Microsoft Tries to Deprecate Classic Azure Information Protection Client

Classic AIP Client and Label Management in Azure Portal to Cease

On January 6, Microsoft announced the deprecation of the classic Azure Information Protection (AIP) client and management of labels through the Azure portal (Figure 1). Following the discovery of some”technical issues” (and probably some customer feedback), Microsoft withdrew the announcement, which said that support for the client and management of its labels through the Azure portal would cease on March 31, 2021.

Managing AIP labels through the Azure portal 
Microsoft  Information Protection
Figure 1: Managing AIP labels through the Azure portal

Microsoft hasn’t communicated what the issues blocking the deprecation are or when they will be resolved. A discussion in the Azure Information Protection Yammer community (available to join by anyone) said that Microsoft is “still committed to move all AIP customers as soon as possible to the new Unified Labeling client...” (Figure 2).

Microsoft discusses the removal of the deprecation post
Figure 2: Microsoft discusses the removal of the deprecation post

Unity of Focus

The focus of the Microsoft Information Protection team is on the unified labeling version of the AIP client, so-called because its labels are shared across multiple platforms. Microsoft’s public position expressed in April 2019 is that “going forward new features will be included in the Azure Information Protection unified labeling client whereas we’re not planning to add new features to the Azure Information Protection client.” They make a strong case that the unified client should be used for deployments if at all possible. Microsoft has published a list of features from the classic client which it does not intend to deliver in the unified client. If any of the missing features are critical to your deployment, you should discuss the situation with your Microsoft representative.

Given that the now-retracted announcement about the deprecation of the classic AIP client was made, we can anticipate that the deprecation will happen at some point in the near future. With this in mind, using the unified AIP client is the best route forward.

Office 365 Sensitivity Labels

In the Office 365 world, unified labels are known as sensitivity labels. Unified labels are unavailable in GCC. Office 365 tenants manage sensitivity labels through the Security and Compliance Center (or the new Microsoft 365 Security Center). The labels are published to users through label policies and can then be used to classify Office files according to their sensitivity. Recent versions of the Office click to run applications include native support for labels for Windows, Mac, and mobile, meaning that you don’t need to deploy the AIP client to use labels to protect confidential information, including the rights-management based encryption of email, Office documents, and PDF files.

Native support is in preview for Office online apps and the SharePoint Online/OneDrive for Business browser interfaces. Another preview allows sensitivity labels to apply classifications and control some aspects of Office 365 Groups, Teams, and SharePoint Online team sites. Both previews are expected to progress to general availability throughout Office 365 in a month or so.


Office 365 E3 and E5 (and equivalent) tenants do not need additional licenses to use sensitivity labels. Tenants only need to deploy the AIP client if they want to apply labels to files stored outside Office 365 or to use some of the features not included in sensitivity labels, such as the AIP scanner. This article compares the current labeling capabilities of the classic, unified, and native clients. Microsoft says that some of the features missing from the unified client will appear during 2020.

Impact on Office 365 Tenants

In most cases, tenants who use the AIP client have migrated from the classic client to the unified client over the last year, so the deprecation should not have much impact unless you use the perpetual version of the Office desktop applications (including Office 2019), as this software does not include native support for sensitivity labels. In all cases, if you use the AIP client, you need Azure Information Protection P1 or P2 licenses, depending on the level of desired functionality.

Office 365 for IT Pros keeps an eye on what’s happening with Microsoft Information Protection and Office 365 sensitivity labels in Chapter 24. It’s a compelling read, if you’re into protection.

One Reply to “Microsoft Tries to Deprecate Classic Azure Information Protection Client”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.