Unable to remove a label from a file with AIP superuser account

Dimitri Goossens 21 Reputation points
2023-10-06T07:49:03.1033333+00:00

Hi,

We're in the process of configuring sensitivity labels via AIP.

For my admin account (which has view only, and is elegible for Exchange Recipiet administrator), we've enabled membership to the superusers in AIP.

My account appears in the list via Get-AipServiceSuperUser

The status is enabled when I launch Get-AipServiceSuperUserFeature

When I try to remove a label from a file however, I get the error :

InvalidOperation: (C:\temp\TestEncr.docx:String) [Set-AIPFileLabel], NoPermissionsException

Can someone let me know why I get the error, altough I'm a superuser?

The requirements aren't clear to us, and furthermore we see some contradictions.

If I enable superuser functionality on my normal user (no rights at all in M365); I can't even connect, and get the error :

Connect-AipService : The attempt to connect to the Azure Information Protection service failed. Verify that the user name and password you are using are correct and try again. If you have continued problems, see http://go.microsoft.com/fwlink/?LinkId=251909.

The second problem isn't related to the first one, but I do see some requirements in the solution mentioned for the second problem :

https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/fail-connect-azure-information-protection-powershell

In this article it states :

Cause

This issue occurs if one or more of the following conditions are true:

You entered the wrong user name or password.

You aren't a company administrator.

You don't have a subscription that includes Azure Information Protection.

The network is preventing you from connecting to Azure Information Protection.

It's the "you aren't a company administrator" that I find remarkable.

What do they mean with that? And is that the reason my admin superuser account is failing?

Azure Information Protection
Azure Information Protection
An Azure service that is used to control and help secure email, documents, and sensitive data that are shared outside the company.
521 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Givary-MSFT 28,576 Reputation points Microsoft Employee
    2023-10-09T08:07:44.5566667+00:00

    @Dimitri Goossens Thank you for reaching out to us, As I understand you are trying to remove a label from a file with AIP superuser account.

    When I try to remove a label from a file however, you get the following error :

    InvalidOperation: (C:\temp\TestEncr.docx:String) [Set-AIPFileLabel], NoPermissionsException

    I have researched on this, found one case in the past, where by adding primary email address to the super users group has resolved the issue, would request you to follow the steps mentioned here - https://learn.microsoft.com/en-us/azure/information-protection/configure-super-users

    Let me know if this helps to resolve your issue or not.

    1 person found this answer helpful.