Azure Information Protection
An Azure service that is used to control and help secure email, documents, and sensitive data that are shared outside the company.
516 questions
AIP, Purview, DKE problem (Double Key Encryption is obsolete and not supported?????)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 40%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPB%3C/text%3E%3C/svg%3E)
Pothitos Baikas
1
Reputation point
I am following the article below for deploying the DKE service. The configuration in the Purview section of the tenant is correct with label configured for DKE and the label published.
https://learn.microsoft.com/en-us/microsoft-365/compliance/double-key-encryption?view=o365-worldwide
The client (a Windows 10 VM, with Office 365 installed, AIP UL Clinet installed and registry settings applied) is used for the testing.
Also the DKE service is deployed and properly configured as an Azure Service App (also tested using the PS script)
The protection of the documents in the Windows 10 VM, was (theoretically) taking place without problems, since the label published was available -everything was running smoothly, OR SO I THOUGHT, please see the next paragraph.
While trying to change the source code of the DKE service (to accept users from Azure AD groups instead from an on-premises AD domain) I tried to attach to the process to check my implementation. I was extremely surprised that I could not attach to the process, however the Protection on the VM was still working. That's when I suspected that something was completely wrong and I decided to stop the Service App. What I found out was that the Windows 10 client was still protecting documents without taking into account the DKE configuration in Purview.
I opened a ticket to the M365 support, thinking that this could be a M365 problem. I also opened a ticket to the Azure support, because it can be an AIP problem. None was able to support, instead they re-directed here to ask a question.
Any ideas on what and how to troubleshoot will be greatly appreciated.
{count} votes
-
Pothitos Baikas 1 Reputation point
2022-11-10T21:02:50.41+00:00 A small but important correction. I wrote that I could not attach to the process - this is not correct, since I was able to attach to the process, but the endpoint that serves the Public key was never reached - I expected that the endpoint would be reached for both methods available in the endpoint
BR
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Givary-MSFT 27,966 Reputation points Microsoft Employee2022-11-15T08:17:14.67+00:00 @Pothitos Baikas Apologies for the delay in reviewing this post, please help me with the case numbers which you with our team so that i can go through details and check with them.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 69%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBP%3C/text%3E%3C/svg%3E)
Baikas Pothitos 1 Reputation point2022-11-15T09:41:45.543+00:00 The ticket numbers are 2211030050001399 (Azure Support) and 33588894 (M365 support) -I hope that I remember them correctly. However I do not expect that you will find more information there. I suggest that you stick with the problem description I provided above.
Thank you
-
Givary-MSFT 27,966 Reputation points Microsoft Employee
2022-11-15T16:55:28.253+00:00 @Baikas Pothitos Thank you for sharing the case numbers and researched on your query and discussed the same with our team as well.
To start with
you can review AIP UL Client logs.
compare the policy.xml to the file status of a test/impacted file to see if what encryption is on it?Also, wanted to check do you have Azure support contract which you can use to open a case for this issue?
Sign in to comment