Share via

Error running Set-AIPFileLabel from Azure PowerShell function - Engine is not initialized, bootstrap might have failed

Bartski 1 Reputation point
2022-07-22T05:56:18.16+00:00

Trying to remove AIP sensitivity labels from PDF documents using PowerShell Azure Function (triggered by power automate flow passing the file content from SharePoint).
Based on this documentation: https://learn.microsoft.com/en-us/azure/information-protection/rms-client/clientv2-admin-guide-powershell

I've imported the PowerShell module manually (testing the below snippet on windows without the unified client installed works fine..)

When trying to do the same from the Azure powershell I'm getting:

Engine is not initialized, bootstrap might have failedHResult : -2146233087CategoryInfo : InvalidOperation: (:) [Set-AIPFileLabel], InvalidOperationExceptionFullyQualifiedErrorId : Microsoft.InformationProtection.Powershell.AIP.Commandlets.SetAIPFileLabelCmdLetException: Engine is not initialized, bootstrap might have failedStack:

run.ps1: 

using namespace System.Net  
  
# Input bindings are passed in via param block.  
param($Request, $TriggerMetadata)  
  
Import-Module "C:\home\site\wwwroot\Modules\Microsoft Azure Information Protection\Powershell\AzureInformationProtection\AzureInformationProtection.psd1" -UseWindowsPowerShell  
  
##Credentials##  
$TenantId = $ENV:TenantId  
$ApplicationId = $ENV:ApplicationId  
$SecretValue = $ENV:ApplicationSecret  
$DelegatedUser = $ENV:DelegatedUser  
  
Set-AIPAuthentication -AppId $ApplicationId -AppSecret $SecretValue -TenantId $TenantId -DelegatedUser $DelegatedUser  
  
Set-AIPFileLabel "C:\home\data\Temp\test.pdf" -RemoveProtection -RemoveLabel -JustificationMessage "Need it decrypted"  
  
# Associate values to output bindings by calling 'Push-OutputBinding'.  
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{  
    StatusCode = [HttpStatusCode]::OK  
    Body = "TEST"  
})
Azure Information Protection
Azure Information Protection
An Azure service that is used to control and help secure email, documents, and sensitive data that are shared outside the company.
522 questions
Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,421 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,418 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,436 Reputation points
    2022-07-26T08:03:13.457+00:00

    Hello,

    The reason being the error "Engine is not initialized" is that you need to have office account logged-in Windows which has AIP labels configured only. This will enable AIP Engine and the execution of the script. For example if you are logged in with a local user account, it will fail, but use instead a Domain Account with AIP activated or simply a free Microsoft account with AIP, and it will work.

    In my case I just created a VM and logged-in with specific office account which has AIP configured then it started working

    ---------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

  2. Rahul Dankhara 0 Reputation points
    2023-07-26T09:33:33.7933333+00:00

    I am looking to change the ownership of the encrypted document when the user leaves the organization by running the below commands from the superuser.

    Can you please help with how to run it non-interactively? I want to automate the process via SOAR solution. Or suggest if any other way.

    User's image

    0 comments