AIP phased deployment


I'm working on deploying AIP for a pilot group. I followed this article

and used a security group that contains all my pilot users. Now, I'm at the point where I'm ready to publish my labels, if I publish to ALL users in tenant, will only the users in my security group see the labels? is that how this works? or should I only publish labels to the security group?




1 Reply
best response confirmed by JSlei (Contributor)

Hi@JSlei : You are correct: The onboarding controls are there for just such a case. Making sure you are onboarding only the specified users. And I understand why you ask, since the article isn't really clear on this (just says that other users won't be able to protect). I haven't tried this for a while but last time I did this the users who were not in the onboarding policy would still see the protection templates, but would not be able to apply. If they selected a template, they would see the following message: Azure Information Protection cannot apply this label. If this problem persists, contact your administrator. And it didn't matter if it was a scoped policy or not. The labels however should be hidden. And if you want to be sure, you could publish only to the pilot group.