Share via

AIP for users Not synced

mohanad hassan 46 Reputation points
2021-04-03T21:31:50.96+00:00

Hi everyone, I'm trying to implement Azure information protection [AIP] in my environment before deployment and I have a question:
I have installed Azure AD Connect With ADFS Authentication on the AD server to be able to use AIP. I have not synced all the users to the cloud for security/privacy reasons. The problem I found is that users not synced with Azure AD Connect [not on the cloud] can't use AIP and I get that error “AADSTS51004: The user account * does not exist in the * directory”. Are there any workaround for this issue?

Azure Information Protection
Azure Information Protection
An Azure service that is used to control and help secure email, documents, and sensitive data that are shared outside the company.
560 questions
0 comments
Accepted answer
  1. James Hamil 27,216 Reputation points Microsoft Employee Moderator
    2021-04-05T21:21:14.273+00:00

    Hi @mohanad hassan , I unfortunately do not think this is possible with your current setup. The FAQ says that the two solutions for on-prem scenarios are:

    • Deploy the Rights Management Connector on-prem
    • Synchronize the AD Domain Controllers with AAD

    But in the prerequisites to the Rights Management Connector, it says that you still need to synchronize with Azure AD. It's a cloud solution so it needs to be hybrid at minimum.

    Please let me know if you have any questions! If this answer helped you, please mark it as "Verified" so other users may reference it.

    Thank you,
    James

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.