Share via

Is there any tangible risks associated with enabling AIP for Sharepoint Online?

Hubbard, Christopher M 20 Reputation points
2025-04-02T18:47:08.3066667+00:00

Good day to you!

My company will soon be enabling Azure Information Protection (AIP) along with some testing of sensitivity labels for Sharepoint Online via this method https://learn.microsoft.com/en-us/purview/sensitivity-labels-sharepoint-onedrive-files 

Is anyone aware of any possible risks of this change, and any risk in a possible rollback of this option to remove AIP? We will not be applying any labels to live data, just testing data for now. Thank you for your time!

Azure Information Protection
Azure Information Protection
An Azure service that is used to control and help secure email, documents, and sensitive data that are shared outside the company.
560 questions
0 comments
Accepted answer
  1. Ganesh Gurram 7,295 Reputation points Microsoft External Staff Moderator
    2025-04-02T19:10:27.9433333+00:00

    @Hubbard, Christopher M

    Enabling Azure Information Protection (AIP) and testing sensitivity labels in SharePoint Online is a strategic approach to safeguarding your organization's data. While this process is generally safe, it's important to be aware of certain considerations:​

    Known Issues and Limitations:

    Container Files - AIP can classify and protect container files (e.g., .zip, .rar). However, the protection isn't applied to each file within the container. To modify the classification or protection of individual files, they must be extracted first.

    Digital Signing and Encryption Solutions - AIP cannot protect or decrypt files/emails that are digitally signed or encrypted with other solutions, such as S/MIME.

    Watermarks - When adding a watermark to a label, using font size one automatically adjusts to fit the page. Other font sizes will use the specified size, which may not fit as intended. ​

    Reference: https://learn.microsoft.com/en-us/azure/information-protection/known-issues

    Rollback Considerations:

    Disabling AIP does not automatically remove labels applied to files. If encryption was used, users might still experience access issues. Additionally, data protection policies tied to labels, such as retention or Data Loss Prevention (DLP), may be affected upon removal of AIP.

    Reference: https://learn.microsoft.com/en-us/azure/information-protection/faqs

    Recommendations:

    Testing Environment - Conduct initial tests in a controlled environment with non-production data to observe the effects of AIP policies.​

    User Training - Educate users about the implications of sensitivity labels and encryption to ensure smooth adoption and minimize potential access issues.​

    Monitoring - Utilize activity logs to monitor the impact of labeling and protection policies, allowing for timely adjustments if necessary.​

    For comprehensive guidance, refer to Microsoft's official documentations:

    https://learn.microsoft.com/en-us/purview/sensitivity-labels-sharepoint-onedrive-files#sharepoint-information-rights-management-irm-and-sensitivity-labels

    https://learn.microsoft.com/en-us/purview/deploymentmodels/depmod-securebydefault-phase3#automate-and-improve-microsoft-365-protection-to-historical-and-in-use-data

    https://learn.microsoft.com/en-us/sharepoint/deploy-file-collaboration#securing-your-data

    Sensitivity Labels in SharePoint and OneDrive.

    Hope this helps. Do let us know if you have any further queries.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.