Forum Discussion

Tom-irp's avatar
Tom-irp
Brass Contributor
Jul 20, 2022

AIP - running Execute-AzureAdLabelSync appeared to do nothing

Hello

I have Azure P1 licensing and M365 Business Premium.  I would like to use Purview/AIP for Teams/Sharepoint.  The "groups and sites" checkbox is not enabled when creating a new sensitivity label.  I followed the steps, connecting with Powershell 7, WinRM as basic, connected to exchange poweshell,  etc.  I ran "Execute-AzureAdLabelSync" several times. It did not error and returned to the prompt with no feedback. It took maybe 4/10th or a second to run, so long enough to have done something, but no error and no confirmation of success.  I am usually good at getting powershell errors, so I know one when I see it.  I am running these commands as global admin.

 

This page implies I have the correct license  https://docs.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#information-governance.

 

Any ideas as to what I am doing wrong?

 

thx

 

 

 

information protection and governance
insider risk management
microsoft information protection
    • owenmurr's avatar
      owenmurr
      Copper Contributor
      Dec 06, 2022
      Thank you for this! I was in the same boat as you running execute-azureadlabelsync with no errors but nothing happening over the course of a week.
  • alfonsobatres1's avatar
    alfonsobatres1
    Copper Contributor
    Jun 25, 2024

    This worked for me:

    set-executionpolicy remotesigned

     

    Get sure you have a private Internet connection

     

    winrm quickconfig
winrm get winrm/config/client/auth

     

    This will enable "EnableMIPLabels" to true

     

    Install-Module Microsoft.Graph -Scope CurrentUser
Install-Module Microsoft.Graph.Beta -Scope CurrentUser
Connect-MgGraph -Scopes "Directory.ReadWrite.All"
grpUnifiedSetting = Get-MgBetaDirectorySetting -Search DisplayName:"Group.Unified"
$grpUnifiedSetting = Get-MgBetaDirectorySetting
$grpUnifiedSetting
Get-MgBetaDirectorySetting
$Setting = Get-MgBetaDirectorySetting | where { $_.DisplayName -eq "Group.Unified"}
$Setting.Values



    Copy this as a single sentence

     

    $params = @{
    Values = @(
       @{
          Name = "EnableMIPLabels"
          Value = "true"
       }
    )
 }

     

     

    Validate the values are updated in params, and update the settings

     

    $params.Values
Update-MgBetaDirectorySetting -DirectorySettingId $Setting.Id -BodyParameter $params

     

    Validate they are updated

     

    $Setting = Get-MgBetaDirectorySetting | where { $_.DisplayName -eq "Group.Unified"}
$Setting.Values

     

    Now you can go ahead and enable Azure Label Sync, remember to use your own admin

     

    Install-Module -Name ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement
Connect-IPPSSession -UserPrincipalName email address removed for privacy reasons
Execute-AzureAdLabelSync
Disconnect-ExchangeOnline

     

    If this does not work, go ahead and read the articles, they contain the information I posted here. Some lines are just for validation and not necessarily perform a function

     

    Good luck

Resources