Aug 13 2020
03:31 AM
- last edited on
May 24 2021
03:14 PM
by
TechCommunityAP
Aug 13 2020
03:31 AM
- last edited on
May 24 2021
03:14 PM
by
TechCommunityAP
Hi All,
I have created a AIP UL label called "Secret" and published the label policy for a scoped/targeted users ( group of users) , but when a user (who is not on the scoped group) goes to the outlook under the "Encrypt this item" she can see this scoped label.
Can someone tell me why is that, I was under the impression only the scope users will be able to see this label.
The set of labels are as follows-
Secret label - has encryption
Internal - Dont have any encryption <- why this label is not display under this Encrypt
Classified - Dont have any encryption <- why this label is not display under this Encrypt
But when I go to Outlook sensitivity on the outlook ribbon, user s can see the labels as expected.
Thanks.
Aug 13 2020 05:05 AM
Hi, would you be able to post some screen shots of the Label and Label policy settings please - specifically in regards to assigning permissions to users and groups? This would be helpful to see. Thank you.
Aug 13 2020 06:12 AM
Thank you very much, much appreciate your help, please see the screen shot of the label settings and policy.
Aug 13 2020 06:59 AM
Hmm, that all looks in order to me. The only thing I can think of is to check that there are no conflicting labels or policies which may be assigning permissions for the Secret label to the user who should not have it?
Aug 13 2020 07:06 AM
I m also confuse, no conflict policy as we are testing this only with POC user group and all policies has been assigned to this group only. I have cheek it multiple times.
Are there any way to find a specific label is public using powershell, so I can run and see is this Label is public?
Thanks.
Aug 13 2020 07:24 AM
I don't think PowerShell will be much help here as you only have the option with Unified Labelling to Set-AIPFilelabel, you don't have the option to Get-AIPFileLabel. You can Get-AIPFileStatus but this is not going to help you here.
I'd recommend opening a ticket with Microsoft as the next step and ask them to check into this for you.