Jul 11 2019
- last edited on
Feb 19 2021
I am having trouble configuring sub labels in Azure Information Protection. From all I have read this should be possible.
I would like to have a hierarchy of labels as follows:
Within Confidential I would like to have sub labels for different departments so for example:
Each department would only see their own confidential label.
I have configured these in AIP - Labels but if I choose one sub label and apply it to a policy I can not select the other sub label in a different policy.
See example below:
All labels are now greyed out
Am I missing something?
Jul 12 2019 03:48 AMSolution
I've actually worked this out now but it is not entirely obvious from the guides.
If you want to use targeted policies within a hierarchy as described you must apply the top level of the hierarchy to the 'Global' policy and not to one below.
This is tricky in some environments such as Education where I do not really want to apply AIP at all to the Students in the school but I have now set the Global policy to have the Confidential and the Highly Confidential labels and nothing else. I can now make stacked targeted policies that use these folders.