Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Setting the default AIP classic label on a OneDrive or SharePoint Online: Document Library

Iron Contributor

Hi

 

I am supporting  a rollout of AIP "classic" labels & retention labels to both OneDrive and SharePoint.

 

One issue we have found, is not being able to set the default label for a document library. SharePoint happily sets the default retention label  through the UI or via PowerShell.

Set the Default Label.PNG

However, we have not found a way to do this using AIP "classic" labels.  Has anyone been able to do this?

9 Replies

@Daniel Westerdale AIP label integration with SPO will include this functionality and is currently in private preview. We also have a work-around in the current version by using the Label by Custom Property advanced setting in the AIP client, but given that this will be addressed natively in SPO once we release the version in preview I do not think it is worth implementing a work-around unless you need it implemented today. 

@Enrique Saggese We're trying to fulfill a similar requirement for one of our customers. Any ETA for when this will be moved from Private Preview to Preview? Cheers! 

@Enrique Saggese This is good news, thanks for being so candid.   I take you it you are referring to an updated version of the the SharePoint Online Management Shell. plus UI enhancements?   Finally, will this support cover both AIP "classic" and AIP unified labelling?  We don't mind if it is just the former ;)!  I will report back to the project team and update this post if there is an immediate requirement for the "workaround".

 

Thanks again.

@Daniel Westerdale 

The SPO changes are both on the management side (e.g. DLP integration) and the UI (web apps, list views, etc.). 

It is based on Unified Labeling, so while it right now supports documents protected with either client, the plan is to have everything moved to UL by the time this releases as GA (already the UL client has mostly feature parity to the Classic client, plus some new features). 

@Seth Weddon Unfortunately we have no timelines for a public preview at this point, the SPO team is working on addressing the issues identified during the private preview so far before moving into a broader preview program. 

@Enrique Saggese ok, Thanks for the update which I will pass on to my client. We are running a trial of AIP UL in a test tenant and  AIP "classic" in our live tenant. It is my job to run experiments and publish results to the project oversight team, to assist in the decision  on when switch over to AIP UL in live.  Unfortunately as proved in my experiments and documented in which AIP client to use,

there is a no "Do Not Forward button" wrt to the AIP UL client which is irking the business. Wonder if anyone as got an opinion on this?

@Daniel Westerdale Hi. It is correct that the UL client by default doesn't put a Do Not Forward button in the toolbar, but this should pose no obstacle for this scenario since there are multiple ways to address this.

You can customize the ribbon to show an Encrypt button right by the Sensitivity button, and configure it to apply Do Not Forward in one click (this can be done via a GPO). 

Second, you can create a label that applies Do Not Forward. While this option is not shown yet in the UL management console in SCC, you can set it for a label in the AIP management console and if you have enabled Unified Labeling it will show up in the UL client. You can also configure it via SCC PowerShell if you don't want to use the AIP management console. 

Finally, you can use Unified Labeling while still having deployed the Classic client. Both can coexist if you enable Unified Labeling migration, and they will show the same labels since once you enable migration all labels are sourced from a common repository, even if they can be managed through two different consoles and can be viewed from the UL client, from the AIP client, and from all built-in clients (e.g. Mac, iOS, Android and, as discussed, in the SharePoint preview).

I know this last point can be confusing, but it is important to highlight that using Unified Labeling doesn't require moving *everything* to UL, you can continue using the classic client for as long as it meets your needs better, while using UL for what it supports best (e.g. SharePoint). 

HTH

@Enrique Saggese  I think I can see where you are coming from.  We don't  have  ( nor should) need  2  separate AIP clients installed on our Windows Build , just the AIP "Classic".  The AIP"classic"  support will be available natively  in Office 365 desktop and Online .   The AIP  UL  support is targetted at SharePoint incl the SPO defaults we have been talking about on this thread.  Hmmmm let see what the project team think....

@Enrique Saggese Are there any updates the GA rollout  of   sensitivity labels: functionality tested in the private preview.  We are assisting users to be able  set multiple retention labels through the UI ,so it would be nice if we offer a similar level of usability wrt Sensitivity labels.  Also from an admin perspective, to be able  set the Sensitivity labels at the default library or folder level  with PowerShell or Flow.