Can you remove Sensitivity Labels for a user after deploying AIP UL client and Office 2016 apps?

%3CLINGO-SUB%20id%3D%22lingo-sub-874043%22%20slang%3D%22en-US%22%3ERe%3A%20Can%20you%20remove%20Sensitivity%20Labels%20for%20a%20user%20after%20deploying%20AIP%20UL%20client%20and%20Office%202016%20apps%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-874043%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F48019%22%20target%3D%22_blank%22%3E%40Calum%20Steen%3C%2FA%3E.%20To%20make%20sure%20AIP%20is%20rolled%20out%20to%20certain%20users%20we%20use%20onboarding%20controls.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fmodule%2Faipservice%2Fset-aipserviceonboardingcontrolpolicy%3Fview%3Dazureipps%26amp%3BWT.mc_id%3Demail%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fmodule%2Faipservice%2Fset-aipserviceonboardingcontrolpolicy%3Fview%3Dazureipps%26amp%3BWT.mc_id%3Demail%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20it%20says%20here%3A%20Example%201%3A%20Restrict%20Azure%20Information%20Protection%20to%20users%20who%20have%20a%20license%20and%20are%20members%20of%20a%20specified%20group%3C%2FP%3E%3CPRE%3EPS%20C%3A%5C%26gt%3B%20%3CSPAN%20class%3D%22hljs-pscommand%22%3ESet-AipServiceOnboardingControlPolicy%3C%2FSPAN%3E%3CSPAN%20class%3D%22hljs-parameter%22%3E%20-UseRmsUserLicense%3C%2FSPAN%3E%20%3CSPAN%20class%3D%22hljs-literal%22%3E%24True%3C%2FSPAN%3E%3CSPAN%20class%3D%22hljs-parameter%22%3E%20-SecurityGroupObjectId%3C%2FSPAN%3E%20%3CSPAN%20class%3D%22hljs-string%22%3E%22fba99fed-32a0-44e0-b032-37b419009501%22%3C%2FSPAN%3E%3CSPAN%20class%3D%22hljs-parameter%22%3E%20-Scope%3C%2FSPAN%3E%20All%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-870217%22%20slang%3D%22en-US%22%3ECan%20you%20remove%20Sensitivity%20Labels%20for%20a%20user%20after%20deploying%20AIP%20UL%20client%20and%20Office%202016%20apps%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-870217%22%20slang%3D%22en-US%22%3E%3CP%3EWe're%20piloting%26nbsp%3BSensitivity%20Labels%20in%20Office%202016%20apps%20by%20using%20the%20AIP%20UL%20client%3B%20this%20has%20been%20deployed%20to%2012%20people%20using%20SCCM%2C%20the%20same%2012%20are%20in%20the%20emailed-enabled%20group%20to%20whom%20we've%20published%20the%20policy.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20now%20removed%202%20people%20from%20the%20policy%20group%2C%20but%20Labels%20are%20still%20showing%20in%20Outlook.%20It%20looks%20like%20publishing%20is%20a%20'one%20way'%20option.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20these%20be%20Labels%20removed%20without%20using%20SCCM%20to%20remove%20the%26nbsp%3BAIP%20UL%20client%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-870217%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EInformation%20Protection%20%26amp%3B%20Governance%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Information%20Protection%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ERights%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Occasional Contributor

We're piloting Sensitivity Labels in Office 2016 apps by using the AIP UL client; this has been deployed to 12 people using SCCM, the same 12 are in the emailed-enabled group to whom we've published the policy.

 

I've now removed 2 people from the policy group, but Labels are still showing in Outlook. It looks like publishing is a 'one way' option.

 

Can these be Labels removed without using SCCM to remove the AIP UL client?

1 Reply
Highlighted

Hi@Calum Steen. To make sure AIP is rolled out to certain users we use onboarding controls.

https://docs.microsoft.com/en-us/powershell/module/aipservice/set-aipserviceonboardingcontrolpolicy?...

 

As it says here: Example 1: Restrict Azure Information Protection to users who have a license and are members of a specified group

PS C:\> Set-AipServiceOnboardingControlPolicy -UseRmsUserLicense $True -SecurityGroupObjectId "fba99fed-32a0-44e0-b032-37b419009501" -Scope All