB3191566-x64.msu /quiet
Detection Method: Powershell
if (($PSVersionTable.PSVersion | Select-Object -ExpandProperty Major) -gt 5 )
{
Write-Host "Installed"
}
else
{
}
Requirement: Windows 7 (for windows 10 ,there will be powershell 5.0 so no need to install for windows 10).
3.Visual C++ Redistributable for Visual Studio 2015 (32-bit version) :
Installation program: "vc_redist.x86.exe" /q
Requirement rule: Windows 7 and windows 10.
Detection Method: Powershell . If the client has VC++ 2015 then it will skip the installation .
function Get-InstalledApps
{
if ([IntPtr]::Size -eq 4) {
$regpath = 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*'
}
else {
$regpath = @(
'HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*'
'HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*'
)
}
Get-ItemProperty $regpath | .{process{if($_.DisplayName -and $_.UninstallString) { $_ } }} | Select DisplayName, Publisher, InstallDate, DisplayVersion, UninstallString |Sort DisplayName
}
if (Get-InstalledApps | where {$_.DisplayName -like "Microsoft Visual C++ 2015 Redistributable*"})
{
Write-Host "Installed"
}
else
{
}
4. Azure Information Protection Client: Download AIP client (AzInfoProtection.exe) from https://portal.azurerms.com/#/download (this link has both viewer and client)
Also download the KB article as said in the prereq document .
Installation Program: Create a batch script and use the following code into it. (After the patch installation is done ,it will proceed to install AIP client and no reboot is required).
REM Install the KB article
wusa.exe "%~dp0Windows6.1-KB2533623-x64.msu" /quiet /norestart
sleep 10
REM Install Azure information protection client
AzInfoProtection.exe AllowTelemetry=0 /quiet /norestart
Detection Method: Windows installer: {30F836D2-A60B-4899-A369-B0FCA2884EAF}
Requirements : Windows 7 and windows 10.
If you are installing the AIP client on computers that run Office 2010 and your users are not local administrators on their computers or you do not want them to be prompted then you must supply ServiceLocation.
If the client was not installed with the ServiceLocation parameter, when you first open one of the Office applications that use the Azure Information Protection bar (for example, Word), you must confirm any prompts to update the registry for this first-time use. Service discovery is used to populate the registry keys.
Ex: AzInfoProtection.exe /quiet /norestart ServiceLocation=https://a44b2fd2-6a02-4d36-86b4-0017a1cede50.rms.eu.aadrm.com
How to get Service location ,please refer the document here
With this ,we have created 5 applications and now we can use task sequence to deploy these applications in sequence given below.
1.Microsoft .Net Framework 4.6.2/4.7.1
2. Microsoft Powershell 4.0
3.Microsoft Powershell 5.1
4.Microsoft VC++ 2015
5.Microsoft AIP client
Troubleshooting:
Deploy the task sequence to collection (machine based) and follow the logs smsts.log,appenforce.log
References:
https://docs.microsoft.com/en-us/information-protection/rms-client/client-user-guide
https://docs.microsoft.com/en-us/information-protection/rms-client/install-client-app
https://docs.microsoft.com/en-us/azure/information-protection/rms-client/client-admin-guide-install