MCAS - Limit of 50 File Policies

Regular Visitor

A while a go I setup a process for our support engineering team to configure AIP integration with SharePoint Teams for specialised project teams. Each project team needs their own customised AIP labels with access restricted to selected internal and external recipients.

When a user requests a project team be setup, the following actions are performed

  • An internal only Office 365 group is created including a sharepoint document library
  • Another external Office 365 group is created for external users (guests) and member ship is managed by selected internal owner.
  • An AIP internal label is created with access restricted by encryption to users of internal group only
  • An AIP external label is created with access created with internal users and external users based on external group
  • A MCAS file policy is created which automatically applies Internal AIP label to files stored in internal document library
  • A MCAS file policy is created which automatically applied the external AIP label to files stored in the external document library

This has mostly been working well until recently when an attempt to create a new file policy failed. It reports that MCAS has a limit of 50 file policies per tenancy. This therefore prevents any further project teams from being  provisioned unless some older ones are removed.


We had trouble finding details on this 50 policy limit but a support ticket confirmed that the limit exists and it cannot be increased.


Are there any workarounds or alternatives that can still apply our AIP encryption labels?




2 Replies

@Simon Payne 




The 50 limit is unfortunately a hard limit. We are currently working on improvements that should solve your issues. We'll provide details on Techcommunity when available.

@Sebastien Molendijk Any update on this question? Many organizations have a need to auto-apply sensitivity labels based on location, and this limit makes the file policy approach not scalable.