RM Logo
Technical Rating: 
Support Home PageSupport
Print This PagePrint This Page
Add to 'My Library' Add to 'My Library'

How to install the Azure Information Protection unified labeling client for users
Published Date : 08 Feb 2018   Last Updated : 14 Sep 2022   Content Ref: TEC6097467  


This article explains how to install the Azure Information Protection unified labeling client for users.


Note: The procedure in this article is relevant if you have purchased or implemented the Microsoft® Purview Data Compliance Configuration Service from RM (22Z-168 - INS MS Purview Data Compliance Config.(Remote) Service).

  • Ensure your clients are Windows 10 or above.
  • Ensure your clients have Office Professional Plus 2016 or above installed.
  • If you have a web proxy that requires authentication, configure it to use integrated Windows authentication with the user's Active Directory logon credentials.
  • Allow HTTPS traffic on TCP port 443 to *.informationprotection.azure.com and informationprotection.hosting.portal.azure.net.
  • If you have a firewall or similar intervening network device that is configured to allow specific connections, configure it to allow access to the endpoints listed in the Azure Rights Management (RMS) section of the Microsoft 365 article.

For more detailed information on the requirements for Microsoft Purview Information Protection, please refer to the Microsoft article.


  1. The Azure Information Protection unified labeling client can be installed using an executable (AzInfoProtection_UL.exe) or an MSI (AzInfoProtection_UL.msi). Download your preferred installation file from here.
  2. Click here to review additional prerequisites that may be required prior to installing the Azure Information Protection unified labeling client.
  3. Refer to the relevant link below for instructions on how to install using your preferred installation method.
    Important: We strongly recommend that the Azure Information Protection unified labeling client is installed only on the computers used by the staff accounts that need to use the protection features.

If you are using a CC4 network and wish to import and create a package for Azure Information Protection unified labeling client, please refer to DWN3152898 in the Other Useful Articles section below (DWN3152898 will only be visible to logged in network support contract holders).
The MSI can also be used with other central deployment mechanisms like SCCM, Group Policy.

  1. Reboot the computers after installation is completed.


  1. Sign in to your Microsoft 365 tenancy as a global administrator user.
  2. From Admin Center, click Groups.
  3. Select the Azure Rights Management Group and add a staff user account as a member.
  4. Sign out of your Microsoft 365 tenancy.
  5. Log on to the computer as the staff user you selected in step 3 above.
  6. Open a Microsoft Office application (Word, Excel or PowerPoint).
  7. Click File, Account and confirm you are signed in as the staff user in step 3 above.
  8. Click Info, Protect Document, Restrict Access, 'Connect to Rights Management Servers and get templates'.
  9. Return to the document.
  10. Confirm that the user sees an information bar prompting to sign in to the Azure Information Protection service, as shown in the image below.
Click to view a larger image
  Image showing the Azure Information Protection service prompt

  1. Click the 'Sign in' button and enter the staff user's Microsoft 365 user credentials.
    Note: If your Microsoft 365 domain is federated to RM Unify the user may get re-directed to the RM Unify page to complete the sign in.
  2. In the Office application, confirm the information bar displays Sensitivity as 'Not set' and the seven custom labels are visible, e.g., Confidential - Staff, Sensitive - HR, etc. as shown in the image below.
    Note: If you cannot see the custom labels, your app window may not be large enough to accommodate them. In that case, click the Edit icon next to 'Not set' (the pencil icon) to open a new window to display the labels.
Click to view a larger image
  Image showing the information bar

  1. Click the 'Confidential - Internal Only' label.
  2. Confirm a 'This is a confidential internal document' header has been added to the document and no error appears.
  3. On the same computer, open Microsoft Outlook and create a new email.
  4. Confirm you can see the same seven custom labels as you did in Word.
  5. Click the custom 'Highly Confidential - All Staff' label and send the email to a recipient account external to Microsoft 365, e.g., a Gmail or Yahoo account.
  6. Confirm the external recipient receives the email with the message, as shown in the image below: '<user> has sent you a protected message'.
Image showing the message
  Image showing the message

  1. Ask the external recipient to click 'Read the message' and confirm they can view the message content following the instructions provided on screen.

More Information

For information on the file types supported by Azure Information Protection unified labeling client, please refer to:

For information on the Office apps (Office 2019, 2016), please refer to:

Did the information in this article help answer your question?
Please add any comments about this article in the box below. If you answered No then it is important you tell us why so that we can change the article if required. We can only respond if you log in to the RM Support website or provide your contact details. Note: If you need help with a technical query, please log a call online or telephone our support team.
Thank you for your feedback, which is sent directly to the RM Knowledge team. We address every message received with the intention of improving our Knowledge Library articles. If you have an unresolved technical issue, please contact RM Support.

If this article has not helped provide a solution then it is also possible to log a call...

Document Keywords: azure, information protection, azure client, install client, aip, purview, TEC6097467

Please read - important disclaimer information.
http://www.rm.com/_RMVirtual/Includes/csredirect.asp?cref=&title=Standard Content Disclaimer

Top Of PageTop of page