Share via

How do I set it up correctly MIP (Microsoft Information Protection), AIP (Azure Information Protection)?

_KUL 286 Reputation points
2022-01-14T02:09:05.96+00:00

Hello!
We in the organization have on-premise AD RMS (without synchronization to the cloud).
We have Office 365 and an Azure AD domain. Hybrid synchronization of AD -> AD is configured.
Our organization has users with office programs Office 2016/2019/365.
I want to set up Azure Information Protection. The portal informs me that AP client end-of-life on April 1, 2021. Ok, on the portal https://compliance.microsoft.com/informationprotection I'm turning on unified labeling.
What should I do next?
Does the documentation say that unified labeling is only available in Office 365?
https://learn.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide#sensitivity-label-capabilities-in-word-excel-and-powerpoint
To support older versions of Office 2016/2019, do I need to use the following instructions?
https://learn.microsoft.com/en-us/azure/information-protection/rms-client/clientv2-admin-guide-install
How to set up correctly so that policies are assigned to Office on-premise clients and external ones through the compliance portal?
Where is the correct and up-to-date documentation?
What are the right tools to use for administration?
AIP and Azure RMS are no longer supported and all documentation is considered not up-to-date?

Azure Information Protection
Azure Information Protection

An Azure service that is used to control and help secure email, documents, and sensitive data that are shared outside the company.

Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. _KUL 286 Reputation points
    2022-01-21T05:38:16.52+00:00

    Brief steps for implementing AIP and Information protection

    1. Install PowerShell modules
      Install-Module -Name AIPService
    2. Enable RMS for AIP
      https://learn.microsoft.com/en-us/azure/information-protection/activate-service#activate-protection-via-powershell
      Enable-AipService
      Get-AipServiceConfiguration
    3. Enable Unified labels on the Azure portal
      On the portal https://portal.azure.com in the section "Azure Information Protection | Unified labeling" we perform activation.
    4. Enabling Information protection
      https://compliance.microsoft.com/informationprotection
    5. Install the add-on on AzInfoProtection_UL client computers
      https://www.microsoft.com/en-us/download/details.aspx?id=53018
    6. Add labels and create a policy that activates labels
      Moving on https://compliance.microsoft.com/informationprotection
      Go to the "Labels" section and create the elements.
      In the "Label policies" section, create an activation policy.
    7. Assign Sensitivity
      Through the Office 365 or Office 2013/2016/2019 + AzInfoProtection_UL applications, we assign "Sensitivity" to documents
    8. Starting to read the MIP documentation
      https://learn.microsoft.com/en-us/microsoft-365/compliance/information-protection?view=o365-worldwide

    Was this answer helpful?

    0 comments
  2. Marilee Turscak-MSFT 37,396 Reputation points Microsoft Employee Moderator
    2022-01-14T22:56:54.227+00:00

    Hi @_KUL ,

    Yes, the Azure Information Protection unified labeling client installation guide would be the correct guide to follow if you are starting from scratch. The recommendation is to use the unified labeling client since Azure Information Protection is going away soon, like you mentioned.

    If you want to use an older version of Office, you can confirm that the software dependencies are in place and download the Azure Information Protection unified labeling client (AzInfoProtection_UL) from the Microsoft Download Center

    You can use a Global administrator, Compliance administrator, Compliance data administrator, or Security administrator account to manage the labels. The details of the roles that are supported in the unified labeling client are documented in the Administrative roles that support the unified labeling platform section of the migration guide.

    Let me know if this helps at all.

    Thanks,

    Marilee

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.