Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Outlook Encryption and AIP UL

Brass Contributor

Hi All,

I have created a AIP UL label called "Secret" and published the label policy for a scoped/targeted users ( group of users) , but when a user (who is not on the scoped group) goes to the outlook under the "Encrypt this item" she can see this scoped label.

Can someone tell me why is that, I was under the impression only the scope users will be able to see this label. 

 

outlook.png

The set of labels are as follows-

Secret label - has encryption

Internal - Dont have any encryption <- why this label is not display under this Encrypt 

Classified - Dont have any encryption <- why this label is not display under this Encrypt 

 

But when I go to Outlook sensitivity on the outlook ribbon, user s can see the labels as expected. 

sensitivity.png

 

Thanks. 

6 Replies

@pradeepg290 

 

Hi, would you be able to post some screen shots of the Label and Label policy settings please - specifically in regards to assigning permissions to users and groups?  This would be helpful to see.  Thank you.

@PeterRising 

 

Thank you very much, much appreciate your help, please see the screen shot of the label settings and policy.

policy.png

@pradeepg290 

 

Hmm, that all looks in order to me.  The only thing I can think of is to check that there are no conflicting labels or policies which may be assigning permissions for the Secret label to the user who should not have it?

@PeterRising 

I m also confuse, no conflict policy as we are testing this only with POC user group and all policies has been assigned to this group only. I have cheek it multiple times. 

Are there any way to find a specific label is public using powershell, so I can run and see is this Label is public?

 

Thanks. 

@pradeepg290 

 

I don't think PowerShell will be much help here as you only have the option with Unified Labelling to Set-AIPFilelabel, you don't have the option to Get-AIPFileLabel.   You can Get-AIPFileStatus but this is not going to help you here.

 

I'd recommend opening a ticket with Microsoft as the next step and ask them to check into this for you.

@PeterRising 

Thanks Peter.