1) One of the attendees of the hands-on lab on Dynamic Access Control had read that a normal user (without administrative permissions) can classify files and folders. However, he hadn’t succeeded in achieving it. Here is what I tried and understood:
i. Any user cannot change classification via explorer remotely (or at least I failed to achieve this).
ii. Any user, which has full permissions on files can edit classification locally, e.g. from TS session.
As far as I can understand, the “non-administrative user can edit it” part was related to automated toolkits, which don’t need now to be run under administrative account.
2) And the last question was: can we use Orchestrator to manage classifications?
I’ve asked one of my friends, who specializes in Orchestrator, and here is what he answered me:
“i. Orchestrator can do everything that you can do in any other fashion with, say, PoSh.
ii. I bet there is more standard way to do it.
iii. It’s definitely better to use Data Classification Toolkit: Orchestrator will be a bottleneck if we have many files.”
So, the answer is “yes, but definitely not the best tool”