Labels - O365 vs AIP


We want to allow users to labels documents/emails. We have defined our labels and I am looking at where I can set this up and I am not sure which road to take in order to achieve it.


We want labels like restricted, confidential, personal or public, that would prevent documents from being shared externally, non-readable without defined access, maybe force encryption for confidential ones, no auto-labeling required for now,...


We have Microsoft 365 E3 licenses which include:

  • Office 365 E3

  • Windows 10 Enterprise E3

  • Enterprise Mobility + Security E3

So I have access to Azure Information Protection and was wondering whereas I should choose the AIP road of the O365 Security and Compliance - Classifications road...


With the introduction of sensitivity labels I am reading articles that suggest that AIP is shifting towards O365


I have installed the AIP client and I can already see the Protect icon with the default AIP labels so we are enabled for AIP without further configuration. Looking at the features in AIP with our AD premium P1 subscritpion it looks much more rich than the labels in O365:


So my first impression would be to go for AIP.


Can someone please provide some guidance?





3 Replies

The way forward is the "unified" labels that you can configure in the SCC, but they surely are taking their time with it (and already made a big change as to what "unified" is supposed to be). So unless you need any specific feature that only AIP labels currently support and don't have any time to wait for them to port it, I'd say stick with the O365/SCC labels.

Is the AIP client still relevant?


I am starting testing it on my computer and the add-ins in Outlook, Word,...look nice to make it easy for users. But the labels that the client show are the AIP default labels available in Azure AD, not the ones from O365 Security & Compliance... 



Yes, it is useful for many scenarios, see for some detailed information