Apr 23 2020
07:00 AM
- last edited on
May 24 2021
02:09 PM
by
TechCommunityAP
Apr 23 2020
07:00 AM
- last edited on
May 24 2021
02:09 PM
by
TechCommunityAP
Hey guys,
We just installed Azure Information Protection Client in our environment. We are using onPremise AD with PTA and seamless SSO. Everything is working great except the onetime Authentication prompt to AIP, when starting an Office app. We just have to supply the username and the rest is working automatically.
I have read through the documentation but could not find a hint.
All other services such as portal.office.com are working without any prompts, so seamless SSO is clearly not the problem.
Thank you very much for your help!
Apr 23 2020 07:51 AM
Are the AIP IP addresses being allowed through your firewall?
The Azure Information Protection service also depends on two specific IP addresses:
As per - https://docs.microsoft.com/en-us/azure/information-protection/requirements
Apr 23 2020 09:57 AM
Seamless SSO it client-dependent, not every application support it. Some apps deliberately provide you with a prompt, to address scenarios where you might be using more than one id/tenant.
That said I'm not sure whether this is "expected" with the AIP client, might be a good uservoice suggestion if not 🙂
Apr 23 2020 11:40 PM
Thanks for the tip. Yeah these IP adresses are allowed.
Thanks, any idea where to check if it is an "exptected" behavior :)?
Apr 24 2020 01:43 AM
Just to clarify, does this happen every time you open an Office client app such as Word or Excel? If so, then I don't believe this is expected behaviour.
Apr 24 2020 09:01 AM
Apr 24 2020 09:05 AM
Apr 30 2020 02:31 AM
@Reto Gobat Few tips on this:
- Is the Information Protection app triggered in any Conditional Access rule? Take a look a that.
- try adding *.Protection.Outlook.com to your list of trusted sites (or intranet zone)
May 11 2020 07:47 AM
Thank you for you reply.
- No AIP ist not part of any Conditional Access Policies
- Unfortunately adding *.protection.outlook.com does not help