At last, two remaining questions to be answered.

1) One of the attendees of the hands-on lab on Dynamic Access Control had read that a normal user (without administrative permissions) can classify files and folders. However, he hadn’t succeeded in achieving it. Here is what I tried and understood:

i. Any user cannot change classification via explorer remotely (or at least I failed to achieve this).

ii. Any user, which has full permissions on files can edit classification locally, e.g. from TS session.

As far as I can understand, the “non-administrative user can edit it” part was related to automated toolkits, which don’t need now to be run under administrative account.

2) And the last question was: can we use Orchestrator to manage classifications?

I’ve asked one of my friends, who specializes in Orchestrator, and here is what he answered me:

“i. Orchestrator can do everything that you can do in any other fashion with, say, PoSh.

ii. I bet there is more standard way to do it.

iii. It’s definitely better to use Data Classification Toolkit: Orchestrator will be a bottleneck if we have many files.”

So, the answer is “yes, but definitely not the best tool”