Hi,
We're in the process of configuring sensitivity labels via AIP.
For my admin account (which has view only, and is elegible for Exchange Recipiet administrator), we've enabled membership to the superusers in AIP.
My account appears in the list via Get-AipServiceSuperUser
The status is enabled when I launch Get-AipServiceSuperUserFeature
When I try to remove a label from a file however, I get the error :
InvalidOperation: (C:\temp\TestEncr.docx:String) [Set-AIPFileLabel], NoPermissionsException
Can someone let me know why I get the error, altough I'm a superuser?
The requirements aren't clear to us, and furthermore we see some contradictions.
If I enable superuser functionality on my normal user (no rights at all in M365); I can't even connect, and get the error :
Connect-AipService : The attempt to connect to the Azure Information Protection service failed. Verify that the user name and password you are using are correct and try again. If you have continued problems, see http://go.microsoft.com/fwlink/?LinkId=251909.
The second problem isn't related to the first one, but I do see some requirements in the solution mentioned for the second problem :
https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/fail-connect-azure-information-protection-powershell
In this article it states :
Cause
This issue occurs if one or more of the following conditions are true:
You entered the wrong user name or password.
You aren't a company administrator.
You don't have a subscription that includes Azure Information Protection.
The network is preventing you from connecting to Azure Information Protection.
It's the "you aren't a company administrator" that I find remarkable.
What do they mean with that? And is that the reason my admin superuser account is failing?