Azure Information Protection is a solution kit to tag, give permissions and encrypt content. That is why when the deployment of the solution is in a pilot phase should be managed in the right way.
In order to manage the deployment of AIP in the correct way, we advise you to do it with an onboarding policy, this means that you can only use the software to tag, give permissions and encrypt the users that we choose.
Currently, different methods are available:
Allow the use of the tool to users who are members of a certain group, for this it will be necessary to execute the following powershell command:
Set-AadrmOnboardingControlPolicy -UseRmsUserLicense $ False -SecurityGroupObjectId “fba99fed-32a0-44e0-b032-37b419009501” -Scope All
As an alternative you can configure the use of the tool for those users who are licensed in Azure Information Protection, for this the execution of the following command is necessary:
Set-AadrmOnboardingControlPolicy -UseRmsUserLicense $ True
To confirm that the policy has been modified, it will be necessary to execute the following command:
Get-AadrmOnboardingControlPolicy
Thank you very much for reading and I hope it was of your interest