Merge pull request #9672 from MicrosoftDocs/main

Auto Publish – main to live - 2025-09-09 02:00 UTC

Author: learn-build-service-prod[bot]

Microsoft365/purview/sensitivity-labels/known-issues-ip-client.md

@@ -1,7 +1,7 @@
 ---
 # required metadata
 
-title: Known issues for the information protection client
+title: Known issues for the Microsoft Purview Information Protection Client
 description: Describes known issues with the Microsoft Purview Information Protection client.
 author: cloud-writer
 ms.author: meerak
@@ -14,43 +14,43 @@ ms.service: information-protection
 
 [!INCLUDE [looking-for-mip](../includes/looking-for-mip.md)]
 
-Use the lists and tables below to find details about known issues and limitations related to Azure Information Protection features.
+Use the lists and tables below to find details about known issues and limitations related to Microsoft Purview Information Protection features.
 
 ## Other digital signing and encryption solutions
 
-Azure Information Protection can't protect or decrypt files\emails that are digitally signed or encrypted with other solutions, such as removing protection from mails that are signed or encrypted with S/MIME.
+Microsoft Purview Information Protection can't protect or decrypt files\emails that are digitally signed or encrypted with other solutions, such as removing protection from mails that are signed or encrypted with S/MIME.
 
 ## Client support for container files, such as .zip files
 
 Container files are files that include other files, with a typical example being .zip files that contain compressed files. Other examples include .rar, .7z, .msg files and PDF documents that include attachments. 
 
 You can classify and protect these container files, but the classification and protection isn't applied to each file inside the container.
 
-If you have a container file that includes classified and protected files, you must first extract the files to change their classification or protection settings. However, you can remove the protection for all files in supported container files by using the [Set-AIPFileLabel](/powershell/module/purviewinformationprotection/set-filelabel) cmdlet. 
+If you have a container file that includes classified and protected files, you must first extract the files to change their classification or protection settings. However, you can remove the protection for all files in supported container files by using the [Set-FileLabel](/powershell/module/purviewinformationprotection/set-filelabel) cmdlet. 
 
 Encryption for .msg files is supported in the [MIP SDK](/information-protection/develop/concept-email) only.
 
-The Azure Information Protection viewer can't open attachments in a protected PDF document. In this scenario, when the document is opened in the viewer, the attachments aren't visible.
+The Microsoft Purview Information Protection viewer can't open attachments in a protected PDF document. In this scenario, when the document is opened in the viewer, the attachments aren't visible.
 
-For more information, see [Admin Guide: File types supported by the Azure Information Protection client](/previous-versions/azure/information-protection/rms-client/client-admin-guide-file-types).
+For more information, see [Admin Guide: File types supported by the Microsoft Purview Information Protection client](/previous-versions/azure/information-protection/rms-client/client-admin-guide-file-types).
 
 ## Known issues for watermarks
 
 When you're adding a watermark to a label, keep in mind that if you use font size one, it automatically adjusts to fit the page. However, if you use any other font size, it uses the size you specified in the font settings.
 
-## PowerShell support for the Azure Information Protection client
+## PowerShell support for the Microsoft Purview Information Protection client
 
-The current release of the **AzureInformationProtection** PowerShell module that's installed with the Azure Information Protection client has the following known issues:
+The current release of the **Microsoft Purview Information Protection** PowerShell module that's installed with the Microsoft Purview Information Protection client has the following known issues:
 
-- **Outlook personal folders (*.pst* files)**. Natively protecting *.pst* files isn't supported using the **AzureInformationProtection** module.
+- **Outlook personal folders (*.pst* files)**. Natively protecting *.pst* files isn't supported using the **Microsoft Purview Information Protection** module.
 
-- **Outlook protected email message (.msg files with a .rpmsg attachment)**. Unprotecting Outlook protected email messages is supported by the **AzureInformationProtection** module for messages inside an Outlook personal folder (.pst file), or on disk in an Outlook message file (.msg file).
+- **Outlook protected email message (.msg files with a .rpmsg attachment)**. Unprotecting Outlook protected email messages is supported by the **Microsoft Purview Information Protection** module for messages inside an Outlook personal folder (.pst file), or on disk in an Outlook message file (.msg file).
 
--  **PowerShell 7**. Currently PowerShell 7 isn't supported by the AIP Client. Using PS7 results in the error: "Object reference not set to an instance of an object."
+-  **PowerShell 7**. Currently PowerShell 7 isn't supported by the Microsoft Purview Information Protection Client. Using PS7 results in the error: "Object reference not set to an instance of an object."
 
-For more information, see [Admin Guide: Using PowerShell with the Azure Information Protection client](/previous-versions/azure/information-protection/rms-client/client-admin-guide-powershell).
+For more information, see [Admin Guide: Using PowerShell with the Microsoft Purview Information Protection client](/previous-versions/azure/information-protection/rms-client/client-admin-guide-powershell).
 
-## Known issues AIP Scanner
+## Known issues Microsoft Purview Information Protection Scanner
 
 - Scanning of .msg files with signed PDF files is currently not supported.
 
@@ -62,7 +62,7 @@ For more information, see [Admin Guide: Using PowerShell with the Azure Informat
 
 Known issues for coauthoring are relevant only when coauthoring is [enabled in your tenant](/microsoft-365/compliance/sensitivity-labels-coauthoring).
 
-Known issues for coauthoring in AIP include:
+Known issues for coauthoring in Microsoft Purview Information Protection include:
 
 - [Supported versions for coauthoring and sensitivity labels](#supported-versions-for-coauthoring-and-sensitivity-labels)
 
@@ -82,15 +82,15 @@ All apps, services, and operation tools in your tenant must support coauthoring.
 
 Before you start, make sure that your system complies with the version requirements listed in the [Microsoft 365 prerequisites for coauthoring](/microsoft-365/compliance/sensitivity-labels-coauthoring#prerequisites). 
 
-We recommend that you always use the latest Office version available. Earlier versions might cause unexpected results, such as not being able to see labels in Azure Information Protection, or no policy enforcement.
+We recommend that you always use the latest Office version available. Earlier versions might cause unexpected results, such as not being able to see labels in Microsoft Purview Information Protection, or no policy enforcement.
 
 > [!NOTE]
 > While sensitivity labels can be applied on files in Office 97-2003 formats, such as  **.doc**, **.ppt**, and **.xls**, coauthoring for these file types isn't supported. Once a label is applied on a newly-created file, or a file in the advanced file format, such as **.docx**, **.pptx**, and **.xlsx**, saving the file in an Office 97-2003 format will cause the label to be removed.
 >
 
 #### Policy updates
 
-If your labeling policy was updated while an Office application was opened with Azure Information Protection, any new labels are displayed, but applying them results in an error.
+If your labeling policy was updated while an Office application was opened with Microsoft Purview Information Protection, any new labels are displayed, but applying them results in an error.
 
 If this occurs, close and reopen your Office application to be able to apply your labels.
 
@@ -122,16 +122,16 @@ Depending on your application, you might see this prompt repeatedly for the same
 ## Known issues in policies
 
 Publishing policies might take up to 24 hours.
-## Known issues for the AIP viewer
+## Known issues for the Microsoft Purview Information Protection viewer
 
-- [External users](#external-users-and-the-aip-viewer)
+- [External users](#external-users-and-the-microsoft-purview-information-protection-viewer)
 - [ADRMS protected files on Android devices](#adrms-protected-files-on-android-devices)
 
-For more information, see [**Unified labeling client**: View protected files with the Azure Information Protection viewer](https://support.microsoft.com/topic/9fb56fae-7989-48b0-850f-f446e057cf73).
+For more information, see [**Unified labeling client**: View protected files with the Microsoft Purview Information Protection viewer](https://support.microsoft.com/topic/9fb56fae-7989-48b0-850f-f446e057cf73).
 
-### External users and the AIP viewer 
+### External users and the Microsoft Purview Information Protection viewer 
 
-If an external user already has a guest account in Microsoft Entra ID, the AIP Viewer might display an error when the user opens a protected document, telling them that they can't sign in with a personal account.
+If an external user already has a guest account in Microsoft Entra ID, the Microsoft Purview Information Protection Viewer might display an error when the user opens a protected document, telling them that they can't sign in with a personal account.
 
 If such an error appears, the user must install [Adobe Acrobat DC with the MIP extension](https://helpx.adobe.com/il_en/acrobat/kb/mip-plugin-download.html) in order to open the protected document.
 
@@ -140,12 +140,12 @@ When a user opens the protected document after installing Adobe Acrobat DC with
 This is an expected error. In the prompt window, select **Back** to continue opening the protected document.
 
 >[!NOTE]
-> The AIP Viewer supports guest *organizational* accounts in Microsoft Entra ID, but not personal or Windows Live accounts.
+> The Microsoft Purview Information Protection Viewer supports guest *organizational* accounts in Microsoft Entra ID, but not personal or Windows Live accounts.
 >
 
 ### ADRMS protected files on Android devices
 
-On Android devices, ADRMS-protected files can't be opened by the AIP Viewer app.
+On Android devices, ADRMS-protected files can't be opened by the Microsoft Purview Information Protection Viewer app.
 
 ## Known issues for track and revoke features
 
@@ -170,34 +170,34 @@ Password-protected documents aren't supported by track and revoke features.
 
     If administrators have access to the downloaded files, they can use PowerShell to identify a document's **ContentID** for track and revoke actions.
 
-### Known issues for the AIP client and OneDrive
+### Known issues for the Microsoft Purview Information Protection client and OneDrive
 
 If you have documents stored in OneDrive with a sensitivity label applied, and an administrator changes the label in the labeling policy to add protection, the newly applied protection isn't automatically applied to the labeled document. 
 
 In such cases, relabel the document manually to apply the protection as needed.
 
-## AIP-based Conditional Access policies
+## Microsoft Purview Information Protection-based Conditional Access policies
 
 External users who receive content protected by [Conditional Access policies](/azure/active-directory/conditional-access/concept-conditional-access-policy-common) must have a Microsoft Entra business-to-business (B2B) collaboration guest user account in order to view the content.
 
 While you can invite external users to activate a guest user account, allowing them to authenticate and pass the conditional access requirements, it might be difficult to ensure that this occurs for all external users required.
 
-We recommend enabling AIP-based conditional access policies for your internal users only.
+We recommend enabling Microsoft Purview Information Protection-based conditional access policies for your internal users only.
 
-**Enable conditional access policies for AIP for internal users only**:
+**Enable conditional access policies for Microsoft Purview Information Protection for internal users only**:
 
 1.    In the Azure portal, navigate to the **Conditional Access** blade, and select the conditional access policy you wish to modify.
 2.    Under **Assignments**, select **Users and groups**, and then select **All users**. Make sure that the **All guest and external users** option is *not* selected.
 3.    Save your changes.
 
-You can also entirely disable/exclude CA within Azure Information Protection if the functionality isn't required for your organization, in order to avoid this potential issue.
+You can also entirely disable/exclude CA within Microsoft Purview Information Protection if the functionality isn't required for your organization, in order to avoid this potential issue.
 
 For more information, see the [Conditional Access documentation](/azure/active-directory/conditional-access/concept-conditional-access-users-groups).
 
 ## Can't publish or use labels with sub-labels as standalone labels
 
-If a label contains any sub-labels in the [Microsoft Purview compliance portal](/microsoft-365/compliance/sensitivity-labels#sensitivity-labels-and-azure-information-protection), this label must not be published as a standalone label to any AIP users. 
+If a label contains any sub-labels in the [Microsoft Purview compliance portal](/microsoft-365/compliance/sensitivity-labels#sensitivity-labels-and-azure-information-protection), this label must not be published as a standalone label to any Microsoft Purview Information Protection users. 
 
-Similarly, AIP doesn't support labels that contain sub-labels as default labels, and you can't configure automatic labeling for these labels.
+Similarly, Microsoft Purview Information Protection doesn't support labels that contain sub-labels as default labels, and you can't configure automatic labeling for these labels.
 
 Additionally, using a label with UDP (User Defined Permissions) as a default label isn't supported in the Unified Labeling Client. 

Office/Client/forms/resolve-file-upload-errors-microsoft-forms.md

@@ -94,7 +94,7 @@ To fix this error for a group form, sign in to the Microsoft 365 group's SharePo
     `https://<tenant-name>.sharepoint.com/sites/<group-name>`
 
     > [!NOTE]
-    > If information barriers are enabled in your SharePoint site, company-wide link sharing is disabled if the [mode](/purview/information-barriers-sharepoint#sharing-sites-for-ib-modes) is set to **Owner Moderated**, **Implicit**, or **Explicit**. In this case, change the information barriers mode to **Open**. To check the information barriers mode of your site, run the `Get-SPOSite <Group SharePoint site URL> | Select InformationBarriersMode` PowerShell command.
+    > If information barriers are enabled in your SharePoint or OneDrive site, company-wide link sharing is disabled if the [mode](/purview/information-barriers-sharepoint#sharing-sites-for-ib-modes) is set to **Owner Moderated**, **Mixed**, **Implicit**, or **Explicit**. In this case, change the information barriers mode to **Open**. To check the information barriers mode of your site, run the `Get-SPOSite <Group SharePoint site or OneDrive URL> | Select InformationBarriersMode` PowerShell command.
 1. Check whether site members can share files and folders. If they can't, follow these steps to update the sharing permission:
 
     1. Sign in to the group's SharePoint site as a site owner.

support/windows-server/toc.yml

@@ -2730,6 +2730,8 @@ items:
       href: ./virtualization/hyper-v-virtual-machine-backup-checkpoint-storage.md
   - name: Configuration of virtual machine settings
     items:
+    - name: Can't access Hyper-V virtual machines via VMConnect
+      href: ./virtualization/cannot-access-hyper-v-virtual-machine-connect.md
     - name: Copy and paste don't work when you connect to Hyper-V virtual machine
       href: ./virtualization/copy-paste-not-work-hyper-v-vm-vmconnect-enhanced-session-mode.md
     - name: Hyper-V limits the maximum number of processors
@@ -2778,6 +2780,8 @@ items:
       href: ./virtualization/upgrade-computers-hyper-v-role.md
     - name: Windows Server 2019 Hyper-V host minroot behavior
       href: ./virtualization/windows-server-hyper-v-host-minroot-behaviors.md
+    - name: YubiKey USB device doesn't appear in a Hyper-V virtual machine
+      href: ./virtualization/usb-device-hyper-v-virtual-machine.md
   - name: Integration components
     items:
     - name: Degraded integration services message for non-Windows guests

support/windows-server/virtualization/cannot-access-hyper-v-virtual-machine-connect.md

@@ -0,0 +1,65 @@
+---
+title: Can't Access Hyper-V Virtual Machines Via VMConnect
+description: Addresses an issue where you can't connect to Hyper-V virtual machines (VMs) through VMConnect after you repeatedly receive an authentication error.
+ms.date: 09/09/2025
+manager: dcscontentpm
+audience: itpro
+ms.topic: troubleshooting
+ms.reviewer: kaushika, simonw, v-lianna
+ms.custom:
+- sap:virtualization and hyper-v\configuration of virtual machine settings
+- pcy:WinComm Storage High Avail
+---
+# Can't access Hyper-V virtual machines via VMConnect
+
+This article addresses an issue where you can't connect to Hyper-V virtual machines (VMs) through Virtual Machine Connection (VMConnect) after you repeatedly receive an authentication error.
+
+> [!NOTE]
+> Before proceeding with the following procedures in this article, ensure you have administrative access to the affected server. In addition, you have a working server with the correct Transport Layer Security (TLS) cryptography registry keys to export.
+
+You repeatedly receive an authentication error message:
+
+> Local security authority cannot be contacted.
+
+You can't connect to any virtual machines, regardless of the operating system (Windows or Linux), via VMConnect.
+
+## Missing TLS cryptography registry keys
+
+The issue is caused by missing TLS cryptography registry keys required for the TLS/Secure Sockets Layer (SSL) handshake. These keys are crucial for secure communication during the authentication process. Their absence leads to a failure in the secure channel initialization process, which prevents authentication attempts from succeeding.
+
+## Restore missing TLS cryptography registry keys
+
+[!INCLUDE [Registry alert](../../includes/registry-important-alert.md)]
+
+To resolve the issue, follow these steps:
+
+1. Export TLS cryptography registry keys from a working server:
+
+   1. Open Windows Registry Editor (**regedit.exe**) on a working server, and go to the following registry path:
+
+      `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols`
+
+   2. Right-click the `Protocols` key and select **Export**.
+   3. Save the exported `.reg` file to a secure location.
+
+2. Import the registry keys to the affected server:
+
+   1. Transfer the exported `.reg` file to the affected server.
+   2. Open the Registry Editor on the affected server, and double-click the `.reg` file to import the keys. Follow the prompts to confirm the import.
+
+3. Restart the affected server to apply the changes.
+4. Connect to the Hyper-V virtual machines using VMConnect to ensure the issue is resolved.
+
+After you complete these steps, the missing TLS cryptography registry keys are restored, enabling the necessary TLS/SSL handshake and resolving the authentication error.
+
+## Other potential causes
+
+If the issue persists, further investigation might be required to confirm whether other configuration settings or system updates are impacting the VM connection process. For example, network configuration issues or outdated system components should be examined.
+
+You can verify the network and system configurations by using the following steps:
+
+1. Check the server's network connectivity to ensure there are no interruptions.
+2. Ensure all system updates and patches are applied to both the host and guest operating systems.
+3. Review event logs for other error messages that might provide insights into the issue.
+
+If further assistance is required, consider contacting Microsoft Support for advanced troubleshooting.