Forum Discussion

Alexis Noel Hynson's avatar
Alexis Noel Hynson
Copper Contributor
Sep 13, 2018

AIP: Rights Management template can't be found

Hi All,

I got the below error message (screenshot) while trying to apply the confidential label i have created.  
I have set my Confidential label permissions:
   Protection:  Azure (cloud key)
   Set permissions 
     Users:  all members 
     Permission:  either of these preset permission:  Co-Owner, Co-Author, Reviewer, Viewer and Custom not working when applying this Confidential level to client ms word, excel, etc.

I have attached the screenshot of the error i encounter on client side. 

Newbie question here, do i need to create a label template in Rights Management?  I thought this right management is already the AIP? 

Thanks in advance!

 

information protection and governance
microsoft information protection
Rights Management

10 Replies

  • Dominique_SC's avatar
    Dominique_SC
    Copper Contributor
    Sep 05, 2024

    Alexis Noel Hynson 

    I had the same problem on a customer tenant.
    It is best to check with powershell command whether you have a scope on RMS.

    Connect-AipService
get-aipserviceonboardingcontrolpolicy

    If it has a scope then here is the powershell command to cancel the scope.

    Set-AipServiceOnboardingControlPolicy -UseRmsUserLicense $False -Scope Al


    It should look at the end like this:

     



  • SashaKranjac's avatar
    SashaKranjac
    MVP
    Jul 19, 2022
    Try this:
    - Open Word, for example.
    - Click Sensitivity icon
    - Click Help and Feedback
    - Click RESET SETTINGS
    - Confirm the action and restart the application.
    When Word (or any Office app) starts, will sync templates from server and it will work.
    Well it worked for me, hope it will work for you too.
  • Himanshu Singh's avatar
    Himanshu Singh
    Iron Contributor
    Apr 30, 2020

    Alexis Noel Hynson 

     

    Hello,

     

    1. I was facing the same issue, It appears to be buggy a bit

    2. It is related to AIP Client authentication and the labels in which you define permissions which means enable Encryption,

    3. As is my case Label without encryption continue to work every time

    4. So i re-launched outlook

    5. Clicked on Sensitivity Label Icon

    6. Clicked on Help and Feedback

    7. Reset Settings -> Close ->Close

    8. Close Outlook

    9. Re-Launch Outlook

    10. Waited for AIP Client Auth

    11. New Message apply any label with encryption same message

    12. Close Outlook - relaunch Outlook

    13. New message - apply label with encryption message changes it does not say template word anymore, but still shows some error

    14. if you have any label which has following check screenshot click that

    15. A small window pops-up that shows retreiving.....

    16. after which all Labels starts working fine with encryption

     

    BR,

    /HS

     

     

    • Mika1701's avatar
      Mika1701
      Copper Contributor
      Nov 17, 2020

      Hi all,

       

      when I am doing those settings manually it works. Before I have used a macro for individual file access. This is unfortunately not working anymore. Any idea's what's the reason?

      Thank you.

  • TPS01's avatar
    TPS01
    Copper Contributor
    Apr 24, 2019

    I have exactly the same issue whenever I add encryption to a label it just generates this message. It made me wonder if there are specific licence requirements that have to be added to Office365 to enable the encryption part. 

    sure enough. although office 365 E3 includes Azure Rights Management it is not enabled on your account by default. it has to be added from the Azure management portal. Once added everything works like a dream.

    • blacklistbritta's avatar
      blacklistbritta
      Copper Contributor
      May 22, 2019

      TPS01 

      Hi,
      I had the same problem with same error message, but found a solution.
      The problem is due to the Ou in which the Group which is assigned to the Policy, was created.

      Solution

      I created a second Group with same Attributes but in a different OU in my local active Directory. After email-enabling, I synchronized that Group to azure ad.

      Next step, I removed the original Group from the AIP Policy and replaced it with the second Group and saved the Change. Then, Logout the Group member and Login the user again. It works immediately.

      Hope this helps.

  • Carol Bailey's avatar
    Carol Bailey
    Icon for Microsoft rankMicrosoft
    Nov 18, 2018

    If this is the first time that this computer has tried to apply a label with protection and you have waited at least 15 minutes and still get the same problem, it sounds like the computer or your user account can't get to the protection service (Azure Rights Management).  In other words, a bootstrapping problem and there are many variables that can cause this, including your firewall configuration.  Does this happen for all computers, and all users?  Knowing that can help to narrow down the problem.

     

    Check the requirements for Azure Information Protection and if the problem persists, open a support ticket to get you up & running.

Resources