At Microsoft, our goal is to provide a built-in, intelligent, unified and extensible solution to protect sensitive data across your digital estate – in Microsoft 365 cloud services, on-premises, third-party SaaS applications, and more. With Microsoft Information Protection (MIP), we are building a unified set of capabilities for classification, labeling and protection not only in Office apps, but also in other popular productivity services where information resides (e.g., SharePoint Online, Exchange Online, Power BI). Over the past year, we consistently delivered built-in capabilities in MIP. You can now use built-in labels to protect documents and emails in the latest Office apps (Word, PowerPoint, Excel, Outlook) on all platforms including the web,Mac, and Windows. Built-in labeling experiences with MIP provide a variety of benefits over a client plug-in including:
The sunset of label management in the Azure Information Protection (AIP) blade in the Azure portal and the AIP classic client is scheduled for September 30, 2021. Before the end of September, GCC and GCC-H customers need to migrate their labels from the Azure portal to the unified labeling platform in the Microsoft 365 compliance center. Also, it is highly recommended that these sovereign cloud customers upgrade from the classic client to either the native experience for Microsoft 365 Apps or the AIP unified labeling (UL) client.
Note: AIP UL scanner management will still be available in AIP portal and will not be sunset. AIP analytics logs will also be available, but we encourage customers to start using unified audit logs and activity explorer within the Microsoft 365 compliance center.
Why move to unified labeling?
Unified labeling in Microsoft 365 provides organizations an integrated and consistent approach to creating, configuring, and applying policies to protect information worker data across all locations. The introduction of centralized label management in the Microsoft 365 compliance center allows IT professionals to administer all these capabilities in one place and not have to configure them across solutions, clouds, and on-premises. Workloads that can leverage unified labeling such as Azure Information Protection unified labeling client and scanner, Microsoft 365 apps, Office for web, SharePoint, OneDrive, Microsoft Cloud App Security, Azure Purview and many more can apply these policies in a consistent manner.
What happens if I don’t migrate my labels or upgrade my AIP classic clients before the September 30th deadline?
If you do not migrate your labels before the September 30th deadline, editing labels and label policies in the Azure portal will no longer be available after that date . This includes adding, moving, or deleting labels or label policies. Administrators will only have access in a view-only mode.
For more details about the admin experience, you can look at this blog.
As for the classic client, it will continue to pull down policies from the Azure portal. However, the client will be out of support and maintenance versions will no longer be released. As of March 31st, 2022 the backend service supporting the AIP classic client will be permanently disabled.
I’m ready to migrate and upgrade, what’s next?
Existing Azure Information Protection customers will have to review their business requirements and supported features for unified labeling.
GCC: Once your requirements are confirmed, administrators will have to activate unified labeling and migrate their label and label policies from the AIP Blade in the Azure portal to the M365 compliance center, re-create their label condition and deploy a unified supported client.
GCC High: Activating unified labeling for GCC High is quite different from commercial and regular GCC environments. Commercial and regular GCC environments require administrators to navigate to the AIP blade in the Azure Portal to activate unified labeling. “Activating unified labeling” is not relevant to GCC High tenants. All GCC High tenants are already enabled for unified labeling; therefore, this step is not required. Instead, GCC High tenants require a manual migration of their AIP labels and protection templates to the Security and Compliance Center.
For more information about GCC High AIP manual migration, check out this blog.
Once you have migrated your labels, you can now start to upgrade your classic client to either the native labeling experience that is already built into Microsoft 365 apps or you can deploy the AIP UL client.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.