Azure RMS to AIP Unified Label Migration 2

We will see how to covert the existing Azure RMS Templates into Azure Information Protection Classic Labels, what will happen if we publish the classic labels and the test cases when using AIP Classic labels.

On the first part of this post, I had 3 RMS Templates for Information Protection as shown below and the plan is to convert them as Azure Information Protection Classic Labels.

To convert those Templates into Azure Information Protection Classic Labels, you can select the template click the 3 dots to convert those templates as Classic Labels. I have converted all the Templates into Labels.

I did not publish the classic Labels and the plan is to migrate the classic labels to Unified Label and then publish the Unified Label to end users. In addition, the Unified Labelling Client pushed to endpoints.

To re initiate the Azure Information Protection Bootstrapping, I have closed all the Office applications and deleted all the files from MSIPC and MSIP folders and if you open the Word or Excel for the first time, the initial bootstrapping process to get the Templates and policies will happen automatically.

Once the bootstrap happened, you will see the below files that is required for Information Protection to work on your machines.

However, the RMS Templates converted into classic labels, behind the scenes the templates exists as like before. If the converted labels published, then those Labels will show in Office applications. If not, only the templates available for user to select and protect the contents.

Test Cases after converting the RMS Templates as Classic Labels:

User2 who is using Office 365 Pro Plus with AIP Classic Client status showing as connected to AIP Service.

If a User tries to protect an email, the same templates converted as Classic Labels still showing as Templates and No labels are showing in Office application because the Labels are not published.

User2 sending an email from Outlook by applying the View Only Template and attaching a PDF file.

User1 is able to view the protected email from User2. Only the email protected and PDF attached is not inheriting the protection capabilities applied to email. If the attachment is any Office document, then those contents will inherit the permission.

User1 is able to see the protected emails from User2 in OWA as well. PDF attachment size not changed which confirm the PDF not protected.

Now, User2 is sending an email to User1 from OWA with the PDF attachment and applying the SHC view only permission.

User1 can open the protected emails and the attached size varies. When a PDF attached from OWA it inherits the permission from protection Template applied to email.

User1 can see the Protected email and Protected PDF in OWA.

If User1 tries to open the pdf attached to the email, it is prompting the user to valid the credential which is an excepted behavior.

If we see the emails, which are protected before the classic label conversion, those are working normal and no issues with it.

It is same behavior in OWA as well.

If we see the other Office application like word or excel, the classic client showing as connected to AIP service.

Since the AIP label policies are not pushed, only the Templates are available for protecting the documents.

On the next part of the article, we will see the Unified Label activation and migrating the Azure Information Protection Classic Label migration to Sensitive Label and publishing them as Unified Label.

Leave a Reply