How-to Guides

1. Getting Started - Supported Systems and Required Software
2. Viewing Encrypted Documents
3. Protecting Documents with Sensitivity Labels
4. Encrypting Office Documents or PDF Files Using the AIP Client (Windows only)
5. Change the Protection on a File
6. Removing encryption from a protected file
7. Reading Restricted Email Message and documents
8. Sending Confidential Emails Using Microsoft Outlook

1. Getting Started - Supported Systems and Required Software

Follow the links below to view the installation instructions of the required software.

(Important: Remember to sign in to your Microsoft Office with your ITSC username and password after the installation.)

2. Viewing Encrypted Documents

a. Viewing encrypted office documents (e.g. Word, Excel, PowerPoint)

If you are not authorized to open the encrypted document, you will see an error screen instead.  You may need to check with the document owner to see if you have the necessary permission to open the document.

b. Viewing encrypted files other than Microsoft Office documents

1. For PC user users, start the Azure Information Protection Viewer app
   
2. Press the “Open” button
   
3. Browse the file to open it
   
4. For mobile users, you can send the protected PDF to the AIP Viewer or choose to open it with the AIP Viewer.
   e.g. use the following icon (navigation action) to send it to the AIP Viewer in iOS:  
5. For MacOS users, please use Adobe Reader with Adobe plug-in. 

Please also refers to the other page Viewing Protected PDF Files for more detail information.
 

If you are authorized to open the encrypted file, you will be able to open it in the AIP client application.  If not, you will see an error message instead.  You may need to check with the document owner to see if you have the necessary permission to open the file.

 

3. Protecting Documents with Sensitivity Labels

a. What are Sensitivity Labels?

A Sensitivity Label is used to quickly apply encryption and permission settings to a document.  Some content markings (e.g. footer or watermark) may also be added to a document to reflect its importance.  

In Microsoft Office, the labels you can use are shown under the Sensitivity button in the Ribbon.

Different labels provide different encryption and permission settings, and may apply visual markings (e.g. footer or watermark) to your documents. Please refer to the previous step to see a summary of sensitivity labels.

Labels with encryption settings should be used to encrypt and protect sensitive or confidential documents.  You may use one of the following two labels to encrypt your documents with different permission settings.

1. Confidential / HKUST Restricted
   It is used to encrypt your documents and allows only HKUST staff members to have the read and write permission.  It will also turn on the footer with “HKUST Restricted” in your document.
   
2. Labels with User-defined Permissions
   The following label is used to encrypt your documents with user-specific permissions.

• Highly Confidential 
  When you apply either one label to your document, a screen will then pop up for you to specify the permission for your intended users.
  
  
  Only the assigned users (whose user accounts you have entered) can open the encrypted document with the assigned permission.

4. Encrypting Office Documents or PDF Files Using the AIP Client (Windows only)

Apart from using Microsoft Office to protect your document, user may also Azure Information Protection client with custom protections. When you protect a file in-place, it replaces the original unprotected file. You can then leave the protected file where it is (either on PC or on-cloud) and copy it to another folder or device. You can also attach the protected file to an email message.

To protect a file on a device:

1. In File Explorer, select a file to protect. Right-click, and then select Classify and protect.
   
   Note: You can also protect multiple files and a folder. When you select a folder, all the files in that folder are automatically selected for protection. You will need to perform file protection for any newly added files as new files will not be automatically protected.

2. Apply a Highly Confidential label (for example)
   
3. Select Protect with custom permissions with one of the following options:
   • Viewer – View Only
     Users can view the attachments, but cannot print, edit, or copy content.
   • Reviewer – View and Edit
     User can view and edit the attachments but cannot print or copy content.
   • Co-Author – View, Edit, Copy and Print
     Users can view, edit, copy, and print the attachments, but cannot unprotect the content.
   • Co-owner – All permission
     Users have full control for the attachments; they can view, edit, print, and unprotect the content.
   • Only for me
4. ​Select the users, groups or organizations or type the users email address(es). For example, a Viewer permission for usera@ust.hk and userb@ust.hk
5. Click Apply and you may see a dialog box telling you that the files are protected.

Note: Only the Windows version can add protection to PDF files.

5. Change the Protection on a File

Follow the steps in Encrypting Office documents or PDF files using AIP Client to assign new label or permission settings for the file. 

For files with custom permission together with specified users, you may just update the user list and modify the permission settings.  For example, adding userc@ust.hk@ust.hk to Select users, groups or organizations section to enable userc@ust.hk (in additional to usera@ust.hk and userb@ust.hk) to have view only access rights to the document.

6. Removing encryption from a protected file

If you want to remove the protection from a file,

1. Right-click the file
2. Click Classify and protect
3. Click Delete Label and then un-check the protect with custom permissions option (Note: You must be an owner of the file to remove the protection).
   

7. Reading Restricted Email Message and documents

8. Sending Confidential Emails Using Microsoft Outlook