Changes to Azure Information Protection – action required

In the second half of 2019 Microsoft will add Native labelling support in to Office 365 (click to run) Pro Plus on Windows.

This means if you have Sensitivity labels in the Office 365 Security and Compliance Centre, no AIP client will be required to use them in Office. However there are valid reasons why a customer may still be using labels configured in the AIP portal in Azure in conjunction with the AIP client add in and may not have migrated labels to Office 365; currently the Office 365 Sensitivity labels have a limited set of functionality.

In the updated Office 365 Pro Plus version the default behaviour will be for Office 365 labelling, and the AIP add in will be DISABLED by default.

This could mean that a customer using this Office version who has labels configured in the Azure Portal will see no labels after Office updates, until they either migrate labels to Office 365 or perform a registry change.

Microsoft therefore recommend for such scenarios applying the following registry change NOW via GPO if there is a requirement to keep using the AIP client.

HKEY_CURRENTUSER\Software\Microsoft\Office\16.0\Common\Security\Labels

Create a new REG_DWORD value that is named UseOfficeForLabelling and set the value data to o

Other Pro Plus versions (2010/2013/2016/2019) will still use the AIP client by default.

 

About the author