Aug 23 2018
- last edited on
May 24 2021
I have Azure RMS enabled in my environment. I also have a few AIP licenses. So I created a few labels, some of these labels have protection enabled. I created a new user, UNLICENSED. I opened Microsoft Word, authenticated the AIP client with this UNLICENSED user. I see the labels and I am able to apply a protection label with an UNLICENSED user. I would like to know why is it that an UNLICENSED user is able to apply a protection label to a document? I cannot seem to find out any reason why is it that an unlicensed user is able to apply a label. I am hoping someone will be able to clarify that. Thanks in advance for any answers.
Aug 25 2018 10:02 AMSolution
As you discovered, the Azure Information Protection client doesn't do license enforcement.
To prevent a computer without an Azure Information Protection license from displaying labels, see https://docs.microsoft.com/en-us/azure/information-protection/configure-policy#subscription-support.
To prevent a computer without an Azure Rights Management license from displaying protection templates, use onboarding controls: https://docs.microsoft.com/en-us/azure/information-protection/activate-service#configuring-onboardin....
Aug 13 2019 05:54 AM
@thesmilingguruThe unified labeling client get its configuration from the Office 365 portal (Security & Compliance) or the Microsoft 365 Security/Microsoft 365 Compliance portal. This doesn't neccessarily mean you have to "activate" unified labeling, but it means the configuration you have (if any) in the Azure Portal (under Azure Information Protection) will not be available for your UL client.
So, to use the UL client, you need to have labels defined in the Office 365/M365 portal, either because you have created them there, or because you have activated unified labeling, and published the "synchronised" labels there.