Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Using Multiple Email Accounts and AIP labeling

Steel Contributor

I have two email accounts signed into Outlook (365 ProPlus, Insider track). Account #1 is my main account that I use as my daily driver. Account #2 is a random admin account. Whenever I apply an AIP label onto a new email is says "Permission Granted by Account #2", even though I'm sending it from Account #1. When I click the "Protect" drop down on a new email and select "Help and Feedback" it says "Connected as Account #1". This is causing me issues because when I go back into my sent items folder and view the permissions on the item it says I don't have owner permissions and therefor don't have rights to edit permissions or revoke the message. I think this has something to do with the order that I signed into my Office accounts when I opened Outlook the first time. I signed into Account #1 first and Account #2 last. The default should be to force permissions to be applied from the account sending the email, and not the last one signed into Outlook. Will be opening a ticket on this too, just wanted to post it here in case anyone else was having similar problems.

1 Reply
best response confirmed by Paul Youngberg (Steel Contributor)
Solution

The problem is that you can only configure the AIP client/add-in with a single account. Unlike with RMS, where Outlook will happily connect to multiple servers using multiple IDs. Sadly, the team has no plans of supporting multiple IDs, even though we've brought it up several times. There's also an open UserVoice item: https://msip.uservoice.com/forums/600097-azure-information-protection/suggestions/19602148-the-aip-c...

 

In any case, for your particular scenario you can simply open the settings and use the Reset Settings option. If that doesn't re-trigger the authentication process, you will have to clear the local cache and credentials. Last time I had to do this, I followed this process: https://www.michev.info/Blog/Post/1822/clearing-aip-client-and-powershell-module-token-cache

1 best response

Accepted Solutions
best response confirmed by Paul Youngberg (Steel Contributor)
Solution

The problem is that you can only configure the AIP client/add-in with a single account. Unlike with RMS, where Outlook will happily connect to multiple servers using multiple IDs. Sadly, the team has no plans of supporting multiple IDs, even though we've brought it up several times. There's also an open UserVoice item: https://msip.uservoice.com/forums/600097-azure-information-protection/suggestions/19602148-the-aip-c...

 

In any case, for your particular scenario you can simply open the settings and use the Reset Settings option. If that doesn't re-trigger the authentication process, you will have to clear the local cache and credentials. Last time I had to do this, I followed this process: https://www.michev.info/Blog/Post/1822/clearing-aip-client-and-powershell-module-token-cache

View solution in original post