Using Sub Labels with different groups

New Contributor

I am having trouble configuring sub labels in Azure Information Protection. From all I have read this should be possible.


I would like to have a hierarchy of labels as follows:





Highly Confidential


Within Confidential I would like to have sub labels for different departments so for example:



-> Finance

-> HR


Each department would only see their own confidential label.


I have configured these in AIP - Labels but if I choose one sub label and apply it to a policy I can not select the other sub label in a different policy.


See example below:


label list.png

All labels are now greyed out



Am I missing something?





1 Reply
best response confirmed by Chris Thackray (New Contributor)

I've actually worked this out now but it is not entirely obvious from the guides.


If you want to use targeted policies within a hierarchy as described you must apply the top level of the hierarchy to the 'Global' policy and not to one below.


This is tricky in some environments such as Education where I do not really want to apply AIP at all to the Students in the school but I have now set the Global policy to have the Confidential and the Highly Confidential labels and nothing else. I can now make stacked targeted policies that use these folders.