Azure Information Protection unified labeling client - Release management and supportability
Are you looking for Microsoft Purview Information Protection, formerly Microsoft Information Protection (MIP)?
The Azure Information Protection add-in for Office is now in maintenance mode and we recommend you use labels that are built in to your Office 365 apps and services. Learn more about the support status of other Azure Information Protection components.
This article describes the functionality added to each recent version of the unified labeling client, as well as servicing information and support timelines for each AIP unified client version.
You can download the Azure Information Protection unified labeling client from the Microsoft Download Center.
If you are looking for updates for the built-in labeling solution for Microsoft Office applications, see:
- Information protection items, such as the "Sensitivity labels" sections in What's new in Microsoft Purview risk and compliance solutions
- Protect your sensitive data with Microsoft Purview
- The Microsoft 365 roadmap, filtered for Microsoft 365 compliance items
Servicing information and timelines
As we continue to bring the customer labeling and protection experience to built-in applications like Office 365, the Azure Information Protection unified labeling client has moved into maintenance mode as of January 1, 2022. Moving forward, no new features will be added to the unified labeling client. For more information, see our TechCommunity blog.
The lifecycle of each generally available (GA) version of the Azure Information Protection unified labeling client could vary from build to build, depending on the release date of a subsequent GA version. In overall, each GA version is supported until the subsequent GA version is released, plus up to six months more, after the release of the subsequent GA version (could be less than 6 months, if the new subsequent GA version will be released within those 6 months).
For example, version 18.104.22.168 was released on Aug 2, 2021, then the next version - 22.214.171.124, was released on Jan 12, 2022. Therefore, version 126.96.36.199 is fully supported six months after Jan 12, 2022, which is Jul 12, 2022.
The documentation is updated accordingly to a client release cycle and is applicable only to the latest supported GA versions of the client. = Fixes and new functionality are always applied to the latest GA version and will not be applied to older GA versions.
Microsoft Update Catalog availability
After a short delay of typically four weeks, the latest general availability version is also included in the Microsoft Update Catalog. Azure Information Protection versions have a product name of Microsoft Azure Information Protection > Microsoft Azure Information Protection Unified Labeling Client, and a classification of Updates.
Including Azure Information Protection in the catalog means that you can upgrade the client using WSUS or Configuration Manager, or other software deployment mechanisms that use Microsoft Update.
For more information, see Upgrading and maintaining the Azure Information Protection unified labeling client.
General availability versions that are no longer supported
|Client version||Date released||Supported through|
The date format used on this page is month/day/year.
Use the following information to see the contents of each supported release of the Azure Information Protection unified labeling client for Windows. The most current release is listed first. The date format used on this page is month/day/year.
Noted Azure Information Protection features are currently in PREVIEW. The Azure Preview Supplemental Terms include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
Minor fixes are not always listed so if you experience a problem with the unified labeling client, we recommend that you check whether it is fixed with the latest GA release. If the problem remains, check the current preview version (if available).
Unified labeling scanner and client version 188.8.131.52
This version includes the following fixes for the unified labeling scanner and client:
Updating Authentication Library to MSAL
Starting in 184.108.40.206, MSAL will be the default authentication library for AIP UL client and AIP Scanner, replacing ADAL from the previous versions.
For the AIP add-in, users should see no impact as we will use token cache or the integrated Windows authentication (SSO) before prompting the use to log in again.
For the AIP PowerShell and AIP Scanner, reauthentication is required. To reauthenticate, use the PowerShell cmdlet Set-AIPAuthentication after upgrading to this version.
This version of the unified labeling client and scanner provides the following fixes:
- Fixed an issue where msg.pfile was not opening in AIP Viewer.
- Fixed an issue with the performance of
- Fixed issues with handling of IQP protected files.
- Fixed an issue with
- Fixed an issue with audit logging in AIP Viewer for protected PDFs.
- Fixed an issue with co-authoring where users could not apply labels for certain cultures with special characters (i.e. "tr-TR").
- Fixed an issue with super user protection for
Set-AIPFileLabel-RemoveProtection if label was not published by super user.
Unified labeling scanner and client version 220.127.116.11
Supported through 03/01/2023
This version includes the following new updates, fixes, and enhancements for the unified labeling scanner and client:
Increased accuracy for sensitive information types
This version of the unified labeling client provides globalization enhancements, including increased accuracy for East Asian languages and support for double-byte characters. These enhancements are provided only for 64-bit processes, and are turned off by default.
Updated audit logs for the AIP Viewer app
The Viewer app no longer generates Discover audit logs.
For more information, see:
- Azure Information Protection audit log reference (public preview)
- Analytics and central reporting for Azure Information Protection (public preview)
Scanner support for 64-bit versions only
Starting in version 18.104.22.168, the unified labeling scanner is supported only on 64-bit systems.
For more information, see Requirements for installing and deploying the Azure Information Protection unified labeling scanner.
Integrated support for MIP SDK version 1.10
This version of the Azure Information Protection client and scanner fully integrates the Microsoft Purview Information Protection Software Development Kit (SDK) version 1.10.93.
For more information, see the MIP SDK documentation.
Fixes and improvements
This version of the unified labeling client and scanner provides the following fixes and improvements:
- Enhanced support for the PFileSupportedExtensions advanced setting, to add the ability to protect only Office file types and PDF files, without configuring one specific value.
- Fixed an issue where a watermark may not be reflected correctly when a label is changed.
- Fixed an issue where Office apps may behave unexpectedly if the
colorvalue for a label has an invalid value.
- Fixed an issue where selecting permissions via the File Explorer Classify and protect option may remove email addresses from the defined permissions if multiple email addresses include an apostrophe (').
- Fixed an issue where the auto-labeling custom text tooltip configured may not display as expected in case of an AsyncPolicy applied.
- Fixed an issue when pop-ups in Outlook may behave unexpectedly when attaching an email to another, newly encrypted email.
- Fixed an issue where an AIP-related error appeared after a child label is added and scoped to Groups & Sites.
- Fixed an issue where the Delete Label icon may not appear in the Outlook classification bar when mandatory labeling is enabled across Office, but not in Outlook.
- Fixed an issue where Excel may not close completely when both the AIP add-in and other add-ins are running.
- Fixed an issue where Outlook may fail to send a message with embedded images in rich-text with rules for pop-ups in Outlook configured.
- Fixed an issue where the AIP add-in may fail to load in Office apps with language related errors.
- Fixed an issue to prevent errors from occurring when removing protection from a PST file with special characters.
- Fixed an issue where extra draft emails were kept while working with Outlook in Online mode.
- Fixed an issue where popup messages were displayed, prompting users to save changes even when no changes were made, when working with Outlook in Online mode.
- Fixed an issue where emails to external guest users could not be sent if collaboration rules for popup messages were configured.
Unified labeling scanner and client version 22.214.171.124
Supported through 09/30/2022
This version includes the following new features, fixes, and enhancements for the unified labeling scanner and client:
Built-in co-authoring support
Microsoft 365's co-authoring features are now supported directly in the main Azure Information Protection unified labeling client installation, for enabled tenants.
Co-authoring for Office apps enables multiple users to edit documents that are labeled and encrypted by sensitivity labels.
Before you start, we recommend that you review all related prerequisites and limitations. For more information, see:
- Enable co-authoring for files encrypted with sensitivity labels in the Microsoft 365 documentation.
- Known issues for co-authoring in AIP
Support for DKE labels with user-defined permissions
This version of the unified labeling client and scanner supports DKE labels with user-defined permissions in Word, Excel, and PowerPoint.
Client usage logging in the Windows event log
The unified labeling client now logs user activity to the local Windows event log.
AIP scanner: General availability support for DLP policies
Microsoft 365 Data Loss Prevention (DLP) policies are now supported with the Azure Information Protection unified labeling scanner directly in the main installation instead of a dedicated version only.
Using a DLP policy enables the scanner to detect potential data leaks by matching DLP rules to files stored in file shares and SharePoint Server.
Enable DLP rules in your content scan job to reduce the exposure of any files that match your DLP policies.
The scanner may reduce file access to data owners only, or reduce exposure to network-wide groups, such as Everyone, Authenticated Users, or Domain Users.
Scanning your files with DLP rules enabled also creates file permission reports. Query these reports to investigate specific file exposures or explore the exposure of a specific user to scanned files.
Settings for enforcing or testing the DLP policy are configured in the Microsoft Purview compliance portal.
For more information, including licensing requirements, see:
- Configure a DLP policy in the AIP scanner
- Learn about the Microsoft 365 data loss prevention on-premises scanner, in the Microsoft 365 documentation
- Get started with the data loss prevention on-premises scanner
- Use the Microsoft 365 data loss prevention on-premises scanner
Fixes and improvements - version 126.96.36.199
Fixed possibly incorrect method values in New label audit logs for Outlook events.
Fixes for possibly incorrect label and labelBefore values in Change protection audit logs.
Fixes for errors where documents may not be saved because of edits made in the labeling metadata and lack of permissions.
Fixes for possible crashes when running PowerShell cmdlets. Fix provided by updates to the Microsoft Information Protection (MIP) SDK.
Fixed errors where justification popup messages may not appear in Outlook.
Fixed errors where the AIP add-in in Outlook may cause an error message to appear, if a message file that was saved locally was opened, closed, and then opened again.
Fixed errors where visual markings may not be refreshed as expected after changing a file's label to a label with no content markings.
Fixed errors where audit logs may not be sent when a default label is applied to a document.
Fixed issues for content markings in Outlook may be duplicated.
Fixed issues where deferred messages may not be sent in Outlook when a deferral rule set is defined and the AIP client is installed.
Fixed issues where customized Outlook popup messages may not display correctly when an image is found in the email signature.
Fixed issues where Change protection audit logs may not be sent as expected when a label is removed in Outlook.
Unified labeling scanner and client version 188.8.131.52
Supported through 02/08/2022
Version 184.108.40.206 is identical to version 220.127.116.11. Due to an issue in our software packaging system, we needed to repackage this version and provide an updated version number. Users who've installed version 18.104.22.168 can be assured that have a fully supported and functional version.
This version includes the following new features, fixes, and enhancements for the unified labeling scanner and client:
- Scanner usage logging in the Windows event log
- Scanner diagnostics tool improvements
- Improved scanner details output
- Updates for the scanner's supported information types
- Fixes and improvements
Scanner usage logging in the Windows event log
The unified labeling scanner now logs user activity to the local Windows event log.
For more information, see Usage logging for the Azure Information Protection scanner.
Scanner diagnostics tool improvements
With the upgrade to version 22.214.171.124, running the Start-AIPScannerDiagnostics cmdlet with the Verbose parameter prints the last 10 errors from the scanner log.
To print more or fewer errors, use the new VerboseErrorCount parameter to define the number of errors you want to print.
For more information, see Troubleshooting using the scanner diagnostic tool.
Improved scanner details output
The unified labeling on-premises scanner has improved outputs for the following cmdlets:
|Get-AIPScannerStatus||Previously, running the Get-AIPScannerStatus command provided only high-level details of the scanner cluster status, without details per node in your cluster.
Now, you can use the NodesInfo variable and the Verbose parameter to drill down into additional levels of detail for each node.
For more information, see the Verify scanning details per scanner node and repository.
|Get-AIPScannerConfiguration||Running the Get-AIPScannerConfiguration now provides details about the current scanner configuration in addition to the online configuration settings.|
Updates for the scanner's supported information types
Beginning with version 126.96.36.199, the following sensitive information types are not scanned by the unified labeling scanner.
If you have sensitivity labels that use these sensitive information types, we recommend that you remove them.
- EU Phone Number
- EU GPS Coordinates
Fixes and improvements (188.8.131.52)
The following fixes were delivered in version 184.108.40.206 of the Azure Information Protection unified labeling client and scanner:
Improvements in loading time for the AIP add-in in Office apps.
Fixed issues in Outlook where protection wasn't removed when the label was removed, in some edge cases.
The PowerPointRemoveAllShapesByShapeName advanced setting no longer requires that you also define the ExternalContentMarkingToRemove setting. Now you can define the PowerPointRemoveAllShapesByShapeName advanced setting on its own.
Fixed an issue where an empty option would appear on customized Outlook popup messages when only two options for the user to select were configured for the popup message.
Fixed issues for opening protected .jt files in the AIP Viewer app.
Size limits for protecting files using the File Explorer and PowerShell are now updated.
Fixed issues in parsing sensitivity label policies.
Unified labeling scanner and client version 220.127.116.11
Supported through 10/29/2021
Users are now able to view protected files as expected in the following scenarios:
When protected files are shared with users who don’t have an AIP policy configured, such as external users. This issue had occurred only with the AIP Viewer app.
When content with a scoped label is shared with users or groups not included in the label's scope. This issue had occurred both with the AIP Viewer app and when viewing or classifying the shared content via the File Explorer.
For more information, see the AIP unified labeling client user guide.
For more information, see:
- Compare Azure Information Protection and MIP built-in labeling
- For users: Download and install the client
- For admins: Azure Information Protection unified labeling client administrator guide
For information about new features in the Microsoft Purview compliance portal, see: