This post describes some of the issues I have had/seen with the AIP Client and Office. Usually everything works well, and you can just start using the labels, but when things go wrong, it is not alway easy to see why.
I had a problem applying labels with protection, and received a lot of «interesting» error messages when I tried the different protections. After setting up AIP with labels and protection I installed the newest AIP client, and tried to use one of the labels I had created. The ones without protection went well, but as soon as I tried to use one with protection, I got one of these.
|Azure Information Protection cannot apply this label|
|Argh .. What administrator? |
I also noticed some error messages in the eventlog. Event 101:
|Error: No matching template found.|
The error message confused me. It said no matching template found. It seemed to me like the client had problems communication with AIP, but the labels were updated, so I tried to retrieve the templates from the set permission option.
After a little while with this message:
|Retrieving templates from server ...|
I receive the following message:
|The logged in users could not be authenticated|
The logged in users could not be authenticated. Please check your credentials or try signing out and signing in again. I then tried to use the Classify and protect option in file explorer, which went well so it seemed like the problem was with Office and the client. I tried the usual troubleshooting tips like resetting the client settings:
|In the Protect option in Outlook, choose Help and Feedback|
|Select to Reset Settings|
When you select the Reset Settings option, you will be warned that this action will delete registry settings that you might need to connect to Azure Information Protection. Sounds serious, but it will be re-added when you start up Office again.
|Delete settings you might need|
|It will tell you it has reset AIP settings|
But the problem still remained.I then tried to manually remove all settings from the AIP client in registry and file explorer, but that didn't do any good either. I also removed and reinstalled the AIP client, which didn't change anything. Since Classify and protect worked, and I received the error message about the logged in user, I then tried to switch account in Office to make sure it was not related to credentials:
|In word for instance, select your name and Switch account|
But no help. I still got the same error messages when trying to use the labels. Since none of the things i tried did any good, and the problem seemed to be related to my Office client I removed Office (uninstalled everything Office related) and added it again. I refreshed the AIP Client, and voila: it worked.
I have the exact same issues with AIP in our customer's test environment. However logging out of O365 in Office (not AIP) seems to fix the problem. As soon as I log in, the problems start again though.ReplyDelete
I'm suspecting that the problems relate to the identities used. I'll open a support ticket with Microsoft.
Out of interest: Are the user's UPNs and e-mail address attributes identical in your environment or do they differ?
Glad you were able to get it working. I did not have any luck with logging out of O365 unfortunately. In my case the UPN and e-mail was identical, but as I found out there had been a UPN change earlier.Delete
In our environment we had the identical error message. For us it turned out, that we had Microsoft Office hardening in place, which misconfigured the Office IRM functionality. Make sure to check following GPO settings: https://docs.microsoft.com/en-us/archive/blogs/rmssupp/tip-o-the-day-12292006-all-you-can-eat-office-registry-keys-for-irm-and-a-bag-of-chipsReplyDelete
@phroxvs Having the same issue, working in a STIG'd environment and driving my self crazy with the GPO settings that could impact this function. The link that you have is no longer valid. Do you by chance remember the Policy that was breading IRM?Delete