Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

AIP - running Execute-AzureAdLabelSync appeared to do nothing

Brass Contributor


I have Azure P1 licensing and M365 Business Premium.  I would like to use Purview/AIP for Teams/Sharepoint.  The "groups and sites" checkbox is not enabled when creating a new sensitivity label.  I followed the steps, connecting with Powershell 7, WinRM as basic, connected to exchange poweshell,  etc.  I ran "Execute-AzureAdLabelSync" several times. It did not error and returned to the prompt with no feedback. It took maybe 4/10th or a second to run, so long enough to have done something, but no error and no confirmation of success.  I am usually good at getting powershell errors, so I know one when I see it.  I am running these commands as global admin.


This page implies I have the correct license


Any ideas as to what I am doing wrong?






3 Replies
Thank you for this! I was in the same boat as you running execute-azureadlabelsync with no errors but nothing happening over the course of a week.

This worked for me:

set-executionpolicy remotesigned


Get sure you have a private Internet connection


winrm quickconfig
winrm get winrm/config/client/auth


This will enable "EnableMIPLabels" to true


Install-Module Microsoft.Graph -Scope CurrentUser
Install-Module Microsoft.Graph.Beta -Scope CurrentUser
Connect-MgGraph -Scopes "Directory.ReadWrite.All"
grpUnifiedSetting = Get-MgBetaDirectorySetting -Search DisplayName:"Group.Unified"
$grpUnifiedSetting = Get-MgBetaDirectorySetting
$Setting = Get-MgBetaDirectorySetting | where { $_.DisplayName -eq "Group.Unified"}

Copy this as a single sentence


$params = @{
    Values = @(
          Name = "EnableMIPLabels"
          Value = "true"



Validate the values are updated in params, and update the settings


Update-MgBetaDirectorySetting -DirectorySettingId $Setting.Id -BodyParameter $params


Validate they are updated


$Setting = Get-MgBetaDirectorySetting | where { $_.DisplayName -eq "Group.Unified"}


Now you can go ahead and enable Azure Label Sync, remember to use your own admin


Install-Module -Name ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement
Connect-IPPSSession -UserPrincipalName email address removed for privacy reasons


If this does not work, go ahead and read the articles, they contain the information I posted here. Some lines are just for validation and not necessarily perform a function


Good luck